Architectural Security Weaknesses in Industrial Control Systems; An Empirical Study Based on Disclosed Software Vulnerabilities
Presented March 2019 at the IEEE International Conference on Software Architecture (ICSA) in Hamburg, Germany
The Radiflow-NEC solution uses two-factor authentication and firewall rules enforced by Radiflow routers to securely limit industrial control system access during remote or on-site maintenance to specific devices and commands. NEC's physical security solutions combine with Radiflow's ruggedized routers to authenticate technicians' identities and continuously monitor their locations, only granting access to the devices and areas necessary to perform maintenance tasks. Any violations of the rules are instantly blocked and alerts are sent to the control center along with network traffic logs and video footage.
This document summarizes a research paper that proposes a design for a secure, Wi-Fi integrated electricity meter called an Impregnable Device for Secured Metering (IDSM). The IDSM consists of a sophisticated meter with additional security features compared to traditional meters. It uses Wi-Fi communication, a microcontroller, and a centralized monitoring and control unit. Random number addressing cryptography (RAC) is chosen as the most secure encryption technique. The meter in each home connects via a wireless network to a server that calculates billing amounts and sends updates to be displayed on the home meter, reducing labor while increasing transparency. The design aims to provide secure communication at high speeds with an advanced metering system and unique database backend.
Embedded Web Server based Interactive data acquisition and Control System
This document summarizes an embedded web server based interactive data acquisition and control system. The system uses an ARM9 processor running RTLinux to both acquire data from sensors and control industrial devices. It allows remote monitoring and control via a web browser. The ARM9 handles data acquisition, control functions, and an embedded web server simultaneously. Analog sensor signals are converted to digital with an ADC and stored in external memory. The web server portion allows clients to access the stored data and send control instructions via HTML pages. This embedded single-board solution provides reliable real-time data acquisition and remote control capabilities with low resource usage.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems. It describes the basic hardware and software architecture of SCADA, including distributed databases, data servers, PLCs, and control programs in the field. The document also outlines key SCADA functionality such as access control, HMI, trending, alarm handling, logging, archiving, report generation, and automation capabilities. SCADA systems are typically used in industrial processes and facilities to monitor and control equipment and processes.
A Distributed Control System (DCS) integrates multiple process controllers and PLCs to monitor and control distributed equipment remotely. There are several types of DCS including Smart DCS and SixTrak IPm. When choosing a DCS system, factors like reliability, compatibility, graphical interface, processing speed, cost and ease of use must be considered. DCS systems have advantages like robustness, flexibility and security but also disadvantages like component costs and difficulty of programming and maintenance. Major DCS manufacturers include Honeywell, ABB and Siemens. In Saudi Arabia, DCS systems are used by companies like Saudi Aramco, power plants and factories.
SCADA Systems Vulnerabilities and Blockchain Technology
SCADA systems are one of the most important part of industrial operations. Before SCADA, plant personnel had to monitor and control industrial process via selector switches, pushbuttons and dials for analog signals. As manufacturing grew and sites became more remote, relays and timers were used to assist supervision. With the onset of technology and advent of network based protocols, these systems became more reliable, fast and it became easy to troubleshoot problems. Indeed progress also brings vulnerabilities, which was no new for SCADA. The IP protocols brought threat to the security of these systems. The devastation that cyber predators on SCADA can inflict, could be illustrated by the Stuxnet virus attack. This paper discusses what SCADA systems are, their uses, protocols being used by these systems, vulnerabilities and ways to combat those vulnerabilities. It focusses on the use of Blockchain Technology as a step in security of such systems. Diksha Chhonkar | Garima Pandey "SCADA Systems: Vulnerabilities and Blockchain Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31586.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/31586/scada-systems-vulnerabilities-and-blockchain-technology/diksha-chhonkar
Industrial control systems like SCADA are critical to national infrastructure but pose security challenges. They control crucial systems like pipelines and electrical utilities. While initially proprietary, SCADA systems now use open standards and IT components, making them vulnerable to cyber attacks which could have catastrophic impacts. A defense-in-depth strategy is needed, combining network segmentation, firewalls, log collection, and host and network intrusion prevention/detection to secure these vital systems.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems. It discusses key components of SCADA including field instrumentation, remote stations, communication networks, and central monitoring stations. It also describes common SCADA configurations, modes of communication, and differences between SCADA and DCS systems. The goal is to introduce SCADA basics and provide context for those familiar and unfamiliar with these systems.
Bogdan Matache is a cyber security specialist with over 15 years of experience in IT, energy, and industrial control systems. He has penetration tested and hacked several industrial control and IoT systems, including fuel pumps, asphalt stations, cars, drones, and smart home devices. Matache now works as an auditor at EnerSec, focusing on cyber security for the energy sector. He discusses the growth of IoT and risks of attacks against availability, integrity and confidentiality in both SCADA and IoT systems. Matache also outlines common attack types, hardware, software and malware used to target these systems.
The document discusses standards for cybersecurity in the energy sector. It notes that threats are increasing as energy infrastructure becomes more connected and data-driven. The document outlines some key cybersecurity standards for the energy industry including NERC CIP, IEEE1686, and IEC 62351. It maps these standards based on their level of technical detail and completeness. The document also discusses best practices for cybersecurity including technological and operational controls and how standards relate to controls for protection, detection and response.
This document discusses cyber security concerns regarding smart grid technology integration. It outlines how increased data sharing and connectivity between new and legacy systems introduces new cyber vulnerabilities. It then summarizes existing cyber security standards from organizations like ISO, NERC, and IEC that can provide frameworks for addressing these vulnerabilities. Finally, it notes challenges integrating new technologies with legacy systems and the need for a strategic roadmap to help guide secure technology adoption.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
The document provides an overview of industrial control systems (ICS), including common components like distributed control systems (DCS), programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and human-machine interfaces (HMIs). It also discusses common industrial protocols like Modbus and vulnerabilities in ICS that have been exploited by malware like Stuxnet. The document uses diagrams and examples to illustrate how these systems work and how an attacker could potentially interact with a PLC to simulate an emergency shutdown.
