The document summarizes a security solution called OTPS that is designed to protect utility control systems from vulnerabilities. It notes that control systems have become more vulnerable as they integrate with corporate networks and use commercial operating systems. The OTPS solution uses security event management, intrusion detection, and other tools to monitor systems for breaches, protect critical infrastructure, and detect and prevent security issues across networks, protocols, processes and system health. It is presented as a customizable, scalable solution to implement security best practices for utility control environments.

1. ©2014 Enzen Global Ltd. www.enzen.com
Operational Technology Protection System (OTPS)
- Protect, Monitor and Manage Utility Control Systems
SCADA Vulnerabilities
 The Open and Collaborative
Systems have raised productivity
and profitability; they have also
made the system more
vulnerable to attack
 The number of vulnerabilities
detected has increased by 20
times since 2010. 50% of the
vulnerabilities allow a hacker to
execute code.
 There are known exploits for
35% of vulnerabilities and 41%
of them are very critical.
 The number of vulnerabilities
known for top 5 SCADA Vendors
by 2012
 There are many attacks
happened exploiting these
vulnerabilities:
Stuxnet. Duqu. Night
Dragon. Conficker Worm etc.
Summary
The Utility Control Systems are becoming more vulnerable to security threats
with increasing adoption of commercial-off-the-shelf (COTS) operating systems
and integration with corporate networks. Connecting Operational Technology
Networks and Corporate Networks introduces security risk on both sides. Having
understood the criticality of the control system functions, and necessity for
securing the Critical National Infrastructure, Enzen recommends the Utility to
implement the OTPS solution to protect, and manage its Control Systems.
Why Security needed?
As per CPNI standards, SCADA and Telemetry Networks are classified as CAT5 on
CNI Criticality Scale (CAT1 to 5). These assets will be of unique national
importance whose loss would have national long-term effects and hence Security
is of paramount importance. The Security threats could emerge either from an
internal source. or from external hackers. The typical SCADA protocols, particularly
open standard ones like Modbus or DNP3 with no built-in authentication, packets are
processed without any additional user or system authentication making it more
vulnerable to security attacks. The following describes an example of an internet-
generated attack on the corporate LAN to gain access to Control System.
The corporate LAN is the selected target as the firewalls need to be configured for
more open access than either the DMZ or the SCADA LANs.
1. The first step is to penetrate the Internet Firewall on the corporate LAN. Once
the firewall is penetrated, the attacker has access to the network switch. The
attacker then looks for a target to take control of, in this case the Corporate
Workstation.
2. With the corporate workstation compromised, the attacker uses the
permissions of the workstation to penetrate into the DMZ. As with the
Corporate LAN, the attacker now looks for a target in the DMZ LAN. Since the
Corporate Workstation has permission to access the web and historian
servers, these become the point of the attack.
3. The attacker now compromises the server and uses its permissions to gain
access to the SCADA LAN. The attack now comes on all fronts looking for a
likely candidate. In this scenario, the attacker is very good and gets control of
the Operator’s Workstation.
The internet attacker can now control the Control System as the Operator’s
Workstation provides supervisory control of the resources.
Recommendation
Enzen recommends the Utility to
review the security of its real time
Operational Technology Networks
and implement OTPS solution to
combat the security issues and
protect its Critical National
Infrastructure.
Impact on Business
The impacts of an attack on control
systems can include, for example:
denial of service, unauthorised
control of the process, loss of
integrity, loss of confidentiality, loss
of reputation and health, safety and
environmental impacts.

2. ©2014 Enzen Global Ltd. www.enzen.com
Operational Technology Protection System (OTPS)
- Protect, Monitor and Manage Utility Control Systems
OTPS Solution
The proposed solution utilizes the combination of following 'COTS' products to
meet the security requirements: Security Event Manager, Security and Event
Data Collection and Network Intrusion Detection Systems along with Agents
(small software programs that are installed on the servers, clients and other assets
to be monitored and data to be collected). Agents will be individually customized for
SCADA, PI and FEP Severs etc. The data collected is sent to Security Event Manager
for managing and responding to the events. This is built upon industry standard
technologies and is further supplied upon its own appliance based hardware (where
relevant), which is easy to integrate into a client's existing OT Environment.
Approach
 Solution Approach based on
CPNI Good Practices
 Phased Site Wise Deployment
 No Operational Disruption
 Time and Cost Certainty
 Robust Quality Processes
 24 Month Warranty Period
 Multi-layered Assurance
 Single point Ownership for
Delivery
Timeline for Implementation
Highlights
 Detects and Prevents any
Security Breach be it
Software/ Hardware or
Network Intrusion
 Monitors all Industry Standard
Communication Protocols
 Monitors Critical Processes &
Services
 Monitors Network& System
Health and Performance
 Own Configurable GUI
'Dashboard'
 Built on the Concept of
Defence-in-Depth Technology
 Easy to Integrate into Existing
OT Environment
 Highly Scalable Architecture
Enzen Global Limited
Blythe Valley Innovation Centre
Central Boulevard, Blythe Valley Park,
Solihull B90 8AJ, United Kingdom,
Phone +44 121 506 9272
Enzen Security Solution
Based on CPNI Guidelines and Good
Practices, Enzen carries out Security
and Vulnerability Assessment to
identify the threat impact and
business risk. Based on that
Security Requirements will be
defined and OTPS solution will be
customised to meet these
requirements. Enzen will also setup
procedures for managing security
events and ongoing governance.