SP
Uploaded byScadaLab Project
PDF, PPTX1,007 views

First SCADA LAB International Workshop

The document outlines work packages 4 and 5 of the SCADALab project. Work package 4 involves implementing the SCADA laboratory designed in work package 3, including setting up the laboratory area and connecting it to various test beds. Work package 5 focuses on pilot testing and experimentation using the new SCADA laboratory to conduct security assessments and tests on the connected infrastructure test beds. The work will validate the SCADA laboratory design and help refine it for future use in assessing the security of critical infrastructure systems.

Embed presentation

Download as PDF, PPTX
1ST International ScadaLab Workshop Madrid, 26th November 2013 SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Agenda 10.00h: Registration & Welcome 10.30h: ScadaLab Project Presentation 11.30h: Coffee break 12.00h: ScadaLab Validation Exercise 12.45h: Related Projects Presentation 13.30h: Lunch 14.30h: Training Session 16.30h: Closure
WP2 Definition of Testing Methodology Zanasi & Partners SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Content 1. WP 2 Introduction 2. Development of Work
WP2: Definition of Testing Methodology • Aims: to assess the users’ needs, to define the testing methodology to be adopted in the SCADALAB environment, and to elaborate an inventory of security tests to be performed • Participants: Zanasi & Partners (WP leader), AEI Seguridad, CNPIC, INTECO, Telvent Energy, Theodore Puskas Foundation • Time-frame: (21/9/2012 – 18/12/2012) M1-M3
WP2: List of Tasks Three tasks: • T2.1: Initial Survey • T2.2: Develop Testing Methodology • T2.3: Develop Security Tests Inventory Three deliverables: • D2.1: Survey Report: Analysis of Questionnaires (+ annex: Questionnaire for Stakeholders) • D2.2: Testing Methodology • D2.3: Security Tests
WP2 – T2.1: Initial Survey • Aims: to identify users’ needs and to assess stakeholders’ priorities for a SCADALAB environment • Contributors: AEI Seguridad, CNPIC, INTECO, Telvent Energy, Theodore Puskas Foundation, Zanasi & Partners
WP2 – T2.1: Initial Survey 11 stakeholders were interviewed via written questionnaires The questionnaires aimed at collecting information on the profile of the respondent organisation, on its awareness about cyber-security risks, on its IT infrastructure and on its perceived security needs The questionnaires were Structured in 6 sections: • Organisation profile • Awareness • Architecture • Existing Threats • Security Controls • Identified Needs 8
WP2 – T2.1: Initial Survey Main findings: • Most of the respondents (91%) perceive the problem of securing their ICS as sensitive • 64% of the organisations use ICS directly or indirectly connected to the public Internet. In 91% of cases the ICS are connected to the corporate network • Half the respondents use COTS within their ICS • Nobody declared to be victim of cyber-attacks in the past (but only 45% of respondents feels able to detect intrusions) • There is a general lack of knowledge on ICS security standards (64% of respondents do not know any, 83% do not adopt any) • Only 36% of stakeholders interviewed regularly perform ICS security tests (10% only can rely on a permanent testing environment) • Cryptography systems for front-end and field devices are hardly used (30%)
WP2 – T2.2: Develop Testing Methodology • Aims: to review the most widely used security testing methodologies and to develop a new one specific for the SCADALAB environment • Contributors: AEI Seguridad, INTECO, Telvent Energy, Zanasi & Partners
WP2 – T2.2: Develop Testing Methodology • At a preliminary stage, 11 existing testing methodologies (CPNI, US-CERT, ANSI/ISA, INL [2], DOE, NIST, LEET, CERT-CC, ISECOM, CCRA) were thoroughly analysed and rated based on their suitability for the SCADALAB project • Later on, the information gathered through the above task has been used as a basis to develop an entirely new testing methodology specific for the SCADALAB environment
WP2 – T2.2: Develop Testing Methodology The SCADA LAB environment is articulated in two principal areas: • Laboratory area (from where the security tests are run and controlled) • Test beds area (which physically contains the components of the various ICS test beds) The security requirements for both the laboratory area and the test beds area have been identified
WP2 – T2.2: Develop Testing Methodology Testing methodology - three phases: • Planning – Organisational level (set up the assessment team, sign NDAs, develop the test plan, collect information on the organisation) – Operational level (decide the proper type of assessment, establish a set of initial attack vectors, identify the assessment targets, elaborate a detailed plan of the testing) – Technician level (demand to the manager of the test bed the implementation of the needed technical requirements, identify/acquire required HW/SW, develop the security test inventory) • Assessment – Set up the lab (according to the target to assess and based on the test inventory available) – Execution (performing the test, which may involve: information gathering, network mapping, vulnerability identification, penetration testing) • Reporting – Calculating metrics (e.g., via Common Vulnerability Scoring Systems, CVSS) – Report of findings (technical report, executive report)
WP2 – T2.3: Develop Security Tests Inventory • Aims: to develop an inventory of security tests that can be performed during security analysis on ICS environments in the SCADALAB environment • Contributors: INTECO, TPF
WP2 – T2.3: Develop Security Tests Inventory Security tests (1/2): • Information gathering • Authentication mechanisms • Program logic flaws • Cryptographic flaws • Spoofing – – – Get information architecture Fingerprint and enumeration of host information Port scanning – – Password testing Session hijacking – – – – SQL injection Cross-Site Scripting (XSS) Buffer overflow Fuzz testing – Cold boot attacks on encryption keys – – MAC address spoofing IP address spoofing
WP2 – T2.3: Develop Security Tests Inventory Security tests (2/2): • Sniffing – Sniffing • Denial of service – – – – ICMP flood SYN flood Teardrop attacks Application DoS – – – – – – CAM table overflow VLAN hopping Private VLAN attacks Spanning tree manipulation DHCP starvation CISCO discovery protocol • Routing • IPv6 testing – IPv6 fake router advertisement – IPv6 gather information – IPv6 MITM attack – IPv6 address duplicate – IPv6 false CGA – IPv6 network saturation – Mobile IPv6 route spoofing
Questions? With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
WP 3 Design of Laboratory Architecture INTECO SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Content 1. Objectives / Aim of the activity 2. Expected results / outputs and deliverables  Requirements  SCADA LAB Design - Laboratory Area - Test Bed Area  Security Assessment 3. Conclusions
WP3/ Design of Laboratory Architecture • Participants: INTECO ZANASI & PARTNERS • Tasks: Summary TELVENT GLOBAL SERVICES TELVENT ENERGY – T3.1 / Identify requirements – T3.2 / Analyze requirements – T3.3 / Prepare high level design • Deliverables: – D3.1 System architectural design document – D3.2 Security Assessments • Time-frame: M4-M10 CNPIC
Objectives / Aim of the activity Goal  Carry out security assessments to remote Test Beds.  Design aligned with methodology.  Accomplish minimum set of requirements.
Objectives / Aim of the activity   Why? Stakeholders having their own Test Beds… … and carrying out their own security tests. Company A Company B Company C
Objectives / Aim of the activity Why?  Are these tests all you can do?   Has your staff needed knowledge?  Company A More tests = more tools = more € Contract expert security services = more €
Objectives / Aim of the activity Aim  SCADA Laboratory and test bed as a service for Critical Infrastructure protection.  We will have methodology and tools... You can use them.
Objectives / Aim of the activity Base design  First design based on methodology Test Beds Area Laboratory Area Test bed 1 Test Plan 1 Test bed 2 Test Plan 2 Test Plan N …
