SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists...
-
Upload
marilyn-carr -
Category
Documents
-
view
215 -
download
2
Transcript of SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists...
![Page 1: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/1.jpg)
SUBSTATION SECURITY
WHY FIREWALLS DON’T WORK!
©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved
Presented by:
![Page 2: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/2.jpg)
What are the issues?
• What is the purpose of the substation?
• What functions need to be protected and How?
• What are the issues in protecting substations?
![Page 3: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/3.jpg)
Functions of Substation
Substation
Protect EquipmentEnable Power Distribution
Control Center
Enable Control Center CommunicationsEnable Revenue Metering
Enable Power Quality Information
![Page 4: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/4.jpg)
Protect Equipment - Physical Security
![Page 5: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/5.jpg)
Vulnerable to Physical Destruction/Terrorism
• Gates typically locked but not monitored
• Control Cabinets Locked but not monitored
• Substation and Power Diagrams typically in control house or panels
![Page 6: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/6.jpg)
Control Center Communications
• Typically Use– Radio– Dial-up– Lease Line– WAN
![Page 7: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/7.jpg)
Radio: 5 minutes and $1500
• MAS/Licensed frequencies available on www.fcc.gov!
• Microwave
• Spread Spectrum
Listed in order of progressing communication security
![Page 8: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/8.jpg)
Dial-up
• Telco Switches are susceptable
• Non-publication of phone number is no protection.
• Implementation in called device typically doesn’t have time-out, call-back, nor challenge.
![Page 9: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/9.jpg)
WAN
Typical IS/IT would use Firewall to Protect?
Most People think WAN::=
![Page 10: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/10.jpg)
Firewalls - The way they work
984
E
C
NO EXTERNAL COMMUNICATIONS - IT’S SAFE
![Page 11: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/11.jpg)
Firewalls - The way they work
984
EC
OPEN HOLE IN WALL
CONTROL CENTER COMMUNICATION: EXPOSURE
ESTABLISH COMM LINK
![Page 12: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/12.jpg)
Firewalls - The way they work
984
EC
TCP/IP Port (e.g. 20/21 for FTP)
WELL KNOWN PORTSMEAN HIGHER RISK
![Page 13: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/13.jpg)
Firewalls - The way they work
984
EC
TCP/IP Port (e.g. 20/21 for FTP)
FIREWALLS TYPICALLYCONTROLL WHO CANCONNECT IN/OUT PER PORT
PROTOCOL IS PER PORT
![Page 14: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/14.jpg)
FUNCTIONS OF FIREWALL
RULES
ADDRESS TRANSLATION/PROXY
LAN INTERFACE
EX
TE
RN
AL
WA
N IN
TE
RFA
CE
WHICH PORT
CONNECTION RULESTO WHOMFROM WHOM
![Page 15: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/15.jpg)
CONNECTION RULES DETERMINE
• WHO CAN CONNECT AND TO WHOM– NO RULES: ONLY PORT RESTRICITON– SOURCE ROUTING– USER ID/PASSWORD– CHALLENGE– TOKEN– DIGITAL CERTIFICATE
![Page 16: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/16.jpg)
SO WHAT’S WRONG?
WAN
984
EC
984
EC
Control Center
![Page 17: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/17.jpg)
SO WHAT’S WRONG?984
EC
Control Center
EAVESDROPPINGCC->SUB (userid,
password,certificate)
HACKER->SUB (userid,password,
certificate)
SPOOF, MASQUERADE
![Page 18: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/18.jpg)
Its OK, Nobody knows our protocol!
0 10 20 30 40
ASCII
TCP/IP
DNP 3.0
UCA
OTHER
NOT A TRUE STATEMENT ONLY 29% of Protocolsin use are not publicly available!
![Page 19: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/19.jpg)
EVEN MORE FUEL
• ONLY 65% of Substation Devices have Passwords enabled.