The document summarizes a cyber attack on a SCADA system in Ukraine in December 2015 that caused widespread power outages. Attackers first infiltrated the system 6 months prior using a phishing email with a malicious macro. They then spent time reconnoitering the network, stealing credentials, and testing their abilities to control system components. On the day of the attack, they deployed "kill disk" malware to disable workstations and took control of HMIs to open circuit breakers and shut down power stations, cutting power to 250,000 people. They also sabotaged backup systems to prevent restoration of service and launched a social engineering campaign to overload emergency responders. The sophisticated and coordinated attack exploited numerous security weaknesses in the outdated
The Radiflow-NEC solution uses two-factor authentication and firewall rules enforced by Radiflow routers to securely limit industrial control system access during remote or on-site maintenance to specific devices and commands. NEC's physical security solutions combine with Radiflow's ruggedized routers to authenticate technicians' identities and continuously monitor their locations, only granting access to the devices and areas necessary to perform maintenance tasks. Any violations of the rules are instantly blocked and alerts are sent to the control center along with network traffic logs and video footage.
This document summarizes a research paper that proposes a design for a secure, Wi-Fi integrated electricity meter called an Impregnable Device for Secured Metering (IDSM). The IDSM consists of a sophisticated meter with additional security features compared to traditional meters. It uses Wi-Fi communication, a microcontroller, and a centralized monitoring and control unit. Random number addressing cryptography (RAC) is chosen as the most secure encryption technique. The meter in each home connects via a wireless network to a server that calculates billing amounts and sends updates to be displayed on the home meter, reducing labor while increasing transparency. The design aims to provide secure communication at high speeds with an advanced metering system and unique database backend.
Embedded Web Server based Interactive data acquisition and Control SystemIOSR Journals
This document summarizes an embedded web server based interactive data acquisition and control system. The system uses an ARM9 processor running RTLinux to both acquire data from sensors and control industrial devices. It allows remote monitoring and control via a web browser. The ARM9 handles data acquisition, control functions, and an embedded web server simultaneously. Analog sensor signals are converted to digital with an ADC and stored in external memory. The web server portion allows clients to access the stored data and send control instructions via HTML pages. This embedded single-board solution provides reliable real-time data acquisition and remote control capabilities with low resource usage.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems. It describes the basic hardware and software architecture of SCADA, including distributed databases, data servers, PLCs, and control programs in the field. The document also outlines key SCADA functionality such as access control, HMI, trending, alarm handling, logging, archiving, report generation, and automation capabilities. SCADA systems are typically used in industrial processes and facilities to monitor and control equipment and processes.
A Distributed Control System (DCS) integrates multiple process controllers and PLCs to monitor and control distributed equipment remotely. There are several types of DCS including Smart DCS and SixTrak IPm. When choosing a DCS system, factors like reliability, compatibility, graphical interface, processing speed, cost and ease of use must be considered. DCS systems have advantages like robustness, flexibility and security but also disadvantages like component costs and difficulty of programming and maintenance. Major DCS manufacturers include Honeywell, ABB and Siemens. In Saudi Arabia, DCS systems are used by companies like Saudi Aramco, power plants and factories.
SCADA Systems Vulnerabilities and Blockchain Technologyijtsrd
SCADA systems are one of the most important part of industrial operations. Before SCADA, plant personnel had to monitor and control industrial process via selector switches, pushbuttons and dials for analog signals. As manufacturing grew and sites became more remote, relays and timers were used to assist supervision. With the onset of technology and advent of network based protocols, these systems became more reliable, fast and it became easy to troubleshoot problems. Indeed progress also brings vulnerabilities, which was no new for SCADA. The IP protocols brought threat to the security of these systems. The devastation that cyber predators on SCADA can inflict, could be illustrated by the Stuxnet virus attack. This paper discusses what SCADA systems are, their uses, protocols being used by these systems, vulnerabilities and ways to combat those vulnerabilities. It focusses on the use of Blockchain Technology as a step in security of such systems. Diksha Chhonkar | Garima Pandey "SCADA Systems: Vulnerabilities and Blockchain Technology" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31586.pdf Paper Url :https://www.ijtsrd.com/computer-science/computer-security/31586/scada-systems-vulnerabilities-and-blockchain-technology/diksha-chhonkar
Industrial control systems like SCADA are critical to national infrastructure but pose security challenges. They control crucial systems like pipelines and electrical utilities. While initially proprietary, SCADA systems now use open standards and IT components, making them vulnerable to cyber attacks which could have catastrophic impacts. A defense-in-depth strategy is needed, combining network segmentation, firewalls, log collection, and host and network intrusion prevention/detection to secure these vital systems.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems. It discusses key components of SCADA including field instrumentation, remote stations, communication networks, and central monitoring stations. It also describes common SCADA configurations, modes of communication, and differences between SCADA and DCS systems. The goal is to introduce SCADA basics and provide context for those familiar and unfamiliar with these systems.
[Bucharest] From SCADA to IoT Cyber SecurityOWASP EEE
Bogdan Matache is a cyber security specialist with over 15 years of experience in IT, energy, and industrial control systems. He has penetration tested and hacked several industrial control and IoT systems, including fuel pumps, asphalt stations, cars, drones, and smart home devices. Matache now works as an auditor at EnerSec, focusing on cyber security for the energy sector. He discusses the growth of IoT and risks of attacks against availability, integrity and confidentiality in both SCADA and IoT systems. Matache also outlines common attack types, hardware, software and malware used to target these systems.