Expected results / outputs and deliverables: Requirements Initial Requirements 8 HIGH-LEVEL requirements: • • • • • • • • Production system. Hardware interface or integration Assessment system Monitoring system Results analysis system Distributed tests Isolated test beds Testing methodology 57 LOW-LEVEL requirements. • • • • Description. Priority. Area. Implementation guidance. REQUIREMENT 1.- ID 2.- Requirement name REQUIREMENT 3.- Priority 4.- Area 1.- ID 2.- level of the name has an REQUIREMENT 3.- Priority 4.- Area Each Requirement target entry point from R1.3 High Test beds where perform the tests. 1.- IDEach Requirement name 2.- level of the target has an REQUIREMENT 3.- Priority 4.- Area entry point from R1.3 High Test beds 1.-where performof the target ID 3.- Priority 4.- Area 5.- Description 2.- Requirement name has an REQUIREMENT Each level the tests. entry point from R1.3 High Test beds where perform of the target the tests. 1.- ID 2.- Requirement name has an REQUIREMENT 3.- Priority 4.- Area Each level entry point from 5.- Description R1.3 High Test beds The laboratory should communicate with every level of the scheme in an independent way. where2.- Requirement name perform the tests. REQUIREMENT 5.- Description 1.- ID 3.- Priority 4.- Area Each level of the target has an entry point from R1.3 High Test The laboratory should communicate with every level of the scheme in an independent way. beds where perform tests. 5.- DescriptionEach Requirement name 1.- ID 2.- level thethe target has an REQUIREMENT 3.- Priority 4.- Area of from IMPLEMENTATION of entry point in an independent way. The laboratory should communicate with every level the scheme R1.3 High Test beds where perform the tests. 5.- Description 2.- level of the name has an entry point from Each 1.- ID 3.- Priority IMPLEMENTATION The laboratory should Requirement target 6.- Implementation guidance communicate with every level of the scheme in an independent way. 4.- Area R1.3 High Test beds where perform tests. 5.- DescriptionEach level the the target has an entry point from IMPLEMENTATION of or virtual networks (one for way. of The laboratory should 6.- Implementation guidance communicate with every level The laboratory can connect to different networks, sub-networks, the scheme in an independent R1.3 High Test beds 5.- Description IMPLEMENTATION each level), from where carry where perform the tests. every level of the scheme in an independent way. 6.- Implementation guidance test to the target. The laboratoryout the communicate with should The laboratory can connect to different networks, sub-networks, or virtual networks (one for IMPLEMENTATION each 6.- Implementation guidance different networks, sub-networks, the scheme in an independent The5.- Description laboratory out 7.- Otherlevel), from where carry should communicate with every level of or virtual networks (one for way. Theconsiderations connect tothe test to the target. laboratory can IMPLEMENTATION Theconsiderations carry out the communicate with laboratory can to 7.-each level), from whereconnectshouldtest to networks, sub-networks, or virtual networks (one for Other6.- Implementation guidance different the target. If an agent installed Thethe test bed is used then it has toevery level of the links to these independent way. in laboratory have sufficient scheme in an each level), from where carry out the test to the target. IMPLEMENTATION 7.- Other considerations connect to The laboratory can connections. 6.- Implementation guidancedifferent networks, sub-networks, or virtual networks (one for If an agent installed in the test bed is used then it has to have sufficient links to these target. 7.- each level), from where carry out the test to theIMPLEMENTATION Other considerations The Implementation guidance connections. 6.-laboratory can test bed to different networks, to have sufficientvirtual to these (one for If an agent installed in the connect is used then it has sub-networks, or links networks each considerations connect to different the target. 7.- Otherlevel), from where carry out the test to networks, sub-networks, or virtual networks (one for The laboratory the connections. 6.- Implementation guidance used then it has to have sufficient links to these If an agent installed in can test bed is 7.-each level), from where carry out the test to networks, Other considerations connections.The laboratory can connect to different the target. sub-networks, or virtual networks (one for If an agent installed in the test bed is used then it has to have sufficient links to these 7.- Other considerations each connections. level), from where carry out the test to the target. If an agent installed in the test bed is used then it has to have sufficient links to these 7.- Other connections. installed in the test bed is used then it has to have sufficient links to these If an agent considerations connections. If an agent installed in the test bed is used then it has to have sufficient links to these connections.
Expected results / outputs and deliverables: Requirements LOW-LEVEL Requirements ID Description R1 Priority Production system R1.1 The control system shall be composed by control devices and field devices. R1.2 The architecture of the test bed shall be representative of a real ICS. R1.3 Each level of the target has an entry point from where perform the tests. R2 High High High Hardware interface or integration R2.1 The control devices shall communicate with usual control protocols. R3 High Assessment system R3.1 Automatized tests R3.2 Set of workstations physically accessible to the operators  And more… High High
Expected results / outputs and deliverables: SCADA LAB Design Global Design
Expected results / outputs and deliverables: SCADA LAB Design Laboratory Area
Expected results / outputs and deliverables: SCADA LAB Design Laboratory Area
Expected results / outputs and deliverables: SCADA LAB Design Laboratory Area
Expected results / outputs and deliverables: SCADA LAB Design Laboratory Area
Expected results / outputs and deliverables: SCADA LAB Design Laboratory Area
Expected results / outputs and deliverables: SCADA LAB Design Test Bed Area Really?
Expected results / outputs and deliverables: Security Assessment Security Assessment Sponsor 35
Conclusions 1. Based in their own methodology 2. Service for Critical Infrastructure Protection that: 1. 2. 3. 4. Complements other security services/tools Carries out remote tests (and local ones) Can be adapted to any kind of Test bed Is scalable
Questions? With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
WP 4&5 Laboratory Implementation Pilot Implementation and Experimentation TELVENT ENERGÍA SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Content 1. WP 4  Objectives • Development of work and outputs 2. WP 5  Objectives  Development of work and outputs  Next activities
WP4&WP5 WP3 DESIGN WP4 IMPLEMENTATION WP5 EXPERIMENTATION
WP4: Laboratory Implementation • Goal: The objective of this WP is the implementation of the SCADA LAB laboratory, according to the design and requirements defined in WP3 • Participants: Telvent Energy (co-leader), Telvent Global Services (co-leader), INTECO, CNPIC, AEI Seguridad. • Time-frame: February 2013 (M6) – December 2013 (M16) (ongoing)
WP4: Tasks • T4.1: Select infrastructures and communications  Equipment selection  Software selection  Facilities selection • T4.2: Integrate HW and SW in the facilities – Implementation
WP4 – T4.1: Select infrastructures and communications • Laboratory Area:  Open Vulnerability Assessment System (OpenVAS)  Other Tools: NMAP, NIKTO, SNMP, etc. • Test Bed Area:  Saitel DR Platform (RTU)  OASyS Platform (SCADA)
REMOTE CONECTION (VPN) WP4 – T4.2: Integrate HW and SW in the facilities INTECO HEADQUARTERS (LEON) SCADALAB LABORATORY TESTBED IMPLEMENTATION TELVENT ENERGY HEADQUARTERS (SEVILLE) SCADALAB TESTBED
WP5: Pilot Implementation and Experimentation • Goals: The objectives of this WP are:  The definition and implementation of the SCADA LAB pilot  The execution of the security tests  The analysis of the test results • Participants: Telvent Energy (leader), INTECO, CNPIC, Telvent Global Services. • Time-frame: October 2013 (M14) – April 2014 (M20) (ongoing)
WP5: Tasks • Tasks: o T5.1 Select the system to be analyzed as a pilot o T5.2 Pilot system installation o T5.3 Carry on tests over pilot system o T5.4 Analyze results
WP5 – T5.1 Select the system to be analyzed as a pilot
WP5 – Next Activities • Next Activities:  Pilot system installation  Carry on tests over pilot system  Analyze results
Questions? With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
WP6 Results Sharing and Test Bed Saas TELVENT GLOBAL SERVICES SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Content 1. Current situation 2. WP Objectives 3. Development of Work 4. Conclusions
Current Situation  We have the Testing Methodology  We have set up the Laboratory  We have built the SCADALAB Components  Server / Workstation / Agent  We have the stakeholders ready for security assessments…  What else do we need?
WP Objective and Description SCADALAB WP6!!! Objective! Build up a framework to share information and experiences between stakeholders  Identify the information sharing and remote test requirements and needs.  Define and Implement an Information Sharing framework  Define and Develop a Front-End SaaS Framework and a Front-End service
WP Objective and Description  Work Package participants: TGS Energy  Time-frame: February 2013 – December 2013
