This document summarizes a tutorial on automation security given by Jason Stamp of Sandia National Laboratories. It discusses vulnerabilities in automation systems like SCADA systems used for infrastructure, and the need for improved security administration practices like implementing security policies, plans, and assessments. The tutorial covers threats to these systems from outsiders, insiders and cyber terrorists and strategies for developing more sustainable security through areas like security policy, plans, implementation guidance and auditing.
8. Po
l
icy
The PCS has no specific documented security policy or security
plan. This key vulnerability
generate
s the proliferation of
procedural and technical vulnerabilities.
9. The PCS often has no specific
or
documented security plan.
Implementation g
uides for equipment and systems are usually
absent
or deficient
.
There are no administrative mechanisms for security
enforcement in the system lifecycle.
10. Procedures
Security audits are rarely performed, if at all.
Training
There is neither formal security traini
ng nor official documented
security procedures.
11. Configuration
Management
Usually, t
here
is
no formal configuration management and no
official
ly
documented procedures. Hence, there are neither
formal requirements, nor a consistent approach
for
configurati
on management.
76. SCADA Remote Site
•
SCADA Topology Model
•
Telemetry Database
•
History Logging
•
Alarm System
•
Load Shedding List
Data Acquisition User
Terminal
-
MMI/HMI
GIS
Management System
Billing System
Meter Reader
Other Admin Functions
l
a
t
i
g
i
d
RTU 2
RTU 3
RTU 4
RTU n
RTU 1
RTU 2
RTU 1
Category
77. Vulnerability
Minimal data flow control is employed (e.g. minimal use of
ac
cess
control lists
,
virtual private networks, or virtual LANs
).
Configurations are not stored or backed up for network devices.
Passwords are not encrypted in transit.
Passwords exist indefinitely on network devices.
Passwords on devices are shared
.
Administration
Minimal administrative access controls are applied.
There is inadequate physical protection of network equipment.
Hardware
Non
-
critical personnel have physical access to equipment.
No security perimeter has been defined for the system tha
t
defines access points which must be secured.
Firewalls are nonexistent or poorly configured at interfaces to
78. external (non
-
PCS) networks.
Perimeter
PCS networks are used for non
-
PCS traffic.
Firewall and router logs are neither collected
nor examined.
Monitoring &
Logging
There is no security monitoring on the PCS network.
Critical monitoring and control paths are unidentified,
complicating redundancy or contingency plans.
Link Security
PCS connections over vulnerable links are not protected with
encrypt
ion.
Authentication for remote access is substandard or nonexistent.
Remote Access
Remote access into the PCS network utilizes shared passwords
and shared accounts.
Wireless
Connections
79. Wireless LAN technology used in the PCS network without
strong a
uthentication and/or data protection between clients and
access points.
Category
Vulnera
bility
OS security patches are not maintained.
Configurations are not stored or backed up for important
platforms, including IEDs.
Default OS configurations are utilized, which enables insecure
and unnecessary services.
Passwords are
often stored in plain sight near critical systems.
Power
-
on and screen saver passwords are not utilized.
Passwords are not encrypted in transit.
Passwords exist indefinitely on platforms.
Passwords on devices are shared.
There are no time limi
t,
character length, or character type
80. requirements for the passwords
.
Minimal administrative access controls are applied.
Administration
Users have administrator privileges.
There is inadequate physical protection of critical platforms.
Non
-
critical personn
el have physical access to equipment.
Hardware
Dial
-
up access exists on individual workstations within the
SCADA network.
Monitoring &
Logging
System logs are neither collected nor examined.