Standards based security for energy utilitiesNirmal Thaliyil
The document discusses standards for cybersecurity in the energy sector. It notes that threats are increasing as energy infrastructure becomes more connected and data-driven. The document outlines some key cybersecurity standards for the energy industry including NERC CIP, IEEE1686, and IEC 62351. It maps these standards based on their level of technical detail and completeness. The document also discusses best practices for cybersecurity including technological and operational controls and how standards relate to controls for protection, detection and response.
This document discusses cyber security concerns regarding smart grid technology integration. It outlines how increased data sharing and connectivity between new and legacy systems introduces new cyber vulnerabilities. It then summarizes existing cyber security standards from organizations like ISO, NERC, and IEC that can provide frameworks for addressing these vulnerabilities. Finally, it notes challenges integrating new technologies with legacy systems and the need for a strategic roadmap to help guide secure technology adoption.
Smart grids is an added communication capabilities and intelligence to traditional grids,smart grids are enabled by Intelligent sensors and actuators, Extended data management system,Expanded two way communication between utility operation system facilities and customers,Network security ,National integration ,Self healing and adaptive –Improve distribution and transmission system operation,Allow customers freedom to purchase power based on dynamic pricing ,Improved quality of power-less wastage ,Integration of large variety of generation options.
We have seen the more complex and critical infrastructure the more vulnerable they are. From the Year of 1994 we have seen lots of incidents where SmartGrid were Hacked the latest and booming incident was Stuxnet Worm which targeted Nuclear Power System of Iran and Worldwide.There are different types of Attacks we will see. Security needed for Smart Grid.
SCADA deep inside: protocols and security mechanismsAleksandr Timorin
The document discusses various industrial control system protocols including Modbus, DNP3, PROFINET DCP, IEC 61850-8-1, and IEC 61870-5-101/104. It describes their functions, security issues like lack of authentication and encryption, and available tools for analyzing the protocols. The speaker is a penetration tester who researches SCADA security and protocols.
This document summarizes an presentation on industrial protocols for pentesters. It discusses several common industrial protocols including Modbus, Siemens S7, PROFINET, and provides information on analyzing them such as looking for patterns in hex dumps. Example tools for scanning devices and extracting information via these protocols are also presented. The document concludes with a reminder of resources for further information on industrial control systems security.
Cyber attacks on industrial control systems pose a serious threat. Several incidents around the world have shown that critical infrastructure systems controlling functions like power grids and water treatment have been hacked, in some cases shutting down safety monitoring systems. These control systems were not designed with security in mind and connecting them to corporate networks and the internet has increased vulnerabilities. Stronger security measures are needed to protect against growing cyber threats.
This document provides an overview of power system automation and SCADA (Supervisory Control and Data Acquisition) systems. It defines SCADA and describes its typical components like HMIs, RTUs, PLCs and communication infrastructure. It also outlines applications of SCADA in power generation, distribution and transmission systems. Benefits of SCADA include increased efficiency, reliability and reduced manual labor through remote monitoring and control of power systems. The document concludes that SCADA provides a common framework for experiment control and ensures consistent operator experience across different parts of complex power systems.
Scada system architecture, types and applicationsUchi Pou
This document discusses the architecture, types, and applications of SCADA (Supervisory Control and Data Acquisition) systems. It describes the basic components of SCADA systems including human-machine interfaces, programmable logic controllers, remote terminal units, communication infrastructure, and SCADA programming. It outlines the four generations of SCADA systems from early monolithic to modern networked and internet-based systems. Finally, it provides examples of SCADA applications in manufacturing, wastewater treatment, power systems, and wireless SCADA systems.
The document discusses SCADA (Supervisory Control and Data Acquisition) systems. It provides definitions of key SCADA components and concepts, including RTUs, PLCs, HMIs, and protocols. It also outlines security challenges for SCADA systems given their critical infrastructure functions and discusses approaches to improving SCADA security.
This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems. It discusses what SCADA is, its architecture and components, functionality, and how it is used to control industrial processes. Security issues are also covered, along with the evolution of SCADA systems from early monolithic designs to modern distributed and networked architectures. The future of SCADA is described as incorporating more sophisticated capabilities through artificial intelligence and greater network integration.
SCADA systems are used to monitor and control industrial processes remotely. They acquire data from sensors in the field through programmable logic controllers (PLCs) or remote terminal units (RTUs), transmit the data to centralized human-machine interfaces (HMIs) over telecommunication networks, and allow operators to send control commands back to the field devices. SCADA systems have evolved from monolithic first-generation systems with standalone computers to distributed second-generation and networked third-generation systems that use open standards and can connect over wide area networks. They provide features like dynamic representation of process data, database connectivity, device connectivity, alarms, trends, scripting, security, recipe management, and networking capabilities.
This document discusses trends in threats to SCADA (Supervisory Control and Data Acquisition) systems. It notes that as SCADA systems increasingly use commercial off-the-shelf software and connect to the internet, they have become more vulnerable to cyber threats. The document outlines how SCADA systems work and components like RTUs, PLCs, and HMIs. It also discusses issues like the mistaken belief that SCADA systems are secure due to physical security or isolation from the internet. The conclusion suggests that as capabilities and opportunities for threats increase, the future operational environment will be more vulnerable if an actor emerges with the intent to cause harm.
SCADA systems are used to monitor and control geographically dispersed industrial processes. A SCADA system consists of field devices like PLCs and RTUs that connect to sensors and convert signals to digital data. This data is communicated to a control center via telemetry where it is processed by a data acquisition server and presented to human operators through an HMI. The system allows operators to monitor and control the industrial process. SCADA has evolved from early monolithic centralized systems to modern distributed and networked systems that utilize open standards and protocols to distribute functionality across a wide area network. SCADA is commonly used in applications like power generation, water treatment, oil and gas pipelines, and more.