WP Activities Summary Activity #1: Identify information and Requirements Identify the information, requirements and all the real needs from the stakeholders regarding a Remote Security Test platform and a Sharing information framework Define a functional design according to the stakeholders needs Activity #2: Define the Information sharing framework Define the requirements for the Information Sharing framework Looking for synergies in results sharing methods and procedures and Integration between SCADALAB Front-End SaaS and other ICS security tools Activity #3: Define & Develop Front-End SaaS Framework Develop a Front-End which allows the management of the security assessments and integrate it with the Information Sharing framework. Implement the identified Front-End requirements and test the platform.
Activity 1: Identify information and Requirements  Objective: Identify the information which key users involved in ICS scenarios are ready to share (stakeholder, vendors, operators…) and the requirements for the SCADALAB Front-End.  Tasks performed:  Stakeholders identified and contacted (by the WP participants) coming from different countries.  Survey Creation  More than 60 questions  Questions grouped in different categories  Current Situation  Security Assessment Requests  Assessments Results and Sharing  Needs Identified  Needs and Desires
Activity 1: Identify information and Requirements  Tasks performed:  5 7 Survey Creation: Developed in PDF format (EC_SCADALAB_Security_Assessments_Questionnaire_Request.pdf)
Activity 1: Identify information and Requirements  Tasks performed:  Survey Creation: Developed by web-based survey
Activity 1: Identify information and Requirements  Tasks performed:  Organized sharing meetings and/or survey delivery to get the results  Analysis and conclusions of the gathered data.  Deliverables: based on the Survey results, “Requirements&Needs” documentation  Functional requirements  Technical requirements  Security requirements  Design requirements (EC_SCADALAB_Identified_Requirements.xlsx) (EC_SCADALAB_Security_Assessments_Questionnaire_Results_Evaluation.docx)
Activity 2: Define the Information sharing framework  Objective: Define the sharing information framework.  Based on the EU recommendations regarding the intend of complement existing test bed initiatives for CI protection between UE related projects. http://cloudcert.european-project.eu/project.php?lang=en Evaluate the integration looking for synergies in results sharing methods and procedures  CloudCERT is a cloud testbed for the coordination of Europe Critical Infrastructure Protection (CIP), which aim is to provide a testbed framework to integrate mechanisms for coordinating partnerships and stakeholder efforts to effectively exchange information related to CIP and their security aspects.  CloudCERT testbed ensure easy, simple information sharing for cooperation joint exercises, as well as a rapid and risk-free implementation in a real operational and collaborative environment.  CloudCERT test bed platform is an initiative coordinated by INTECO and some assets, knowledge and infrastructure can be reused in an efficient manner. SCADA Lab will complement the cooperation framework and will integrate the same exchange of information mechanisms.
Activity 2: Define the Information sharing framework http://cloudcert.european-project.eu/project.php?lang=en
Activity 2: Define the Information sharing framework  Expected Results:  Information Sharing Framework    Functional Definition, and Integration Requirements with CloudCERT Integration tests and functional documentation CloudCERT is co-financiated by the European Union (EU) following the specific program named "Prevention, Preparedness and Consequence Management of Terrorism and other Security-related risks", located within the "Security and Safeguarding Liberties" program.
Activity 3: Define & Develop Front-End SaaS Framework  Objective: Develop a Front-End SaaS Framework and a Front-End service   Based and adapted to their real needs, with functionalities and processes identified  Public and/or private access  Easy and secured results sharing methods   Useful tool for Stakeholders Integrated with the defined Information Sharing framework With the aim of…  …the management of the Security Evaluations and Results Information Sharing.
Activity 3: Define & Develop Front-End SaaS Framework  SCADALAB Front-End is being developed with best security practices in mind by itself and leveraging on Drupal's experience avoiding security threats such as cross-side scripting, SQL Injection, site impersonation and so on ....  Some of the functionalities and requirements that are being developed for the SCADALAB Front-End are:  Web Interface Multiplatform / Multilingual  Secure Access / Access Control  Users Management / Passwords Policy  Workflows Management  Different types of Assessment  Selection of the Assessment Target  Status of the Assessment  List of existing Assessment Requests
Activity 3: Define & Develop Front-End SaaS Framework
Conclusions Conclusions
Questions? With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
WP7 Training and awareness Europe for Business SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Content 1. WP Objectives 2. Description of work 3. Expected Results
1. Objective (1) What is the problem? There is insufficient knowledge sharing on SCADA security exercises, bringing stakeholders together, providing user groups forums and awareness sessions to potential beneficiaries.
1. Objective (2) Contribute to create a strong culture of security around SCADA systems.
2. Description of Work - Timetable WP7 has started during month 15, namely November 2013 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Training and Awareness T7.1 / Design training strategy T7.2 / Elaborate training materials T7.3 / Carry on Pilot Project T7.4 / Define awareness Plan T7.5 / Create awareness materials
T7.1 Design training strategy tasks Aims: Identify the training needs of different groups Contributors: E4Business, Seguridad, CNPIC INTECO, AEI
T7.2 Elaborate training materials tasks Aims: Create different training materials for different groups Contributors: E4Business, NISZ, INTECO, AEI Seguridad
T7.3 Carry on pilot training tasks Aims: Test that training strategy materials meet trainee needs and Contributors: E4Business, NISZ, INTECO, AEI Seguridad
T7.4 Define awareness plan tasks Aims: Identify the different groups awareness needs of Contributors: E4Business, NISZ, INTECO, AEI Seguridad, CNPIC
T7.5 Create awareness materials tasks Aims: Create different awareness materials for different groups Contributors: E4Business, NISZ, INTECO, AEI Seguridad
2. Target groups            Security Research Centres National Authorities End users CI Operators Methodology experts Security training professionals Independent security experts Foundations specialized on security technologies ICT security association of SMEs Dissemination experts Software integrators SCADA Providers.
Expected Results Through WP7 and WP8 SCADALAB results should reach the largest possible audience.  D7.1 Training: Definition of a SCADA course, 90 hours of training for public officials, 5 training manuals.  D7.2 Awareness: Holding a final conference, 3 research reports, 6 papers released.
Questions? With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
WP 8 Dissemination EVERIS SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Content 1. WP Objectives 2. Development of Work 3. Dissemination outputs
Objectives  To build awareness of the ScadaLab Project at both national and European.  To inform the stakeholders of the research findings.  To promote the results of the Project and the possibilities of a future exploitation.
Description of the Work Dissemination Strategy Audience Message - Primary: stakeholders - User requirements stage - Secondary: affected - R&D stages - Tertiary: influencers - Testing stage Market - Policy makers - Industries/SMEs - End users - EU R&D Community Channels - Oral communication channels: Symposiums, seminars, workshops. - Written communication channels: Website, newsletters, contributions to professional publications. Dissemination Activities
Dissemination Outputs Scadalab Website www.scadalab.eu
Dissemination Outputs Scadalab Social Network (I) Twitter general overview Linkedin general overview • User: @ScadaLabProject • User: ScadaLab Project • Group: ScadaLab Project – Open forum for stakeholders discussions
Dissemination Outputs Scadalab Social Network (II) Social networks management tool: Hootsuit – – – – Timeline Interactions Activity Search: #SCADA #cybersecurity and “Critical Infrastructures”
Dissemination Outputs ScadaLab events Madrid: 1st International Workshop - General Project Presentation Sevilla: 2nd International Workshop - Best Practices Brussels: Final Conference - Final results EU presentation
Questions? With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
Thank you With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs

More Related Content

PDF
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
PPTX
Mitigating worm attacks
bydkaya
 
PPT
Artificial neural network for misuse detection
byLikan Patra
 
PPT
DHS ICS Security Presentation
byguest85a34f
 
PPTX
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
byLastline, Inc.
 
PPTX
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
PDF
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
byijcsit
 
PPTX
SDN Analytics & Security
byScott Raynovich
 
SDN Security: Two Sides of the Same Coin
byZivaro Inc
 
Mitigating worm attacks
bydkaya
 
Artificial neural network for misuse detection
byLikan Patra
 
DHS ICS Security Presentation
byguest85a34f
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
byLastline, Inc.
 
Deep learning approach for network intrusion detection system
byAvinash Kumar
 
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...
byijcsit
 
SDN Analytics & Security
byScott Raynovich
 

What's hot

PPTX
Penentration testing
bytahreemsaleem
 
PDF
Man in the middle attacks on IEC 60870-5-104
bypgmaynard
 
PPTX
Master Serial Killer - DEF CON 22 - ICS Village
byChris Sistrunk
 
PPTX
Protecting Your DNP3 Networks
byChris Sistrunk
 
PPTX
Blackhat USA 2016 - What's the DFIRence for ICS?
byChris Sistrunk
 
PDF
Defcon through the_eyes_of_the_attacker_2018_slides
byMarina Krotofil
 
PPTX
A look at current cyberattacks in Ukraine
byKaspersky
 
PDF
Project in malware analysis:C2C
byFabrizio Farinacci
 
PDF
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
byarnaudsoullie
 
PPTX
Havex Deep Dive (English)
byDigital Bond
 
PPTX
Vulnerability Inheritance in ICS (English)
byDigital Bond
 
PDF
IDS - Fact, Challenges and Future
byamiable_indian
 
PPTX
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
byRadware
 
DOCX
SDN-Security
byParas Hematbhai Dudhatra
 
PPTX
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
byLastline, Inc.
 
PDF
Traceability Beyond Source Code: An Elusive Target?
byLionel Briand
 
PPTX
Sdn pres v2-Software-defined networks
byahmad abdelhafeez
 
PDF
Sdn&security
byCristiano Monteiro
 
PPT
Pptbb
byRohit Shukla
 
PDF
BlueHat v18 || Improving security posture through increased agility with meas...
byBlueHat Security Conference
 
Penentration testing
bytahreemsaleem
 
Man in the middle attacks on IEC 60870-5-104
bypgmaynard
 
Master Serial Killer - DEF CON 22 - ICS Village
byChris Sistrunk
 
Protecting Your DNP3 Networks
byChris Sistrunk
 
Blackhat USA 2016 - What's the DFIRence for ICS?
byChris Sistrunk
 
Defcon through the_eyes_of_the_attacker_2018_slides
byMarina Krotofil
 
A look at current cyberattacks in Ukraine
byKaspersky
 
Project in malware analysis:C2C
byFabrizio Farinacci
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
byarnaudsoullie
 
Havex Deep Dive (English)
byDigital Bond
 
Vulnerability Inheritance in ICS (English)
byDigital Bond
 
IDS - Fact, Challenges and Future
byamiable_indian
 
Radware DefenseFlow-The SDN Application That Programs Networks for DoS Security
byRadware
 
SDN-Security
byParas Hematbhai Dudhatra
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
byLastline, Inc.
 
Traceability Beyond Source Code: An Elusive Target?
byLionel Briand
 
Sdn pres v2-Software-defined networks
byahmad abdelhafeez
 
Sdn&security
byCristiano Monteiro
 
Pptbb
byRohit Shukla
 
BlueHat v18 || Improving security posture through increased agility with meas...
byBlueHat Security Conference
 

Viewers also liked

PPTX
Getting Beyond Bullet Points (images only)
byCraig Taylor
 
PDF
SEO Fantasy Draft
byWebiMax
 
PPT
Hustopeče
byHelen Grigoriadou
 
PPTX
Origen i evolució de l'univers
byslapafrasla
 
PPT
Komputarni shriftove
byfatmish
 
DOCX
Κοινωνία και οικονομία 6ος - 9ος αι.
byEvangelia Patera
 
PDF
AVO2 Nettikansa : sosiaalinen media järjestön organisoinnissa
byKari A. Hintikka
 
PDF
Slides of Cluana Webinar
bygvslideshare
 
PDF
Best i tekst 2016: Innhold og teknikk du trenger for å spre budskapet ditt
byMagnus Strømnes Bøe
 
PDF
Hotroad partners
byJoost d'Hooghe
 
PPS
2010 june secretary report
byKatja C. Seltmann
 
PDF
4 Creare E Inviare Una Newsletter Professionale
bymega-mail.net
 
PPTX
Effective Google Ad Writing
byTrafficInjectors
 
PPT
TBEX 2013 Toronto Creative Pitching for Experienced Travel Bloggers
byTBEX
 
PPTX
Home tutor Singapore,Singapore home tuition
byhousetutors
 
PDF
คณิต 50
bychugafull
 
PDF
2011 Chevrolet Silverado HD - Wheelers of Marshfield Chevrolet Dealer
byWheelers Marshfield
 
PPTX
Magazine Inspiration
byTaggar97
 
PDF
Job&voice presentazione
byNicolas Veneri Rodriguez
 
PPT
юнна мориц
byscalex
 
Getting Beyond Bullet Points (images only)
byCraig Taylor
 
SEO Fantasy Draft
byWebiMax
 
Hustopeče
byHelen Grigoriadou
 
Origen i evolució de l'univers
byslapafrasla
 
Komputarni shriftove
byfatmish
 
Κοινωνία και οικονομία 6ος - 9ος αι.
byEvangelia Patera
 
AVO2 Nettikansa : sosiaalinen media järjestön organisoinnissa
byKari A. Hintikka
 
Slides of Cluana Webinar
bygvslideshare
 
Best i tekst 2016: Innhold og teknikk du trenger for å spre budskapet ditt
byMagnus Strømnes Bøe
 