• Few Firewalls restrict services running over a given port.– E.G. GET/SET
![Page 20: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/20.jpg)
Multiple Passwords a problem
The Greyhound Story
NO SECURITY: NO USER PAIN
SINGLE PASSWORD: EASY TO REMEMBER
MULTIPLE PASSWORDS: HARD TO REMEMBER
![Page 21: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/21.jpg)
UTILITY CONCERNS
0 10 20 30 40
RepudiationInformation Leakage
EavesdroppingReplay
MasqueradeSpoof
Intercept/AlterDenial of Service
Indescretion of PersonnelIntegrity Violation
Illegitmate UseAuthorization Violation
Bypassing Controls
![Page 22: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/22.jpg)
POWER QUALITY
Substation
Control Center
EAVESDROPPING AND INTERCEPT/ALTER MAY HAVE
LARGE FINANCIAL CONSEQUENCES IN THE NEAR FUTURE!
![Page 23: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/23.jpg)
FIREWALL SHOULD PROVIDE
• STRONG AUTHENTICATION
• NEGOTIABLE ENCRYPTION
• SECURE MANAGEMENT
• ATTACK DETECTION ANNUNCIATION
![Page 24: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/24.jpg)
WHY AREN’T FIREWALLS ENOUGH?
• Security is only as good as the weakest link in the system.– Security in the Control Center– Management Support and Policy– Crisis Team– Management
![Page 25: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/25.jpg)
WHY AREN’T FIREWALLS ENOUGH?
• Service (e.g. GET/SET) must be enabled/disabled in devices.– Vendors see no value in strong security!
Only 3 of 1000 vendors returned surveys
– Utilities want strong security! 12% of contacted utilities responded!Protocols and Implementation have LARGE impact
after FIREWALL
![Page 26: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/26.jpg)
Vendors Must Participate
But Why?
![Page 27: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/27.jpg)
Let's analyze anew protocol!
Proprietary over TCP/IP
Where Vendors go Wrong: Just an Example!
(no names to protect the guilty parties!)
![Page 28: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/28.jpg)
General Implementation
Proprietary Protocol
TCP
IP
Ethernet
Non-session oriented
![Page 29: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/29.jpg)
Denial of Service
Proprietary Protocol
TCP
IP
Ethernet
"Ping of Death"(known to kill without patches:
Solaris,AOS,Windows95,Linux,.....)
Ping of Death information:http://www.sophist.demon.co.uk/ping/
![Page 30: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/30.jpg)
Denial of Service
Proprietary Protocol
TCP
IP
Ethernet
"Ping of Death"(known to kill without patches:
Solaris,AOS,Windows95,Linux,.....)
Port connection exhaustion
![Page 31: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/31.jpg)
Denial of Service
Proprietary Protocol
TCP
IP
Ethernet
"Ping of Death"(known to kill without patches:
Solaris,AOS,Windows95,Linux,.....)
Port connection exhaustion
Potential for bus trafficcongestion.
![Page 32: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/32.jpg)
Masquerade
Proprietary Protocol
TCP
IP
Ethernet
No USER/PASSWORDNo session timeout
![Page 33: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/33.jpg)
Information Leakage
Proprietary Protocol
TCP
IP
Ethernet
No USER/PASSWORDNo session encryption
![Page 34: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/34.jpg)
Conclusion of Protocol Design
"Any man may make a mistake; none but a fool will persist in it!"
OR
Security must be designed and protocols mustbe extended to support security features!
![Page 35: SUBSTATION SECURITY WHY FIREWALLS DON’T WORK! ©Copyright 1998, Systems Integration Specialists Company, Inc. All Rights Reserved Presented by:](https://reader035.fdocuments.in/reader035/viewer/2022062716/56649dcf5503460f94ac47a5/html5/thumbnails/35.jpg)
CONCLUSION to SECURITY• Firewalls add a degree of security
• Management Support is Critical
• Security has value and utilities need to be willing to pay.
• Vendors need to be willing to implement strong security and authentication.