SCADA stands for Supervisory Control And Data Acquisition. SCADA software system is a device monitoring and controlling framework. The supervisory control includes, taking action and control through remote locations for various control mechanisms and processes.The front-end UI of Mobile App or Web dashboard along with backend business logic, database and a Gateway (as depicted in the above block diagram) manifests a SCADA solution for control and monitoring of devices in an IoT network.
https://www.embitel.com/blog/embedded-blog/what-is-scada-system-and-software-solution
Comparative analysis of traditional scada systems and io t implemented scadaIJARIIT
SCADA system stands as an abbreviation of Supervisory Control and Data Acquisition. It focuses on the supervisory
level and is not a full control system. It is a computer system which gathers and analyses real time data. They are useful in
monitoring and controlling a plant or industrial equipment like telecommunications, water, waste control, energy, oil-gas
refining, and transportation. It gathers information about a mishap, transfers it back to a central site and alerts the home station
about the mishap, carries out necessary analysis and control, like determining if the mishap occurred is critical, and display the
information in a logical and organized fashion. They can be relatively as simple as a system which monitors environmental
conditions of a small office building, or as complex as a system that monitors all the activity in a nuclear power plant.
IOT acts as a complementary setup to SCADA. SCADA system generates information which acts as one of the data sources for
IOT. While the focus of SCADA on monitoring and control, the focus of IOT is firmly on analyzing machine data to improve
productivity.
SCADA.pptx supervisory control and data aquasitionRapidAcademy
The document discusses the history and components of SCADA (Supervisory Control and Data Acquisition) systems. It describes how early SCADA systems involved direct connections between sensors and control panels, while modern systems involve remote terminal units, programmable logic controllers, telemetry, and computer software. The key components of a SCADA system include remote terminal units that interface with field sensors, communication systems to transfer data, master stations to display and control the system, and software for user interfaces, alarms, data storage and more.
SCADA systems monitor and control geographically dispersed field sites over long-distance communication networks. They centralized monitor field sites and can push commands to devices that control local operations. DCS systems control industrial processes within factories through localized control of sub-systems. PLCs are computer-based devices that provide regulatory control for discrete processes. SCADA systems operate over long distances while DCS and PLCs use local area networks and provide more closed-loop control.
Design and simulation of remote monitoring of the intelligent automatic contr...IAESIJAI
In this research, we will introduce implementation requirements of a remote wireless control and monitoring unit of industrial production lines automatically controlled using programmable logic controller (PLC). PLC is capable of collecting different types of data and converting them into electrical signals that can be controlled by the industrial network using supervisory control and data acquisition (SCADA) systems. SCADA will be installed in the main server inside the control unit. The PLC will be used as a decision maker of the received signals for the industrial lines that comes from a group of detectors (sensors/transducers). The output of the PLC processor will trigger the engines, according to a specific industrial process management program. The processed data could be transferred through wireless or wired method. The wireless approach will be shown in this study, along with two other ways to implement it.
The document discusses SCADA (supervisory control and data acquisition) systems. SCADA systems are used to monitor and control geographically dispersed assets from a central control facility. They typically include remote terminal units (RTUs) or programmable logic controllers (PLCs) that collect data from sensors and control local equipment, and a SCADA server that communicates with the remote devices over communication channels. The document outlines the basic components, configurations, and communication topologies of typical SCADA systems.
Practical Troubleshooting & Problem Solving of Industrial Data CommunicationsLiving Online
This document provides an overview of industrial data communications. It describes modern instrumentation and control systems, including distributed control systems, programmable logic controllers, SCADA systems, and smart instruments. It also discusses common industrial communication standards and protocols, such as RS-232, RS-485, fiber optics, Modbus, HART, DeviceNet, Profibus, Ethernet, and TCP/IP. The document introduces the OSI model and explains how protocols define the structure of information frames transmitted across communication systems.
SCADA systems are used to control geographically dispersed assets where centralized monitoring and control are important. They integrate data acquisition from field sites with transmission systems and HMIs to provide centralized monitoring of numerous inputs and outputs from a single location in real time. SCADA systems typically consist of MTUs at a control center, communication equipment between the control center and field sites, and RTUs or PLCs at field sites that perform local control and sensor monitoring.
Robust Cyber Security for Power UtilitiesNir Cohen
The security of critical networks is at the center of attention of industry and government regulators alike. Check Point and RAD offer a joint end-to-end cyber security solution that protects any utility operational technology (OT) network by eliminating RTU and SCADA equipment vulnerabilities, as well as defends against cyber-attacks on the network’s control and data planes. This solution brief explains how the joint solution enables compliance with NERC-CIP directives, provides deep visibility and control of ICS/SCADA communications, and allows secure remote access into OT networks.
The document discusses distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems. It provides an introduction and overview of key concepts for both DCS and SCADA. For DCS, it describes the components, functions, applications and how a DCS works. For SCADA, it outlines where SCADA is used, hardware and software architectures, and how SCADA systems function through data acquisition, communication, presentation and control.
The document discusses penetration testing of SCADA industrial control systems. It begins with an overview of SCADA systems, including what they are, where they are used, benefits, and basic concepts like the communication between the SCADA server and RTUs/PLCs. It then covers SCADA protocols like Modbus and DNP3. The document outlines various attack vectors like denial of service attacks, unauthorized access, and vulnerabilities in common protocols. It proposes a penetration testing methodology that involves discovery, protocol analysis, data manipulation, and security recommendations like firewalls, IDS, and training to improve SCADA security.
This document discusses industrial control system (ICS) cybersecurity. It begins with an introduction to ICS, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers (PLC). It then compares ICS and IT security, discussing risks specific to ICS. The document outlines the risk management process and describes ICS security architecture, including network segmentation. It also covers authentication, firewall implementation, and applying the six steps of the NIST risk management framework to implement security controls for ICS.
1. SCADA systems are used to monitor and control industrial processes through remote terminal units (RTUs) and programmable logic controllers (PLCs) that connect to sensors in the field. They allow for centralized supervision and control of geographically dispersed processes.