Hotroad partners
byJoost d'Hooghe
 
2010 june secretary report
byKatja C. Seltmann
 
4 Creare E Inviare Una Newsletter Professionale
bymega-mail.net
 
Effective Google Ad Writing
byTrafficInjectors
 
TBEX 2013 Toronto Creative Pitching for Experienced Travel Bloggers
byTBEX
 
Home tutor Singapore,Singapore home tuition
byhousetutors
 
คณิต 50
bychugafull
 
2011 Chevrolet Silverado HD - Wheelers of Marshfield Chevrolet Dealer
byWheelers Marshfield
 
Magazine Inspiration
byTaggar97
 
Job&voice presentazione
byNicolas Veneri Rodriguez
 
юнна мориц
byscalex
 

Similar to First SCADA LAB International Workshop

PPTX
Penetration testing dont just leave it to chance
byDr. Anish Cheriyan (PhD)
 
PPTX
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
byGilad Bandel
 
PDF
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
by📡 Sebastien Dudek
 
PPT
AMI Security 101 - Smart Grid Security East 2011
bydma1965
 
PDF
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
byMarcin Ludwiszewski
 
PDF
Scada Strangelove - 29c3
byqqlan
 
PPT
Test plan
byMahfuz1061
 
PPT
Cybersecurity for Control Systems: Current State and Future Vision pt.1
byEnergySec
 
PDF
Guide scada and_industrial_control_systems_security
byDeepakraj Sahu
 
DOCX
Crest Notes for crest cct xample. This note for exam and study guideguide
byNamHaBach1
 
PPT
Test plan
bySanjai San
 
PPT
Software Security Testing
bysrivinayak
 
PPTX
Third Party Security Testing for Advanced Metering Infrastructure Program
byEnergySec
 
PDF
ScadaLab Project
byJMBALBOA
 
DOC
Prasad_Meduri
byPrasad Meduri
 
PPT
How sophisticated penetration testers get through the defenses
byPhilippe A. R. Schaeffer
 
DOCX
CMIT 321 Executive Proposal ProjectThe purpose of this project i.docx
bymonicafrancis71118
 
PDF
Wiresless stack | software product testing
byMindteck (India) Limited
 
PPT
Pentesting hygt frde education of engi.ppt
byasranausheenasra
 
PDF
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
byChris Gates
 
Penetration testing dont just leave it to chance
byDr. Anish Cheriyan (PhD)
 
Automotive Cyber-Security Insights learned from IT and ICS/SCADA
byGilad Bandel
 
Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests
by📡 Sebastien Dudek
 
AMI Security 101 - Smart Grid Security East 2011
bydma1965
 
2020 11-15 marcin ludwiszewski - purple, red, blue and others - rainbow team...
byMarcin Ludwiszewski
 
Scada Strangelove - 29c3
byqqlan
 
Test plan
byMahfuz1061
 
Cybersecurity for Control Systems: Current State and Future Vision pt.1
byEnergySec
 
Guide scada and_industrial_control_systems_security
byDeepakraj Sahu
 
Crest Notes for crest cct xample. This note for exam and study guideguide
byNamHaBach1
 
Test plan
bySanjai San
 
Software Security Testing
bysrivinayak
 
Third Party Security Testing for Advanced Metering Infrastructure Program
byEnergySec
 
ScadaLab Project
byJMBALBOA
 
Prasad_Meduri
byPrasad Meduri
 
How sophisticated penetration testers get through the defenses
byPhilippe A. R. Schaeffer
 
CMIT 321 Executive Proposal ProjectThe purpose of this project i.docx
bymonicafrancis71118
 
Wiresless stack | software product testing
byMindteck (India) Limited
 
Pentesting hygt frde education of engi.ppt
byasranausheenasra
 
Adversarial Simulation Nickerson/Gates Wild West Hacking Fest Oct 2017
byChris Gates
 

Recently uploaded

PDF
Smart Cloud Solutions-Smart,Secure & Scalable
byfloydjsmith02
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PPTX
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PDF
What Is AI LXP and Why Enterprises Are Adopting It.pdf
byneuralminds4
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Smart Cloud Solutions-Smart,Secure & Scalable
byfloydjsmith02
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
What Is AI LXP and Why Enterprises Are Adopting It.pdf
byneuralminds4
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 