Malware
protection
Virus checking software is
un
installed,
un
used, or
82. Intranet
Extranet
Adversary Levels
Organized
Crime / Cyber
Terrorist
Foreign
Intelligence
Hacker
Coalition
Hacker
Novice
Sophistication
Adversary Levels
Organized
Crime / Cyber
Organized
Crime / Cyber
Terrorist
Foreign
Intelligence
Foreign
Intelligence
Hacker
Coalition
Hacker
Novice
Sophistication
Adversary Levels
Sophistication
Physical Access
Only
Some Knowledge No
Authorized Access
Basic User
Power User, No Special
83. Privileges
Operator Knowledge
with Privileges
Domain Knowledge
with Privileges
Full Design
Knowledge, Full
Privileges
Sensor
Infrastructure
System
monitored by
monitors
monitored by
monitors
monitored by
monitors
monitored by
monitors
controls
controlled by
controls
controlled by
Actuator
Field I/O
produced by
produces
produced by
produces
triggered by
triggers
triggered by
triggers
Operator
Visual & Auditory
Representation of
84. Status
sampled by
samples
sampled by
samples
generated by
generates
generated by
generates
Status Data
Field Points
Local Automated
Control
Command Data
Field Points
produces
produced by
produces
produced by
sent to
processes
sent to
processes
analyzes
analyzed by
analyzes
analyzed by
generated by
generates
generated by
generates
System
Management
Functions
aggregates
aggregated
85. aggregates
aggregated
generated by
generates
generated by
generates
monitors
monitored by
monitors
monitored by
commands
commanded by
commands
commanded by
generates
generated by
generates
generated by
Operational
System Model
Oversight Entity or
Other SCADA System
monitors
monitored by
monitors
monitored by
initiates
initiated by
initiates
initiated by
Field
Technician
calls
calls
calls
calls
86. analyzes
analyzed by
analyzes
analyzed by
System Status
Data
Historical
Status Data
updates
updated by
updates
updated by
HMI
Contingency
Planer
Business
Objectives
influenced by
influences
influenced by
influences
I/O Controller
Historian
State
Estimator
analyzes
analyzed by
analyzes
analyzed by
System
-
wide
Automated
Control
generated by
generates
87. generated by
generates
Protective Relaying
(safety)
analyzes
analyzed by
analyzes
analyzed by
monitors
monitored by
monitors
monitored by
Exported
Data
Imported
Data
contributes to
contains subset of
contributes to
contains subset of
contributes to
contains subset of
contributes to
contains subset of
received from
provides
received from
provides
analyzes
analyzed by
analyzes
analyzed by
Stability Systems
(reliability)
Wide Area
Protection
88. Automatic
Generation Control
Regional Control
Signal
acts upon
influences
acts upon
influences
generates
generated by
generates
generated by
calls
calls
calls
calls
SCADA Field Equipment
System and Plant Control Centers
Automation
Oversight
Infrastructure
Equipment
Alarm System
Local Process
Control
Plant Process
Control
Sensors/Relays
RTU 2
RTU 3
RTU 4
RTU n
Sensors/Relays
Sensors/Relays
Sensors/Relays
Sensors/Relays
89. Sensors/Relays
RTU 1
Internet
Sensors/Relays
RTU 2
RTU 3
RTU 4
RTU n
Sensors/Relays
Sensors/Relays
Sensors/Relays
Sensors/Relays
Sensors/Relays
RTU 1
Internet
Sensors/Relays
Master
Station
(Mainframe)
LAN
Microwave
Fiber
Radio
PSTN
l
a
t
i
g
i
d
RTU 2
RTU 3
RTU 4
RTU n
Sensors/Relays
91. User Terminal
User Terminal
User Terminal
Control Center
Remote Sites
Modem
RTU 1
Assignment Definition:
Use the data model designed in Week 2. This data model will be
reviewed and taken from the conceptual model to logical and
physical model status.
Make sure you define the following:
1. Select database management system (Oracle, SQL Server,
MYSQL, etc) and identify the data types and sizes for all
attributes.
2. Make sure all relationships have been addressed and
corrected.
3. Review data model to make sure data model is in at least 3rd
normal form (as defined by the normalization process).