A Cyber Infrastructure SCADA Testbed Environment for
Research on the Nation's Critical Infrastructure
Christopher Klaus
Cy...
Significations of SCADA Vulnerabilities
 Maroochy Shire Sewage Spill
In 2000, a disgruntled rejected employee remotely ac...
Objectives
 Initiate a testing model of competing teams (Red & Blue) to
alternatively attack and defend a target SCADA sy...
F O U R C O M P O N E N T S
• SCADA Laboratory
• INTERROGATOR Architecture
• NACMAST Enterprise Data Warehouse
• Biosphere...
SCADA Laboratory
5
UNCLASSIFIED 5
Motors, Drives,
Actuators
Sensors and other Input/Output
Devices
Programmable Logic
Cont...
INTERROGATOR Architecture
6
UNCLASSIFIED
SCADA
Laboratory
Firewall
Sensors
Network sensors on the SCADA
Laboratory’s firew...
NACMAST Enterprise Data Warehouse
 Description
 A large capacity warehouse to
hold Cyber attack data for
retrospective a...
Biosphere 2 as a User Facility
8
UNCLASSIFIED
 The Biosphere 2 is currently
controlled by SCADA systems.
 The Biosphere ...
F O U R C O M P O N E N T S
• Red and Blue Teams
• SCADA Cyber Attack Data Analysis
• Vulnerability Evaluation of Industry...
Red and Blue Teams
 Red & Blue teams would alternate attack and defense
activities using the SCADA Laboratory and eventua...
SCADA Cyber Attack Data Analysis
 Utilization of Autonomic Cyber Security to detect abnormal
behavior.
 Classification o...
Vulnerability Evaluation of SCADA Systems
 Installation of SCADA systems from various vendors
could be tested with the SC...
O N E C O M P O N E N T
• NACMAST Enterprise SCADA Training
User Training Overview
UNCLASSIFIED
13
NACMAST Enterprise SCADA Training
 Training for researchers, analysts and other
participants will covers User Facility co...
Summary
 Prototype a SCADA Testbed environment that allows
capture of SCADA cyber attack data.
 Collect a variety and si...
Questions?
16
UNCLASSIFIED
Upcoming SlideShare
Loading in …5
×

A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'s Critical Infrastructure

2,316 views
2,204 views

Published on

Discussion on next steps for researching cybersecurity issues of control systems.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,316
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
115
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • As Critical Infrastructures have been connected to our Cyber Infrastructure, they have become vulnerable to cyber attacks.
  • A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'s Critical Infrastructure