First SCADA LAB International Workshop

  • 1.
    1ST International ScadaLabWorkshop Madrid, 26th November 2013 SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 2.
    Agenda 10.00h: Registration &Welcome 10.30h: ScadaLab Project Presentation 11.30h: Coffee break 12.00h: ScadaLab Validation Exercise 12.45h: Related Projects Presentation 13.30h: Lunch 14.30h: Training Session 16.30h: Closure
  • 3.
    WP2 Definition of TestingMethodology Zanasi & Partners SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 4.
    Content 1. WP 2Introduction 2. Development of Work
  • 5.
    WP2: Definition ofTesting Methodology • Aims: to assess the users’ needs, to define the testing methodology to be adopted in the SCADALAB environment, and to elaborate an inventory of security tests to be performed • Participants: Zanasi & Partners (WP leader), AEI Seguridad, CNPIC, INTECO, Telvent Energy, Theodore Puskas Foundation • Time-frame: (21/9/2012 – 18/12/2012) M1-M3
  • 6.
    WP2: List ofTasks Three tasks: • T2.1: Initial Survey • T2.2: Develop Testing Methodology • T2.3: Develop Security Tests Inventory Three deliverables: • D2.1: Survey Report: Analysis of Questionnaires (+ annex: Questionnaire for Stakeholders) • D2.2: Testing Methodology • D2.3: Security Tests
  • 7.
    WP2 – T2.1:Initial Survey • Aims: to identify users’ needs and to assess stakeholders’ priorities for a SCADALAB environment • Contributors: AEI Seguridad, CNPIC, INTECO, Telvent Energy, Theodore Puskas Foundation, Zanasi & Partners
  • 8.
    WP2 – T2.1:Initial Survey 11 stakeholders were interviewed via written questionnaires The questionnaires aimed at collecting information on the profile of the respondent organisation, on its awareness about cyber-security risks, on its IT infrastructure and on its perceived security needs The questionnaires were Structured in 6 sections: • Organisation profile • Awareness • Architecture • Existing Threats • Security Controls • Identified Needs 8
  • 9.
    WP2 – T2.1:Initial Survey Main findings: • Most of the respondents (91%) perceive the problem of securing their ICS as sensitive • 64% of the organisations use ICS directly or indirectly connected to the public Internet. In 91% of cases the ICS are connected to the corporate network • Half the respondents use COTS within their ICS • Nobody declared to be victim of cyber-attacks in the past (but only 45% of respondents feels able to detect intrusions) • There is a general lack of knowledge on ICS security standards (64% of respondents do not know any, 83% do not adopt any) • Only 36% of stakeholders interviewed regularly perform ICS security tests (10% only can rely on a permanent testing environment) • Cryptography systems for front-end and field devices are hardly used (30%)
  • 10.
    WP2 – T2.2:Develop Testing Methodology • Aims: to review the most widely used security testing methodologies and to develop a new one specific for the SCADALAB environment • Contributors: AEI Seguridad, INTECO, Telvent Energy, Zanasi & Partners
  • 11.
    WP2 – T2.2:Develop Testing Methodology • At a preliminary stage, 11 existing testing methodologies (CPNI, US-CERT, ANSI/ISA, INL [2], DOE, NIST, LEET, CERT-CC, ISECOM, CCRA) were thoroughly analysed and rated based on their suitability for the SCADALAB project • Later on, the information gathered through the above task has been used as a basis to develop an entirely new testing methodology specific for the SCADALAB environment
  • 12.
    WP2 – T2.2:Develop Testing Methodology The SCADA LAB environment is articulated in two principal areas: • Laboratory area (from where the security tests are run and controlled) • Test beds area (which physically contains the components of the various ICS test beds) The security requirements for both the laboratory area and the test beds area have been identified
  • 13.
    WP2 – T2.2:Develop Testing Methodology Testing methodology - three phases: • Planning – Organisational level (set up the assessment team, sign NDAs, develop the test plan, collect information on the organisation) – Operational level (decide the proper type of assessment, establish a set of initial attack vectors, identify the assessment targets, elaborate a detailed plan of the testing) – Technician level (demand to the manager of the test bed the implementation of the needed technical requirements, identify/acquire required HW/SW, develop the security test inventory) • Assessment – Set up the lab (according to the target to assess and based on the test inventory available) – Execution (performing the test, which may involve: information gathering, network mapping, vulnerability identification, penetration testing) • Reporting – Calculating metrics (e.g., via Common Vulnerability Scoring Systems, CVSS) – Report of findings (technical report, executive report)
  • 14.
    WP2 – T2.3:Develop Security Tests Inventory • Aims: to develop an inventory of security tests that can be performed during security analysis on ICS environments in the SCADALAB environment • Contributors: INTECO, TPF
  • 15.
    WP2 – T2.3:Develop Security Tests Inventory Security tests (1/2): • Information gathering • Authentication mechanisms • Program logic flaws • Cryptographic flaws • Spoofing – – – Get information architecture Fingerprint and enumeration of host information Port scanning – – Password testing Session hijacking – – – – SQL injection Cross-Site Scripting (XSS) Buffer overflow Fuzz testing – Cold boot attacks on encryption keys – – MAC address spoofing IP address spoofing
  • 16.
    WP2 – T2.3:Develop Security Tests Inventory Security tests (2/2): • Sniffing – Sniffing • Denial of service – – – – ICMP flood SYN flood Teardrop attacks Application DoS – – – – – – CAM table overflow VLAN hopping Private VLAN attacks Spanning tree manipulation DHCP starvation CISCO discovery protocol • Routing • IPv6 testing – IPv6 fake router advertisement – IPv6 gather information – IPv6 MITM attack – IPv6 address duplicate – IPv6 false CGA – IPv6 network saturation – Mobile IPv6 route spoofing
  • 17.
    Questions? With the financialsupport of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 18.
    WP 3 Design ofLaboratory Architecture INTECO SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 19.
    Content 1. Objectives /Aim of the activity 2. Expected results / outputs and deliverables  Requirements  SCADA LAB Design - Laboratory Area - Test Bed Area  Security Assessment 3. Conclusions
  • 20.
    WP3/ Design ofLaboratory Architecture • Participants: INTECO ZANASI & PARTNERS • Tasks: Summary TELVENT GLOBAL SERVICES TELVENT ENERGY – T3.1 / Identify requirements – T3.2 / Analyze requirements – T3.3 / Prepare high level design • Deliverables: – D3.1 System architectural design document – D3.2 Security Assessments • Time-frame: M4-M10 CNPIC
  • 21.
    Objectives / Aimof the activity Goal  Carry out security assessments to remote Test Beds.  Design aligned with methodology.  Accomplish minimum set of requirements.
  • 22.
    Objectives / Aimof the activity   Why? Stakeholders having their own Test Beds… … and carrying out their own security tests. Company A Company B Company C
  • 23.
    Objectives / Aimof the activity Why?  Are these tests all you can do?   Has your staff needed knowledge?  Company A More tests = more tools = more € Contract expert security services = more €
  • 24.
    Objectives / Aimof the activity Aim  SCADA Laboratory and test bed as a service for Critical Infrastructure protection.  We will have methodology and tools... You can use them.
  • 25.
    Objectives / Aimof the activity Base design  First design based on methodology Test Beds Area Laboratory Area Test bed 1 Test Plan 1 Test bed 2 Test Plan 2 Test Plan N …
  • 26.