2. A key component is the human-machine interface (HMI) which presents data to operators and allows them to control the process. Other components include RTUs/PLCs that connect to field devices, a communication system to connect components, and a supervisory computer system for data collection and control.
3. Security is a major concern as SCADA systems often have vulnerabilities like hardcoded passwords and lack of authentication. Successful cyber attacks could disrupt
Similar to ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems (20)
Overview of ERP - Mechlin Technologies.pptxMitchell Marsh
This PowerPoint presentation provides a comprehensive overview of Enterprise Resource Planning (ERP) systems. It covers the fundamental concepts, benefits, and key functionalities of ERP software, illustrating how it integrates various business processes into a unified system. From finance and HR to supply chain and customer relationship management, ERP facilitates efficient data management and decision-making across organizations. Whether you're new to ERP or looking to deepen your understanding, this presentation offers valuable insights into leveraging ERP for business success.
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsEstuary Flow
Unlock the full potential of your data by effortlessly migrating from PostgreSQL to Snowflake, the leading cloud data warehouse. This comprehensive guide presents an easy-to-follow 8-step process using Estuary Flow, an open-source data operations platform designed to simplify data pipelines.
Discover how to seamlessly transfer your PostgreSQL data to Snowflake, leveraging Estuary Flow's intuitive interface and powerful real-time replication capabilities. Harness the power of both platforms to create a robust data ecosystem that drives business intelligence, analytics, and data-driven decision-making.
Key Takeaways:
1. Effortless Migration: Learn how to migrate your PostgreSQL data to Snowflake in 8 simple steps, even with limited technical expertise.
2. Real-Time Insights: Achieve near-instantaneous data syncing for up-to-the-minute analytics and reporting.
3. Cost-Effective Solution: Lower your total cost of ownership (TCO) with Estuary Flow's efficient and scalable architecture.
4. Seamless Integration: Combine the strengths of PostgreSQL's transactional power with Snowflake's cloud-native scalability and data warehousing features.
Don't miss out on this opportunity to unlock the full potential of your data. Read & Download this comprehensive guide now and embark on a seamless data journey from PostgreSQL to Snowflake with Estuary Flow!
Try it Free: https://dashboard.estuary.dev/register
Responsibilities of Fleet Managers and How TrackoBit Can Assist.pdfTrackobit
What do fleet managers do? What are their duties, responsibilities, and challenges? And what makes a fleet manager effective and successful? This blog answers all these questions.
Sami provided a beginner-friendly introduction to Amazon Web Services (AWS), covering essential terms, products, and services for cloud deployment. Participants explored AWS' latest Gen AI offerings, making it accessible for those starting their cloud journey or integrating AI into coding practices.
CViewSurvey Digitech Pvt Ltd that works on a proven C.A.A.G. model.bhatinidhi2001
CViewSurvey is a SaaS-based Web & Mobile application that provides digital transformation to traditional paper surveys and feedback for customer & employee experience, field & market research that helps you evaluate your customer's as well as employee's loyalty.
With our unique C.A.A.G. Collect, Analysis, Act & Grow approach; business & industry’s can create customized surveys on web, publish on app to collect unlimited response & review AI backed real-time data analytics on mobile & tablets anytime, anywhere. Data collected when offline is securely stored in the device, which syncs to the cloud server when connected to any network.
React and Next.js are complementary tools in web development. React, a JavaScript library, specializes in building user interfaces with its component-based architecture and efficient state management. Next.js extends React by providing server-side rendering, routing, and other utilities, making it ideal for building SEO-friendly, high-performance web applications.
WhatsApp Tracker - Tracking WhatsApp to Boost Online Safety.pdfonemonitarsoftware
WhatsApp Tracker Software is an effective tool for remotely tracking the target’s WhatsApp activities. It allows users to monitor their loved one’s online behavior to ensure appropriate interactions for responsive device use.
Download this PPTX file and share this information to others.
NBFC Software: Optimize Your Non-Banking Financial CompanyNBFC Softwares
NBFC Software: Optimize Your Non-Banking Financial Company
Enhance Your Financial Services with Comprehensive NBFC Software
NBFC software provides a complete solution for non-banking financial companies, streamlining banking and accounting functions to reduce operational costs. Our software is designed to meet the diverse needs of NBFCs, including investment banks, insurance companies, and hedge funds.
Key Features of NBFC Software:
Centralized Database: Facilitates inter-branch collaboration and smooth operations with a unified platform.
Automation: Simplifies loan lifecycle management and account maintenance, ensuring efficient delivery of financial services.
Customization: Highly customizable to fit specific business needs, offering flexibility in managing various loan types such as home loans, mortgage loans, personal loans, and more.
Security: Ensures safe and secure handling of financial transactions and sensitive data.
User-Friendly Interface: Designed to be intuitive and easy to use, reducing the learning curve for employees.
Cost-Effective: Reduces the need for additional manpower by automating tasks, making it a budget-friendly solution. Benefits of NBFC Software:
Go Paperless: Transition to a fully digital operation, eliminating offline work.
Transparency: Enables managers and executives to monitor various points of the banking process easily.
Defaulter Tracking: Helps track loan defaulters, maintaining a healthy loan management system.
Increased Accessibility: Cutting-edge technology increases the accessibility and usability of NBFC operations. Request a Demo Now!
Cultural Shifts: Embracing DevOps for Organizational TransformationMindfire Solution
Mindfire Solutions specializes in DevOps services, facilitating digital transformation through streamlined software development and operational efficiency. Their expertise enhances collaboration, accelerates delivery cycles, and ensures scalability using cloud-native technologies. Mindfire Solutions empowers businesses to innovate rapidly and maintain competitive advantage in dynamic market landscapes.
React Native vs Flutter - SSTech SystemSSTech System
Your project needs and long-term objectives will ultimately choose which of React Native and Flutter to use. For applications using JavaScript and current web technologies in particular, React Native is a mature and trustworthy choice. For projects that value performance and customizability across many platforms, Flutter, on the other hand, provides outstanding performance and a unified UI development experience.
