office of critical infrastructure protection scada security prepared for seca xvi conference...
TRANSCRIPT
Office of Critical Infrastructure Protection
SCADA Security
Prepared for
SECA XVI Conference
Brooklyn Park, MinnesotaOctober 9, 2000
Prepared by
Jeff Dagle
Pacific Northwest National LaboratoryRichland, Washington
(509) [email protected]
Office of Critical Infrastructure Protection
Outline
Context: Current Trends in Industry– Information Technology
– Implications of Restructuring
Federal Perspective– Critical Infrastructure Protection Initiative
– DOE Vulnerability Assessment Activity
SCADA Security– Trends and Implications
– Vulnerability Demonstration
– Mitigation Strategies
Office of Critical Infrastructure Protection
Information Technology TrendsInformation Technology Trends
Dependency
Ris
k
Increasing:
– enterprise dependence on IT
– connectivity and standardization
– access to information assets
– dependencies on other infrastructures
Role of the Internet
– E-Biz projected increase from $8B (‘97) to $320B (‘02)
– Utility E-Biz projection: $2B (‘97) to $10B (‘02)
Information technologies are becoming inseparable from the core business of businesses
Office of Critical Infrastructure Protection
Information Technology AnecdotesInformation Technology Anecdotes
Hacker Trends– First computer virus conceived in 1987 -- today there are 30,000
(10 more each day)– Hacker software and sophistication increasing exponentially– More than 1/2 of the 50 largest banks report significant
network attacks in ‘98– Gas/electric utility reports over 100,000 scans per month– Distributed denial of service attacks against e-commerce sites
Response– FBI computer caseload: 200 cases to 800 cases in last two years --
number of cases now agent limited – IT security gaining increased attention in auditing, insurance and
underwriting communities– $1.6 trillion forecast world wide to deal with cyber challenges.
$6.7 billion in first 5 days of response to “I Love You”
Office of Critical Infrastructure Protection
Information Age Threat SpectrumInformation Age Threat Spectrum
Info WarriorInfo Warrior
TerroristTerrorist
IndustrialIndustrialEspionageEspionage
Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage
Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage
Monetary GainThrill, Challenge, PrestigeMonetary GainThrill, Challenge, Prestige
Thrill, ChallengeThrill, Challenge
National National IntelligenceIntelligence
Institutional Institutional HackerHacker
Recreational Recreational HackerHacker
Visibility, Publicity, Chaos, Political ChangeVisibility, Publicity, Chaos, Political Change
Competitive AdvantageIntimidationCompetitive AdvantageIntimidation
Organized CrimeOrganized Crime
NationalSecurityThreats
NationalSecurityThreats
SharedThreatsSharedThreats
LocalThreatsLocal
Threats
Revenge, Retribution, Financial Gain, Institutional ChangeRevenge, Retribution, Financial Gain, Institutional Change
Information for Political, Military, Economic AdvantageInformation for Political, Military, Economic Advantage
Office of Critical Infrastructure Protection
Energy Incidents and AnecdotesEnergy Incidents and Anecdotes
DOE database reports 20,000 attacks on lines, substations, and power plants from 1987 to 1996 – many attacks continue
1997 San Francisco outage – probably an insider June 1999 Bellingham pipeline explosion accompanied by
SCADA failure Belgium & US (Mudge) hackers threaten to shut down
electric grid (Fall ‘99) Hacker controls Gazprom natural gas in Russia (Spring
2000) Potential plot to attack nuclear plant during Sydney
Olympics
Office of Critical Infrastructure Protection
Trends - RestructuringTrends - Restructuring
Industry downsizing– 20% or more reductions of staff over last five years
– Physical and IT security implications – “Doing more with less”
Mergers– Increased 4x between 1990 and 1997
– Keeping staff trained and updated
– New business & players
Open access and open architecture systems– Mandated by regulation
– Maintainability and low cost – security implications?
Office of Critical Infrastructure Protection
Outline
Context: Current Trends in Industry– Information Technology
– Implications of Restructuring
Federal Perspective– Critical Infrastructure Protection Initiative
– DOE Vulnerability Assessment Activity
SCADA Security– Trends and Implications
– Vulnerability Demonstration
– Mitigation Strategies
Office of Critical Infrastructure Protection
May 1998 - Presidential Decision Directive 63: Policy on Critical Infrastructure Protection
“Waiting for disaster is a
dangerous strategy. Now is the
time to act to protect our future.”
October 1997 - PCCIP report (Critical Foundations: Protecting America’s Infrastructures)
July 1996 - President’s Commission on Critical Infrastructure Protection (PCCIP)
“Certain national infrastructures are
so vital that their incapacitation or
destruction would have a debilitating
impact on the defense or economic
security of the United States”
National Action
SECTOR LEAD AGENCY
Dept. of Treasury
Dept. of Transportation
Dept. of Energy
Dept. of Commerce
Dept. of Justice
FEMA
FEMA
HHS
EPA
Financial Services
Transportation
Electric, Gas & Oil
Information/Comms
Law Enforcement
Continuity of Gov’t.