    Expected results /outputs and deliverables: Requirements Initial Requirements 8 HIGH-LEVEL requirements: • • • • • • • • Production system. Hardware interface or integration Assessment system Monitoring system Results analysis system Distributed tests Isolated test beds Testing methodology 57 LOW-LEVEL requirements. • • • • Description. Priority. Area. Implementation guidance. REQUIREMENT 1.- ID 2.- Requirement name REQUIREMENT 3.- Priority 4.- Area 1.- ID 2.- level of the name has an REQUIREMENT 3.- Priority 4.- Area Each Requirement target entry point from R1.3 High Test beds where perform the tests. 1.- IDEach Requirement name 2.- level of the target has an REQUIREMENT 3.- Priority 4.- Area entry point from R1.3 High Test beds 1.-where performof the target ID 3.- Priority 4.- Area 5.- Description 2.- Requirement name has an REQUIREMENT Each level the tests. entry point from R1.3 High Test beds where perform of the target the tests. 1.- ID 2.- Requirement name has an REQUIREMENT 3.- Priority 4.- Area Each level entry point from 5.- Description R1.3 High Test beds The laboratory should communicate with every level of the scheme in an independent way. where2.- Requirement name perform the tests. REQUIREMENT 5.- Description 1.- ID 3.- Priority 4.- Area Each level of the target has an entry point from R1.3 High Test The laboratory should communicate with every level of the scheme in an independent way. beds where perform tests. 5.- DescriptionEach Requirement name 1.- ID 2.- level thethe target has an REQUIREMENT 3.- Priority 4.- Area of from IMPLEMENTATION of entry point in an independent way. The laboratory should communicate with every level the scheme R1.3 High Test beds where perform the tests. 5.- Description 2.- level of the name has an entry point from Each 1.- ID 3.- Priority IMPLEMENTATION The laboratory should Requirement target 6.- Implementation guidance communicate with every level of the scheme in an independent way. 4.- Area R1.3 High Test beds where perform tests. 5.- DescriptionEach level the the target has an entry point from IMPLEMENTATION of or virtual networks (one for way. of The laboratory should 6.- Implementation guidance communicate with every level The laboratory can connect to different networks, sub-networks, the scheme in an independent R1.3 High Test beds 5.- Description IMPLEMENTATION each level), from where carry where perform the tests. every level of the scheme in an independent way. 6.- Implementation guidance test to the target. The laboratoryout the communicate with should The laboratory can connect to different networks, sub-networks, or virtual networks (one for IMPLEMENTATION each 6.- Implementation guidance different networks, sub-networks, the scheme in an independent The5.- Description laboratory out 7.- Otherlevel), from where carry should communicate with every level of or virtual networks (one for way. Theconsiderations connect tothe test to the target. laboratory can IMPLEMENTATION Theconsiderations carry out the communicate with laboratory can to 7.-each level), from whereconnectshouldtest to networks, sub-networks, or virtual networks (one for Other6.- Implementation guidance different the target. If an agent installed Thethe test bed is used then it has toevery level of the links to these independent way. in laboratory have sufficient scheme in an each level), from where carry out the test to the target. IMPLEMENTATION 7.- Other considerations connect to The laboratory can connections. 6.- Implementation guidancedifferent networks, sub-networks, or virtual networks (one for If an agent installed in the test bed is used then it has to have sufficient links to these target. 7.- each level), from where carry out the test to theIMPLEMENTATION Other considerations The Implementation guidance connections. 6.-laboratory can test bed to different networks, to have sufficientvirtual to these (one for If an agent installed in the connect is used then it has sub-networks, or links networks each considerations connect to different the target. 7.- Otherlevel), from where carry out the test to networks, sub-networks, or virtual networks (one for The laboratory the connections. 6.- Implementation guidance used then it has to have sufficient links to these If an agent installed in can test bed is 7.-each level), from where carry out the test to networks, Other considerations connections.The laboratory can connect to different the target. sub-networks, or virtual networks (one for If an agent installed in the test bed is used then it has to have sufficient links to these 7.- Other considerations each connections. level), from where carry out the test to the target. If an agent installed in the test bed is used then it has to have sufficient links to these 7.- Other connections. installed in the test bed is used then it has to have sufficient links to these If an agent considerations connections. If an agent installed in the test bed is used then it has to have sufficient links to these connections.
  • 27.
    Expected results /outputs and deliverables: Requirements LOW-LEVEL Requirements ID Description R1 Priority Production system R1.1 The control system shall be composed by control devices and field devices. R1.2 The architecture of the test bed shall be representative of a real ICS. R1.3 Each level of the target has an entry point from where perform the tests. R2 High High High Hardware interface or integration R2.1 The control devices shall communicate with usual control protocols. R3 High Assessment system R3.1 Automatized tests R3.2 Set of workstations physically accessible to the operators  And more… High High
  • 28.
    Expected results /outputs and deliverables: SCADA LAB Design Global Design
  • 29.
    Expected results /outputs and deliverables: SCADA LAB Design Laboratory Area
  • 30.
    Expected results /outputs and deliverables: SCADA LAB Design Laboratory Area
  • 31.
    Expected results /outputs and deliverables: SCADA LAB Design Laboratory Area
  • 32.
    Expected results /outputs and deliverables: SCADA LAB Design Laboratory Area
  • 33.
    Expected results /outputs and deliverables: SCADA LAB Design Laboratory Area
  • 34.
    Expected results /outputs and deliverables: SCADA LAB Design Test Bed Area Really?
  • 35.
    Expected results /outputs and deliverables: Security Assessment Security Assessment Sponsor 35
  • 36.
    Conclusions 1. Based intheir own methodology 2. Service for Critical Infrastructure Protection that: 1. 2. 3. 4. Complements other security services/tools Carries out remote tests (and local ones) Can be adapted to any kind of Test bed Is scalable
  • 37.
    Questions? With the financialsupport of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 38.
    WP 4&5 Laboratory Implementation PilotImplementation and Experimentation TELVENT ENERGÍA SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 39.
    Content 1. WP 4  Objectives • Developmentof work and outputs 2. WP 5  Objectives  Development of work and outputs  Next activities
  • 40.
  • 41.
    WP4: Laboratory Implementation •Goal: The objective of this WP is the implementation of the SCADA LAB laboratory, according to the design and requirements defined in WP3 • Participants: Telvent Energy (co-leader), Telvent Global Services (co-leader), INTECO, CNPIC, AEI Seguridad. • Time-frame: February 2013 (M6) – December 2013 (M16) (ongoing)
  • 42.
    WP4: Tasks • T4.1:Select infrastructures and communications  Equipment selection  Software selection  Facilities selection • T4.2: Integrate HW and SW in the facilities – Implementation
  • 43.
    WP4 – T4.1:Select infrastructures and communications • Laboratory Area:  Open Vulnerability Assessment System (OpenVAS)  Other Tools: NMAP, NIKTO, SNMP, etc. • Test Bed Area:  Saitel DR Platform (RTU)  OASyS Platform (SCADA)
  • 44.
    REMOTE CONECTION (VPN) WP4– T4.2: Integrate HW and SW in the facilities INTECO HEADQUARTERS (LEON) SCADALAB LABORATORY TESTBED IMPLEMENTATION TELVENT ENERGY HEADQUARTERS (SEVILLE) SCADALAB TESTBED
  • 45.
    WP5: Pilot Implementationand Experimentation • Goals: The objectives of this WP are:  The definition and implementation of the SCADA LAB pilot  The execution of the security tests  The analysis of the test results • Participants: Telvent Energy (leader), INTECO, CNPIC, Telvent Global Services. • Time-frame: October 2013 (M14) – April 2014 (M20) (ongoing)
  • 46.
    WP5: Tasks • Tasks: oT5.1 Select the system to be analyzed as a pilot o T5.2 Pilot system installation o T5.3 Carry on tests over pilot system o T5.4 Analyze results
  • 47.
    WP5 – T5.1Select the system to be analyzed as a pilot
  • 48.
    WP5 – NextActivities • Next Activities:  Pilot system installation  Carry on tests over pilot system  Analyze results
  • 49.
    Questions? With the financialsupport of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 50.
    WP6 Results Sharing andTest Bed Saas TELVENT GLOBAL SERVICES SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 51.
    Content 1. Current situation 2.WP Objectives 3. Development of Work 4. Conclusions
  • 52.
    Current Situation  We havethe Testing Methodology  We have set up the Laboratory  We have built the SCADALAB Components  Server / Workstation / Agent  We have the stakeholders ready for security assessments…  What else do we need?
  • 53.
    WP Objective andDescription SCADALAB WP6!!! Objective! Build up a framework to share information and experiences between stakeholders  Identify the information sharing and remote test requirements and needs.  Define and Implement an Information Sharing framework  Define and Develop a Front-End SaaS Framework and a Front-End service
  • 54.
    WP Objective andDescription  Work Package participants: TGS Energy  Time-frame: February 2013 – December 2013
  • 55.
    WP Activities Summary Activity#1: Identify information and Requirements Identify the information, requirements and all the real needs from the stakeholders regarding a Remote Security Test platform and a Sharing information framework Define a functional design according to the stakeholders needs Activity #2: Define the Information sharing framework Define the requirements for the Information Sharing framework Looking for synergies in results sharing methods and procedures and Integration between SCADALAB Front-End SaaS and other ICS security tools Activity #3: Define & Develop Front-End SaaS Framework Develop a Front-End which allows the management of the security assessments and integrate it with the Information Sharing framework. Implement the identified Front-End requirements and test the platform.