Break data silos with real-time connectivity using Confluent Cloud Connectorsconfluent
Connectors integrate Apache Kafka® with external data systems, enabling you to move away from a brittle spaghetti architecture to one that is more streamlined, secure, and future-proof. However, if your team still spends multiple dev cycles building and managing connectors using just open source Kafka Connect, it’s time to consider a faster and cost-effective alternative.
Break data silos with real-time connectivity using Confluent Cloud Connectors
ICSA 2019 Architectural Security Weaknesses in Industrial Control Systems
1. Danielle Gonzalez ✦ Fawaz Alhenaki ✦ Mehdi Mirakhorli
An Empirical Study based on Disclosed Software Vulnerabilities
Architectural Security Weaknesses
in Industrial Control Systems (ICS)
IEEE International Conference on Software Architecture (ICSA)
Hamburg, Germany March 2019
2. 2
What Are Industrial Control Systems (ICS)?
ICS often support critical infrastructure:
• Manufacturing
• Oil & Gas Production
• Chemical Processing
• Electrical Power Grids
• Transportation
• More!
3. Architecture of Industrial Control Systems (ICS)
Human Machine Interface (HMI)
Engineering
Workstations
Data Historian Supervisory Control & Data
Acquisition (SCADA) Server
Switched Telephone,
Leased Line or Power Line
Based Communication
Radio, microwave,
or cellular
Satellite
Wide area network
Communication
Routers
Control Center
PLC
Field Site 1
RTU
Field Site 2
Wan Card
Modem
IED
Field Site 3
Modem
3
The PLCs, RTUS etc.
communicate with the
SCADA server using
industrial communication
protocols (Fieldbus)
2
HMIs are used by Humans to
configure the plant, troubleshoot
problems, run/stop/update
programs, and recover from failures
3
The Data Historian logs daily operational
data used for analysis & diagnosis
4
Programmable Logic
Controllers (PLCs) & Remote
Terminal Units (RTUs)
connect to sensors & actuators
1
4. 4
Security of Industrial Control Systems
ICS often support critical infrastructure:
• Manufacturing
• Oil & Gas Production
• Chemical Processing
• Electrical Power Grids
• Transportation
• More!
Implications
1. Security is a key concern
2. Attacks can affect national
safety & economics
3. Cannot be easily taken offline
for updates or patches
IEEE
Attacks to ICS infrastructures have exponentially
increased from a few to hundreds per year
Stouffer, Keith, Joe Falco, and Karen Scarfone. "Guide to industrial control systems (ICS) security." NIST special publication 800.82 (2011): 16-16.
Yang, Wen, and Qianchuan Zhao. "Cyber security issues of critical components for industrial control system." Proceedings of 2014 IEEE Chinese Guidance,
Navigation and Control Conference. IEEE, 2014.
5. 5
Examining Architectural Security Weaknesses in ICS
Dataset:
988 Security Advisories mined from the Industrial Control System
Cyber Emergency Response Team (ICS-CERT) repositories
RQ 1: Which ICS Components are Most Vulnerable?
RQ 2: What Percentage of ICS Vulnerabilities had Architectural Root Causes?
RQ 3: What are the Most Common Architectural Weaknesses in ICS?
RQ 4: Which Architectural Tactics are Most Often Compromised in ICS?
Research Questions:
6. 6
Industrial Control System Advisories (ICSA)
ICS vendors maintain advisories to report
security issues in their products
Advisory (ICSA-16-336-06)
OVERVIEW:
Alexey Osipov and Ilya Karpov of Positive Technologies have identified
vulnerabilities in Rockwell Automation’s Allen-Bradley MicroLogix 1100 and
1400 programmable logic controller (PLC) systems. Rockwell Automation has
produced new firmware versions to mitigate some of the vulnerabilities.
AFFECTED PRODUCTS:
1763-L16AWA, Series A and B, Version 14.000 and prior versions;
1763-L16BBB, Series A and B, Version 14.000 and prior versions;
[...]
IMPACT:
Successful exploitation of these vulnerabilities may allow a remote attacker to
gain unauthorized access to affected devices, as well as impact the availability
of affected devices.
VULNERABILITY CHARACTERIZATION:
CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION (CWE-319)
User credentials are sent to the web server in clear text, which may allow an
attacker to discover the credentials if they are able to observe traffic between
the web browser and the server.
EXPLOITABILITY:
These vulnerabilities could be exploited remotely.
[…]
Root
Cause
Common
Weakness
Enumeration
(CWE)
ICS-CERT collects these and
assigns them an ICSA identifier
7. 7
Identifying Vulnerable Components
A manual review process was used to identify ICS products and alternative names/abbreviations
Resources reviewed:
• Architectural documents of existing ICS products
• Reseach papers
• ICS application standards
17 components identified
§ 7 “common”
§ 10 “optional/variants”
8. 8
Component Specification
CommonComponents
Engineering
workstation
Reliable software designed for configuration, maintenance
and diagnostics of the control system applications and
equipment.
Data Historian
(HIST)
A system for logging all data in an ICS environment, this
data might be uses for analysis later.
Human-machine
Interface (HMI)
User interface that allows engineers and operators to
interact with the controller.
Intelligent
Electronic Device
A smart industrial device capable of acquiring data,
communicating with other devices, and automating
industrial processes.
Programmable
Logic Controllers
(PLC)
A solid-state control system often used in assembly lines,
or robotic devices, or activities that require high reliability
control, ease of programming and process fault diagnosis.
RTU (Remote
Terminal Unit)
Used to communicate with remote field equipment. PLCs
with radio communication capabilities are also used in
place of RTUs.
Supervisory
control software
(SCADA)
A system performing control functions used to control
dispersed assets using centralized data acquisition and
supervisory control.
