IFIP Session5 Christiansson-Luiijf 0307

8/8/2019 IFIP Session5 Christiansson-Luiijf 0307

1/16

Eric Luiijf, Principal Consultant

Reflections on a European

SCADA Security Test Bed


2/16

March 20, 2007Reflections on a European SCADA Security Test Bed2

Authors

Swedish Defence Research Agency (FOI)

Henrik Christiansson PhD

Netherlands Organisation for Applied Scientific Research TNO

Eric Luiijf MSc


3/16


4/16


SCADA

SCADA = Supervisory Control and Data Acquisition automatics, electronics, pneumatics, and ICT to

monitor (supervisory)

control of processes, and data acquisition

SCADA general term - comprises Process Control Systems (PCS) Distributed Control Systems (DCS) Energy Management Systems (EMS) local processors

Programmable Logic Controller (PLC)

Remote Terminal Units (RTU), .


5/16


SCADA application areas

Critical infrastructures

energy (power, gas, oil)

water (drinking water, sewage, water levels) transport (trains, metro, automated loading, ..)

Other chemical industry

industrial processes

many small installations

e.g., automatic milking and feeding


6/16


Examples of differences with business ICT

Reliability

limited # prime time hours

occasional failures allowed

beta test in the field

Risk impact

integrity, privacy, confidentiality

Risk management

safety is non-issue

red-button reset culture

Information

delay & jitter may be accepted

Reliability

24*7 operations

disruptions intolerable

Q/A required before fielding

Risk impact

loss of life, production, equipment,

(critical) service delivery

Risk Management

hazard analysis required

fault tolerance by design

Information

long delay is concern

Business ICT SCADA


7/16


The SCADA threat scene

SCADA operators

not prepared for information security in SCADA

manual operation of critical processes infeasible (no fall-back) business drivers require externalconnections

SCADA suppliers

functionality has priority over information security SCADA becomes open (protocols; COTS)

Motivation for interested attackers

through SCADA, a large kinetic, economic, ecological, and

psychological impact is possible


8/16


Some SCADA risk issues

Critical infrastructure owners unaware of SCADA risk

automation background neglects information security

information security & EDP audit neglect pumps and valves

SCADA information security lags 8 - 15 years behind

protocols developed for non-hostile environment

no up-to-standards security solutions if protected, only a boundary focus

But: SCADA environment becomes more integrated and hostile


9/16


Incidents?

Almost all public incidents occurred in the USA and Australia????

European incidents under the carpet

not in the press

but, ..

incidents with potentially high consequences happened

?


10/16


General reasons for SCADA test beds

Interference with life-systems is risky, therefore a closed SCADA

environment required for

systematic vulnerability analysis active penetration testing

testing common ICT-security measures

testing fixes for security problems (patch validation)

Developing hands-on SCADA risk analysis expertise

Developing standards and best-practices

Developing new, more secure architectures


11/16


Specific reasons for a European SCADA test facility

Currently only some small scale test benches in Europe

Architectural differences of critical infrastructures in Europe vs. US

more distributed national manufacturers diversified technologies and applications different standards

Distributed and encompassing different technologies fine grain PLC testing to large-scale grid operation validation allow connection of existing test benches different national interests on what to test

Constitute a European validation and second opinion to the resultsemanating from the USA


12/16


Potential problems for a European SCADA test bed

A very different political and economical environment

national security issues emanating from different nations have

to be handled at one site

probably less pronounced at for instance the US test beds

since it works in the boundaries of one nation

Financing and strategic operation will be quite difficult for these

reasons


13/16


The vision: distributed SCADA test bed

International

test bed

Existing SCADA test benches

SCADAtest bed


14/16


Distributed European SCADA test bed

Patch validationCERTs, operators, and manufacturers

Stress testing

Specific

vulnerabilitytesting

Validation of

IA solutions

Newtechnologies

Newarchitectures

New tools

academics; R&D

Interoperability testingoperators

Testing new applicationsmanufacturers

SECURESCADA

test facility

long-haulcommunication

testing

Good Practices

Reach-outrisk analysis

Red-teaming

Systematicvulnerability

analysis

academics; R&D

Specific testbenches (e.g. PLC)


15/16


Conclusions

SCADA security issues require international efforts

systematic approaches

validation of security solutions before going life

A distributed European SCADA security facility is required

Many stakeholders and multi-national security is a major challenge

controlled dissemination of information

Side benefits of a test bed

good practices, red team, expert risk assessment


16/16


Questions?

[email protected]

IFIP Session5 Christiansson-Luiijf 0307

Documents

Transcript of IFIP Session5 Christiansson-Luiijf 0307