  • 56.
    Activity 1: Identifyinformation and Requirements  Objective: Identify the information which key users involved in ICS scenarios are ready to share (stakeholder, vendors, operators…) and the requirements for the SCADALAB Front-End.  Tasks performed:  Stakeholders identified and contacted (by the WP participants) coming from different countries.  Survey Creation  More than 60 questions  Questions grouped in different categories  Current Situation  Security Assessment Requests  Assessments Results and Sharing  Needs Identified  Needs and Desires
  • 57.
    Activity 1: Identifyinformation and Requirements  Tasks performed:  5 7 Survey Creation: Developed in PDF format (EC_SCADALAB_Security_Assessments_Questionnaire_Request.pdf)
  • 58.
    Activity 1: Identifyinformation and Requirements  Tasks performed:  Survey Creation: Developed by web-based survey
  • 59.
    Activity 1: Identifyinformation and Requirements  Tasks performed:  Organized sharing meetings and/or survey delivery to get the results  Analysis and conclusions of the gathered data.  Deliverables: based on the Survey results, “Requirements&Needs” documentation  Functional requirements  Technical requirements  Security requirements  Design requirements (EC_SCADALAB_Identified_Requirements.xlsx) (EC_SCADALAB_Security_Assessments_Questionnaire_Results_Evaluation.docx)
  • 60.
    Activity 2: Definethe Information sharing framework  Objective: Define the sharing information framework.  Based on the EU recommendations regarding the intend of complement existing test bed initiatives for CI protection between UE related projects. http://cloudcert.european-project.eu/project.php?lang=en Evaluate the integration looking for synergies in results sharing methods and procedures  CloudCERT is a cloud testbed for the coordination of Europe Critical Infrastructure Protection (CIP), which aim is to provide a testbed framework to integrate mechanisms for coordinating partnerships and stakeholder efforts to effectively exchange information related to CIP and their security aspects.  CloudCERT testbed ensure easy, simple information sharing for cooperation joint exercises, as well as a rapid and risk-free implementation in a real operational and collaborative environment.  CloudCERT test bed platform is an initiative coordinated by INTECO and some assets, knowledge and infrastructure can be reused in an efficient manner. SCADA Lab will complement the cooperation framework and will integrate the same exchange of information mechanisms.
  • 61.
    Activity 2: Definethe Information sharing framework http://cloudcert.european-project.eu/project.php?lang=en
  • 62.
    Activity 2: Definethe Information sharing framework  Expected Results:  Information Sharing Framework    Functional Definition, and Integration Requirements with CloudCERT Integration tests and functional documentation CloudCERT is co-financiated by the European Union (EU) following the specific program named "Prevention, Preparedness and Consequence Management of Terrorism and other Security-related risks", located within the "Security and Safeguarding Liberties" program.
  • 63.
    Activity 3: Define& Develop Front-End SaaS Framework  Objective: Develop a Front-End SaaS Framework and a Front-End service   Based and adapted to their real needs, with functionalities and processes identified  Public and/or private access  Easy and secured results sharing methods   Useful tool for Stakeholders Integrated with the defined Information Sharing framework With the aim of…  …the management of the Security Evaluations and Results Information Sharing.
  • 64.
    Activity 3: Define& Develop Front-End SaaS Framework  SCADALAB Front-End is being developed with best security practices in mind by itself and leveraging on Drupal's experience avoiding security threats such as cross-side scripting, SQL Injection, site impersonation and so on ....  Some of the functionalities and requirements that are being developed for the SCADALAB Front-End are:  Web Interface Multiplatform / Multilingual  Secure Access / Access Control  Users Management / Passwords Policy  Workflows Management  Different types of Assessment  Selection of the Assessment Target  Status of the Assessment  List of existing Assessment Requests
  • 65.
    Activity 3: Define& Develop Front-End SaaS Framework
  • 66.
  • 67.
    Questions? With the financialsupport of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 68.
    WP7 Training and awareness Europefor Business SCADA Laboratory and testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 69.
    Content 1. WP Objectives 2.Description of work 3. Expected Results
  • 70.
    1. Objective (1) Whatis the problem? There is insufficient knowledge sharing on SCADA security exercises, bringing stakeholders together, providing user groups forums and awareness sessions to potential beneficiaries.
  • 71.
    1. Objective (2) Contributeto create a strong culture of security around SCADA systems.
  • 72.
    2. Description ofWork - Timetable WP7 has started during month 15, namely November 2013 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Training and Awareness T7.1 / Design training strategy T7.2 / Elaborate training materials T7.3 / Carry on Pilot Project T7.4 / Define awareness Plan T7.5 / Create awareness materials
  • 73.
    T7.1 Design trainingstrategy tasks Aims: Identify the training needs of different groups Contributors: E4Business, Seguridad, CNPIC INTECO, AEI
  • 74.
    T7.2 Elaborate trainingmaterials tasks Aims: Create different training materials for different groups Contributors: E4Business, NISZ, INTECO, AEI Seguridad
  • 75.
    T7.3 Carry on pilottraining tasks Aims: Test that training strategy materials meet trainee needs and Contributors: E4Business, NISZ, INTECO, AEI Seguridad
  • 76.
    T7.4 Define awareness plan tasks Aims:Identify the different groups awareness needs of Contributors: E4Business, NISZ, INTECO, AEI Seguridad, CNPIC
  • 77.
    T7.5 Create awareness materials tasks Aims:Create different awareness materials for different groups Contributors: E4Business, NISZ, INTECO, AEI Seguridad
  • 78.
    2. Target groups            SecurityResearch Centres National Authorities End users CI Operators Methodology experts Security training professionals Independent security experts Foundations specialized on security technologies ICT security association of SMEs Dissemination experts Software integrators SCADA Providers.
  • 79.
    Expected Results Through WP7and WP8 SCADALAB results should reach the largest possible audience.  D7.1 Training: Definition of a SCADA course, 90 hours of training for public officials, 5 training manuals.  D7.2 Awareness: Holding a final conference, 3 research reports, 6 papers released.
  • 80.
    Questions? With the financialsupport of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 81.
    WP 8 Dissemination EVERIS SCADA Laboratoryand testbed as a service for Critical Infrastructure protection With the financial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 82.
    Content 1. WP Objectives 2.Development of Work 3. Dissemination outputs
  • 83.
    Objectives  To build awarenessof the ScadaLab Project at both national and European.  To inform the stakeholders of the research findings.  To promote the results of the Project and the possibilities of a future exploitation.
  • 84.
    Description of theWork Dissemination Strategy Audience Message - Primary: stakeholders - User requirements stage - Secondary: affected - R&D stages - Tertiary: influencers - Testing stage Market - Policy makers - Industries/SMEs - End users - EU R&D Community Channels - Oral communication channels: Symposiums, seminars, workshops. - Written communication channels: Website, newsletters, contributions to professional publications. Dissemination Activities
  • 85.
  • 86.
    Dissemination Outputs Scadalab SocialNetwork (I) Twitter general overview Linkedin general overview • User: @ScadaLabProject • User: ScadaLab Project • Group: ScadaLab Project – Open forum for stakeholders discussions
  • 87.
    Dissemination Outputs Scadalab SocialNetwork (II) Social networks management tool: Hootsuit – – – – Timeline Interactions Activity Search: #SCADA #cybersecurity and “Critical Infrastructures”
  • 88.
    Dissemination Outputs ScadaLab events Madrid:1st International Workshop - General Project Presentation Sevilla: 2nd International Workshop - Best Practices Brussels: Final Conference - Final results EU presentation
  • 89.
    Questions? With the financialsupport of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs
  • 90.
    Thank you With thefinancial support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security-related Risks Programme. European Commission - Directorate-General Home Affairs