Common
Industrial
Protocol (CIP)
Provides a set of services & messages for control, security,
synchronization, configuration, information that can be
integrated into networks.
Device Type
Manager
A driver-like software that provides an interface for device
configurations, maintenance, diagnostics &
troubleshooting.
Component Specification
CommonComponents
Engineering
workstation
Reliable software designed for configuration, maintenance
and diagnostics of the control system applications and
equipment.
Data Historian
(HIST)
A system for logging all data in an ICS environment, this
data might be uses for analysis later.
Human-machine
Interface (HMI)
User interface that allows engineers and operators to
interact with the controller.
Intelligent
Electronic Device
A smart industrial device capable of acquiring data,
communicating with other devices, and automating
industrial processes.
Programmable
Logic Controllers
(PLC)
A solid-state control system often used in assembly lines,
or robotic devices, or activities that require high reliability
control, ease of programming and process fault diagnosis.
RTU (Remote
Terminal Unit)
Used to communicate with remote field equipment. PLCs
with radio communication capabilities are also used in
place of RTUs.
Supervisory
control software
(SCADA)
A system performing control functions used to control
dispersed assets using centralized data acquisition and
supervisory control.
Common
Industrial
Protocol (CIP)
Provides a set of services & messages for control, security,
synchronization, configuration, information that can be
integrated into networks.
Device Type
Manager
A driver-like software that provides an interface for device
configurations, maintenance, diagnostics &
troubleshooting.
Distributed
Control Systems
(DCS)
SACAD variant, microprocessor based units distributed
functionally & geographically over the plant, situated near
area where control or data gathering functions being
performed.
Distributed
Network Protocol
a widely used protocol in electricity and/or water and
waste water treatment plants with three layers (data link,
Terminal Unit)
with radio communication capabilities are also used in
place of RTUs.
Supervisory
control software
(SCADA)
A system performing control functions used to control
dispersed assets using centralized data acquisition and
supervisory control.
Variation
Common
Industrial
Protocol (CIP)
Provides a set of services & messages for control, security,
synchronization, configuration, information that can be
integrated into networks.
Device Type
Manager
A driver-like software that provides an interface for device
configurations, maintenance, diagnostics &
troubleshooting.
Distributed
Control Systems
(DCS)
SACAD variant, microprocessor based units distributed
functionally & geographically over the plant, situated near
area where control or data gathering functions being
performed.
Distributed
Network Protocol
(DNP3)
a widely used protocol in electricity and/or water and
waste water treatment plants with three layers (data link,
application, and transport layer).
Fieldbus
A digital, serial, multi-drop, two-way data bus between
field equipment,. sensors, transducers, actuators, control
room devices.
Modbus
The de facto ICS communications protocol that uses serial
communications with PLCs.
Object Linking &
Embedding
(OLE) for Process
Control (OPC)
A set of open standards developed to promote
interoperability between disparate field devices,
automation/control, and business systems.
PAC
a "mashup" between a PC and a PLC in that it typically
offers the benefits of both in a single package.
Process Control
System (PCS)
SCADA variant, typically rack-mounted, processes sensor
input, executes control algorithms, and computes actuator
outputs.
Real time OS Operating System
Common Components
Optional / Variant ComponentsICS Components Used in This Study
9. 9
Identifying Vulnerable Components
ICS Component Terms in Dictionary
Programmable Logic
Controllers
Programmable Logic Controllers, PLC, control loop, logic
controller
Distributed Control
Systems
Distributed Control Systems, DCS, digital processor control
system, process manager
Fieldbus Fieldbus, Field Device
Supervisory Control
Software
Supervisory control software, SCADA, supervisory control
and data acquisition
Human-machine Interface
Human-machine Interface, HMI, Human Machine Interface,
Web Interface, operator
Remote Terminal Unit Remote Terminal Units, RTUs, RTU, Remote Terminal Unit
Data Historian
data historian, Operational Historian, HIST, process data
archive, historian
Sample of Component-Term Dictionary
Component-Term DictionaryText Data from Advisories
ICS Component Terms in Dictionary
Programmable Logic
Controllers
Programmable Logic Controllers, PLC, control loop, logic
controller
Distributed Control
Systems
Distributed Control Systems, DCS, digital processor control
system, process manager
Fieldbus Fieldbus, Field Device
Supervisory Control
Software
Supervisory control software, SCADA, supervisory control
and data acquisition
Human-machine Interface
Human-machine Interface, HMI, Human Machine Interface,
Web Interface, operator
Remote Terminal Unit Remote Terminal Units, RTUs, RTU, Remote Terminal Unit
Data Historian
data historian, Operational Historian, HIST, process data
archive, historian
Text Processing Script (Keyword Search)
55.06% of reports
mentioned at least 1 of the
17 components
10. 10
RQ1: Which ICS Components are Most Vulnerable?
Real
tim
e
Variation
Common
Industrial
Protocol (CIP) 13
Device Type
Manager 14
Distributed
Control
Systems 16
DNP3
(Distributed
Network
Protocol) 39
Fieldbus 18
Modbus 31
OPC (OLE for Process
Control) 57 PAC 6
Process Control
System (PCS) 42
Common Components
Engineering
workstation 15
HIST 25
HMI 257 Intelligent
Electronic
device 3
Master
Terminal Unit
(MTU) 8Programmable Logic Controllers
(PLC) 114
RTU (Remote
Terminal Unit)
32
SCADA (Supervisory control software) 212
ICS Component # of Reports
Human-machine Interface (HMI) 257
Supervisory Control Software (SCADA) 212
Programmable Logic Controllers (PLC) 114
OLE for Process Control (OPC) 57
Process Control System (PCS) 42
Distributed Network Protocol (DNP3) 39
Remote Terminal Unit (RTU) 32
Modbus 31
Data Historian (HIST) 25
Building Automation System (BAS) 19
10 Most Vulnerable ICS Components
11. 11
RQ2: What % of ICS Vulnerabilities had an Architectural Root Cause?
https://cwe.mitre.org/data/definitions/1008.html
Santos, J. C. S., Peruma, A., Mirakhorli, M., Galster, M. and Sejfia, A.. "Understanding
Software Vulnerabilities Related to Architectural Security Tactics: An Empirical
Investigation of Chromium, PHP and Thunderbird.". pages 69 - 78. 2017 IEEE
International Conference on Software Architecture (ICSA). 2017.