    1. 1. A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation's Critical Infrastructure Christopher Klaus Cyber Defense Laboratory Western Kentucky University SCADA Cyber Attack Data Warehouse User Facility UNCLASSIFIED 1
    2. 2. Significations of SCADA Vulnerabilities  Maroochy Shire Sewage Spill In 2000, a disgruntled rejected employee remotely accessed sewerage pumping stations, releasing millions of liters of raw sewage into nearby rivers and parks.  Davis-Besse power plant In 2003, the Nuclear Regulatory Commission confirmed the Slammer worm infected Davis-Besse nuclear power plant's SCADA network, disabling a safety monitoring system for nearly 5 hours and the plant’s process computer for almost 6 hours.  SX Train Signaling System In 2003, the Sobig virus infected the CSX train control computer, shutting down the train/track signaling systems in the entire east cost of the U.S. Train services were delayed for 4 to 6 hours.  Worcester Air Traffic Communications In 1997, a teenager knocked out phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower’s main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress. 2 UNCLASSIFIED
    3. 3. Objectives  Initiate a testing model of competing teams (Red & Blue) to alternatively attack and defend a target SCADA system being evaluated.  Implement INTERROGATOR architecture with example SCADA systems to capture SCADA cyber attacks [network traffic data].  Store SCADA cyber attack data in NACMAST Enterprise Data Warehouse.  Demonstrate research utility of SCADA vulnerability testing, and of stored SCADA cyber attack data.  Expand the model from a SCADA Laboratory to the Biosphere 2 for a SCADA Testbed User Facility for use by various researchers.  Make the SCADA cyber attack data on the NACMAST Enterprise Data Warehouse available for use by researchers as another component of the User Facility. 3 UNCLASSIFIED
    4. 4. F O U R C O M P O N E N T S • SCADA Laboratory • INTERROGATOR Architecture • NACMAST Enterprise Data Warehouse • Biosphere 2 User Facility Hardware Overview UNCLASSIFIED 4
    5. 5. SCADA Laboratory 5 UNCLASSIFIED 5 Motors, Drives, Actuators Sensors and other Input/Output Devices Programmable Logic Controllers (PLC) Human Machine Interface (HMI) PC Based Controllers Ethernet Remote Terminal Unit (RTU) A SCADA Laboratory will be an initial environment for performing and defending against SCADA Cyber attacks. This environment will also allow testing of appropriate data capture methods and confirm the research utility before expanding to the level of a User Facility. SCADA Laboratory Firewall
    6. 6. INTERROGATOR Architecture 6 UNCLASSIFIED SCADA Laboratory Firewall Sensors Network sensors on the SCADA Laboratory’s firewall to transfer raw traffic subsets to the NACMAST Enterprise Data Warehouse.
    7. 7. NACMAST Enterprise Data Warehouse  Description  A large capacity warehouse to hold Cyber attack data for retrospective analysis.  A matrix of storage arrays for both DoD and non-DoD purposes  Mission  To perform retrospective analysis on Cyber attack data  To develop tools to aid in retrospective analysis  Status  Ready to collect and store SCADA cyber attack data UNCLASSIFIED 7
    8. 8. Biosphere 2 as a User Facility 8 UNCLASSIFIED  The Biosphere 2 is currently controlled by SCADA systems.  The Biosphere 2 is a good representative of Critical Infrastructures.  Leveraging the SCADA Laboratory implementation, the Biosphere 2 would gain the ability to capture SCADA cyber attacks.
    9. 9. F O U R C O M P O N E N T S • Red and Blue Teams • SCADA Cyber Attack Data Analysis • Vulnerability Evaluation of Industry SCADA Systems User Facility Research Overview UNCLASSIFIED 9
    10. 10. Red and Blue Teams  Red & Blue teams would alternate attack and defense activities using the SCADA Laboratory and eventually the Biosphere 2.  These teams would development SCADA cyber attacks and defenses against attacks, such as:  Unauthorized Command Execution  SCADA Denial of Service  SCADA Man-in-the-Middle  Replay  Malicious Service Commands  SCADA cyber attack profiles will be stored for training and research. UNCLASSIFIED 10
    11. 11. SCADA Cyber Attack Data Analysis  Utilization of Autonomic Cyber Security to detect abnormal behavior.  Classification of known SCADA cyber attacks using data mining techniques (e.g. neural networks, wavelet analysis, genetic algorithms).  Pattern recognition of SCADA cyber attacks using data mining techniques .  Neural network prediction of SCADA cyber attacks based on identified patterns. 11 UNCLASSIFIED
    12. 12. Vulnerability Evaluation of SCADA Systems  Installation of SCADA systems from various vendors could be tested with the SCADA cyber attack profiles to determine vulnerabilities.  Methods used to harden other SCADA systems against such attacks could then be applied to determine if these defensive methods work for that vendor’s system. 12 UNCLASSIFIED
    13. 13. O N E C O M P O N E N T • NACMAST Enterprise SCADA Training User Training Overview UNCLASSIFIED 13
    14. 14. NACMAST Enterprise SCADA Training  Training for researchers, analysts and other participants will covers User Facility components  SCADA cyber attack data on the NACMAST Enterprise Data Warehouse  Utilization of the Biosphere 2 for specific SCADA systems  Training encompasses:  Requirements for SCADA system installation at Biosphere 2  Best practices for Red and Blue team attack and defense activities with SCADA systems.  Use of IDS tools available NACMAST Enterprise Data Warehouse  Vulnerability assessment of SCADA systems  Threat assessment  Methods to harden SCADA systems  Research using stored SCADA cyber attack data UNCLASSIFIED 14
    15. 15. Summary  Prototype a SCADA Testbed environment that allows capture of SCADA cyber attack data.  Collect a variety and significant amount of SCADA cyber attacks in the NACMAST Enterprise Data Warehouse.  Utilize Red & Blue teams for one method of research and analysis of stored data for another method.  Leverage knowledge gained to turn the Biosphere 2 into a SCADA Cyber Attack Data Warehouse User Facility.  Invite researchers to utilize this User Facility.  Invite industry to implement their SCADA systems for vulnerability testing. 15 UNCLASSIFIED
    16. 16. Questions? 16 UNCLASSIFIED

    ×