Fire
Emerg. Health Svcs.
Water
Policy & Program Management
National Organizational StructureProposed by Critical Infrastructure Protection PDD
Crisis Management
LegendNew Organization
EOP
OSTP(R&D)
Special Function Agencies
DOJLaw Enforcement
DoDNational Defense
CIAIntelligence
DOSForeign Affairs
National Infrastructure
Protection Center
Information Sharing and
Analysis Center
Private Sector
President
Critical Infrastructure Coordinating Group
National Security Advisor
National Coordinator
National Infrastructure Assurance Council
DoD/DOC
Critical Infrastructure Assurance Office
Office of Critical Infrastructure Protection
The Department of Energy’s Infrastructure Assurance Outreach Program (IAOP)
The Department of Energy’s Infrastructure Assurance Outreach Program (IAOP)
Oil
Energy Infrastructures
Electric power
Natural Gas
Utilize DOE expertise to assist in enhancing energy infrastructure security.
Awareness - vulnerabilities & risks
Assistance - assessment to identify and correct vulnerabilities
Partnership- teaming with industry to collectively advance critical infrastructure protection
Voluntary participation conducted under strict terms of confidentiality
Office of Critical Infrastructure Protection
IAOP ScopeIAOP Scope
IAOP Assessments:– Electric power infrastructure (started in FY 1998)
• Primarily cyber, includes physical security and risk management
• Approximately 10 electric utilities received voluntary assessments
– Natural gas (started in FY 2000) • Physical and cyber
– Expertise from multiple national laboratories and other Federal agencies
– Assessment, not audit
IAOP Outreach– Conferences, meetings, information sharing– Support industry groups (NERC, NPC, EPRI, …)– Engagement with other Federal agencies (FBI, NSA, NRC ...)
Office of Critical Infrastructure Protection
Project OutlineProject Outline
Task I - Project Planning & Pre-Assessment Project Planning and Scoping Pre-Assessment -- Critical asset definition
Task II - Assessment Threat Environment Network Architecture Network Penetration Physical Security, Operations Security Administrative Policies, Procedures Energy System Influence Risk Analysis
Optional Task III - Methodology & Prudent Practices Methodology Handbook Prudent Practices Awareness (Closed forums and workshops)
Office of Critical Infrastructure Protection
Risk ManagementSpectrum of ActionRisk Management
Spectrum of Action
Armored Resilient
Office of Critical Infrastructure Protection
Outline
Context: Current Trends in Industry– Information Technology
– Implications of Restructuring
Federal Perspective– Critical Infrastructure Protection Initiative
– DOE Vulnerability Assessment Activity
SCADA Security– Trends and Implications
– Vulnerability Demonstration
– Mitigation Strategies
Office of Critical Infrastructure Protection
SCADA TrendsSCADA Trends
Open protocols– Open industry standard protocols are replacing vendor-specific
proprietary communication protocols
Interconnected to other systems– Connections to business and administrative networks to obtain
productivity improvements and mandated open access information sharing
Reliance on public information systems– Increasing use of public telecommunication systems and the
internet for portions of the control system
Office of Critical Infrastructure Protection
SCADA ConcernsSCADA Concerns
Integrity– Assuring valid data and control functions– Most important due to impact
Availability– Continuity of operations– Historically addressed with redundancy
Confidentiality– Protection from unauthorized access– Important for market value, not reliability
Office of Critical Infrastructure Protection
SCADA Vulnerability DemonstrationSCADA Vulnerability Demonstration
Field Device(RTU, IED or PLC)
OperatorInterface
RTU Test Set(Intruder)
Office of Critical Infrastructure Protection
Operator InterfaceOperator Interface
Simulated display of electrical substation
Circuit breaker status information read from field device
Office of Critical Infrastructure Protection
SCADA Message StringsSCADA Message Strings
Captured byRTU test set
Repeating easilydecipherable format
Office of Critical Infrastructure Protection
Attack ScenariosAttack Scenarios
Denial of service– Block operator’s ability to observe and/or respond to changing
system conditions
Operator spoofing– Trick operator into taking imprudent action based on spurious or
false signals
Direct manipulation of field devices– Send unauthorized control actions to field device(s)
Combinations of above
Office of Critical Infrastructure Protection
Mitigation StrategiesMitigation Strategies
Security through obscurity– Poor defense against “structured adversary”
Isolated network
Communication encryption– Concerns over latency, reliability, interoperability– Vendors waiting for customer demand
Signal authentication– May provide good defense without the concerns associated with
full signal encryption
Office of Critical Infrastructure Protection
Value PropositionValue Proposition
Expectations
The government and industry will collaboratively develop technologies consistent with shared infrastructure assurance objectives
Public sector funding necessary to initiate development of new technologies
Industry Proactive in protecting
customers stockholder interests Insights into vulnerability and
risk assessment techniques Due diligence
Government Proactive in protecting public
interests and national security Insights into industry risk
management perspectives Facilitate long-term research and
development, best practices