Common Architectural Weakness Enumeration
12. 12
Identifying ICS Advisories with Architectural Root Causes
Text Data from Advisories
CAWE Mapping
https://cwe.mitre.org/data/definitions/1008.html
RQ2: What % of ICS Vulnerabilities had an Architectural Root Cause?
62.86% (540) of ICS Advisories were
associated with 1 or more architectural
weakness (CAWE)
IDs in the text
were mapped to
the IDs in the
CAWE catalog
13. 13
RQ3: What is the Most Common Architectural Weakness in ICS?
Tactic CAWE Frequency
Validate Inputs CAWE-20 Improper Input Validation 142
Validate Inputs CAWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 75
Authenticate Actors CAWE-287 Improper Authentication 70
Authorize Actors CAWE-284 Improper Access Control 63
Validate Inputs CAWE-352 Cross-Site Request Forgery (CSRF) 45
Authenticate Actors CAWE-798 Use of Hard-coded Credentials 44
Validate Inputs CAWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 37
Authenticate Actors CAWE-259 Use of Hard-coded Password 20
Encrypt Data CAWE-522 Insufficiently Protected Credentials 18
Validate Inputs CAWE-94 Improper Control of Generation of Code ('Code Injection') 17
Authenticate Actors CAWE-306 Missing Authentication for Critical Function 16
Authorize Actors CAWE-434 Unrestricted Upload of File with Dangerous Type 14
Authorize Actors CAWE-269 Improper Privilege Management 13
Encrypt Data CAWE-326 Inadequate Encryption Strength 13
Encrypt Data CAWE-312 Cleartext Storage of Sensitive Information 12
Validate Inputs CAWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 12
Authorize Actors CAWE-285 Improper Authorization 11
Encrypt Data CAWE-319 Cleartext Transmission of Sensitive Information 10
Encrypt Data CAWE-311 Missing Encryption of Sensitive Data 10
Encrypt Data CAWE-256 Unprotected Storage of Credentials 10
26.29%
of reports
with
CAWEs
20 Most Common Architectural Weaknesses in ICS
14. 14
RQ4: Which Architectural Tactic Implementations are
Compromised Most Often in ICS?
Tactic Frequency
Validate Inputs 199
Encrypt Data 104
Authenticate Actors 93
Authorize Actors 73
Limit Access 12
Cross-Cutting 7
Identify Actors 6
Manage User Sessions 6
Verify Message Integrity 4
Audit 1
• We found ICS Advisories associated with 10 of
the 12 Architectural Tactics
• From the 540 ICS Advisories associated with
CAWEs, 3 tactics were compromised most often.
10 Compromised Architectural Tactics
15. 15
How do these findings compare to those for Enterprise Web Applications?
Architectural Weaknesses in ICS
To understand if the top weaknesses were unique to ICS,
we mapped our CAWE findings to the CWEs in the OWASP
Top 10 risks from 2017
4 of our top 20 could
not be mapped,
including our #1
weakness
Improper Input
Validation
OWASP Top 10 ICS Architectural Weaknesses
A1-Injection
• Rank#7: CWE-89 SQL Injection
• Rank#10: CWE-94 Code Injection
• Rank#16: CWE-78 OS Command Injection
A2-Broken Authentication
• Rank#3: CWE-287 Improper Authentication
• Rank#9: CWE-522 Insufficiently Protected
Credentials
• Rank#11: CWE-306 Missing Authentication of
Critical Function
• Rank#20: CWE-256 Unprotected Storage of
Credentials
• Rank#6: CWE-798 Use of Hard-coded
Credentials
• Rank#8: CWE-259 Use of Hard-coded Password
A3-Sensitive Data Exposure
• Rank#15: CWE-312 Cleartext Storage of
Sensitive Info.
• Rank#18: CWE-319 Cleartext Transmission
of Sensitive Info.
• Rank#19: CWE-311 Missing Encryption of
Sensitive Data
A4-XML External Entities (XXE) N/A
A5-Broken Access Control
• Rank#4: CWE-284 Improper Access Control
• Rank#13: CWE-269 Improper Privilege
Management
• Rank#17: CWE-285 Improper Authorization
A6-Security Misconfiguration N/A
A7-Cross-Site Scripting (XSS) • Rank#2: CWE-79 Cross-site Scripting
A8-Insecure Deserialization N/A
A9-Using Vulnerable Components N/A
A10-Insufficient Logging N/A
16. 16
Summary & Implications for Practitioners
Most Vulnerable ICS Components Most Frequently Compromised Architectural Tactics
1. Isolate Control System Devices and/or Systems from Untrusted Networks
2. Sanitize User’s Inputs to ICS Components and Devices
3. Encrypt Sensitive Data
4. Secure ICS Endpoints
5. Follow a Tactic-centric Approach to ICS Security
6. Use a Protected Network Environment for Unpatched Devices
Implications for Practitioners
62.86% (540) of ICS Advisories studied were associated with 1 or more architectural weakness (CAWE)
Most Common Architectural Weaknesses in ICS
17. Danielle Gonzalez ✦ Fawaz Alhenaki ✦ Mehdi Mirakhorli
An Empirical Study based on Disclosed Software Vulnerabilities
Architectural Security Weaknesses
in Industrial Control Systems (ICS)
IEEE International Conference on Software Architecture (ICSA)
Hamburg, Germany March 2019
Questions? Contact dng2551@rit.edu or mxmvse@rit.edu
@dngonza