HMI Antivirus Testing Presentation (MS PowerPoint) - Joe Falco

1,124 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,124
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Good afternoon. We’re going to start this afternoon session with a brief presentation on our Critical Infrastructure Protection Program. The program seeks to improve the cybersecurity of industrial control systems. It is our newest program; it was first funded about a year and a half ago.
  • HMI Antivirus Testing Presentation (MS PowerPoint) - Joe Falco

    1. 1. Performance Testing: The Effects of Antivirus Software on the Operation of PC Based HMI Software Joe Falco Manufacturing Engineering Laboratory National Institute of Standards and Technology February 18, 2004
    2. 2. NIST Industrial Control Security Testbed Architecture
    3. 3. Bottling Plant Simulation <ul><li>DeviceNet I/O network </li></ul><ul><li>Three controller options </li></ul><ul><ul><li>PC-based software PLC </li></ul></ul><ul><ul><li>Modicon hardware PLC </li></ul></ul><ul><ul><li>DeltaV Hybrid Controller </li></ul></ul><ul><li>SQL database for data logging </li></ul>
    4. 4. Water Distribution SCADA Simulation <ul><li>MTU Allen-Bradley ControlLogix/Flex IO </li></ul><ul><li>RTUs Allen-Bradley SLC500 </li></ul><ul><li>DNP 3.0 Serial </li></ul><ul><li>Ethernet </li></ul><ul><li>Ultrasonic Level Transmitters </li></ul><ul><li>Analog Flow Meters </li></ul><ul><li>Liquid Level Switches </li></ul><ul><li>Centrifugal Pumps </li></ul>
    5. 5. Performance Testing <ul><li>Provide performance measures of PC based control software execution vs. modes of operation of concurrently executing security software </li></ul><ul><li>Note: Any results will be reported in aggregate, </li></ul><ul><li> or with any vendor-identifying information </li></ul><ul><li> removed. </li></ul>
    6. 6. Antivirus vs. HMI Performance <ul><li>Map functionality of both antivirus software packages. </li></ul><ul><li>Configure HMI software at upper and lower bounds. </li></ul><ul><li>Record antivirus installation and default configurations. </li></ul><ul><li>Test procedures least intrusive to most intrusive. </li></ul><ul><li>Design test procedures to be repeatable. </li></ul><ul><li>Monitor PC system resources (CPU, Network Traffic). </li></ul><ul><li>Monitor communication packets from HMI to PLC. </li></ul><ul><li>Compare loads with and without antivirus software. </li></ul><ul><li>Inject test viruses from available access points. </li></ul><ul><li>Include testing during virus definition updates. </li></ul>
    7. 7. Antivirus/HMI Test Matrix HMI-1 HMI-2 AV-1 AV-2 HMI-2 vs. AV-2 HMI-1 vs. AV-2 HMI-2 vs. AV-1 HMI-1 vs. AV-1
    8. 8. Current Status <ul><li>Antivirus application functionality mapping completed </li></ul><ul><li>HMI-1 programmed for lower end operation </li></ul><ul><li>Performed preliminary testing between </li></ul><ul><li>HMI-1, AV-1 and AV-2 applications </li></ul>
    9. 9. Initial Testing <ul><li>Manual Scanning of Hard Drive </li></ul><ul><li>Manual Scanning of Floppy Drive </li></ul><ul><li>Active Scanning </li></ul><ul><li>AV1 Manual Scan of Hard Drive over different CPU priority settings </li></ul><ul><li>Data packets collected over 1 minute period </li></ul><ul><li>Analyze single data variable packet – calculate time between consecutive messages. </li></ul><ul><ul><li>Baseline </li></ul></ul><ul><ul><li>Antivirus mode of operation/ no virus </li></ul></ul><ul><ul><li>Antivirus mode of operation/ virus present </li></ul></ul>
    10. 10. Manual Scan: Hard Drive
    11. 11. Manual Scan: Floppy Drive
    12. 12. Active Scanning
    13. 13. AV1 : CPU Priority Settings
    14. 14. Next Steps <ul><li>Program HMI-1 application at an upper end. </li></ul><ul><li>Program HMI-2 application at lower and upper end. </li></ul><ul><li>Document a set of performance test methods based on results of initial testing. </li></ul><ul><li>Perform testing across test methods. </li></ul><ul><li>Continue efforts using other security applications such as personal firewalls and control applications such as software PLCs </li></ul>
    15. 15. Summary <ul><li>Introduction to the NIST Process Control Security Testbed. </li></ul><ul><li>Development of performance methods to assess the effects of security software on the performance of PC based control software. </li></ul><ul><li>Presented initial test results for effects of antivirus software on the performance of HMI software. </li></ul><ul><li>Discussed future activities in this area. </li></ul>

    ×