SlideShare une entreprise Scribd logo

Scada assessment case study

Network Intelligence India
Network Intelligence India
Technologie
1  sur  7
SCADA ASSESSMENT CASE STUDY From
SCADA Assessment – Case Study NOTICE This document contains information which is the intellectual property of Network Intelligence (India) Pvt. Ltd. (also called NII Consulting). This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of NII. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. NII disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of NII; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of NII. NII retains the right to make changes to this document at any time without notice. NII makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. COPYRIGHT Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting is a registered trademark of Network Intelligence India Pvt. Ltd. TRADEMARKS Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Name K. K. Mookhey Title Principal Consultant Company Network Intelligence (India) Pvt. Ltd. Address 204 Eco Space, Off Old Nagardas Road, Andheri (East), Mumbai 400069 E – Mail kkmookhey@niiconsulting.com ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study 1 Background Recently, we were assigned to perform network assessment of the SCADA Network for one of our clients. This case study outlines a brief introduction to SCADA, the sort of assessment we carried out, and typical vulnerabilities that can be found on SCADA systems 2 SCADA (Supervisory Control And Data Acquisition): It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based as described below:  Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.  Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind Farms, civil defense siren systems, and large communication systems.  Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption. Common system components:- A SCADA's System usually consists of the following subsystems:  A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.  A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.  Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.  Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.  Communication infrastructure connecting the supervisory system to the Remote Terminal Units. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study SCADA Server / Control Centre Architecture Web Server RAID server SCADA DWeZones UPS Logger /EMS Firewall DMZ Workstation ISR NMS Zone Monit Printer SERVER oring Consoles GPS system S SERVERS SERVERS System (B&W) Syste Printer with Dual Rack Switch m Monitors (Colou r) ICCP Archival Development NID Server(PDS) Communication Server (N/W Intrusion SERVERS ROUTERS VIDEO Detection PROJECTION System) To other SYSTEM To Backup zones location of the site. The main subsystems are: 1. SCADA/EMS Subsystem 2. Inter-Site Communication ICCP Subsystem 3. Web Subsystem and the Security Infrastructure 4. ISR Subsystem (HIS) 5. Archive Subsystem 6. Network Management Subsystem 7. Video Projection System (VPS) 8. Development Subsystem 9. User Interface (UI) Subsystem 10. GPS Time & Frequency Subsystem 11. WAN Subsystem 12. LAN Subsystem 13. Peripheral Devices SCADA/EMS Subsystem: Carries out the SCADA processing and the EMS calculations, feeds the historical information server, sends the data to the operator Consoles. The SCADA functions are Data Acquisition, Data processing, Alarm, and Tagging. EMS functions are Network Status Processor, Optimal Power Flow, Contingency Analysis, Security enhancement and Voltage VAR dispatch. Inter-Site Communication ICCP Subsystem: The inter-site communication (or OAG -Open Access Gateway) subsystem, handles the communication with different (sites) zones of the client using the different communication protocols. The one zone (site) communicates to the other zones systems using the standard IEC870-6 (TASE.2)/ICCP protocol. It interfaces with the SCADA/EMS servers on ISD protocol. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study Web Subsystem and the Security Infrastructure: The DMZ web subsystem is implemented with the SCADA/EMS server at site. Remote users can access the real-time data and displays through the DMZ web servers. Remote access is provided with appropriate permission and authorization mechanisms. The Web Access area is isolated by two Firewalls. The Web access system consists of Web server, Mail server and Data Replica Server. ISR Subsystem (HIS): The Information Storage and Retrieval subsystem stores user-defined data and events into the ORACLE-based historic database. The ISR system will store:  Real time database snapshot, storage and playback  Historical Information  SOE data  Alarm message log  Storage of files Archive Subsystem: The Archive subsystem provides centralized storage for whole system’s data. The Archive subsystem consists of an archive server and a tape autoloader to archive the information such as ISR data, Save cases, Source code files, System Backup (for restore) etc. Network Management Subsystem: The Network Management system monitors the interfaces to the SCADA/EMS servers, workstations, devices, and all SCADA/EMS gateway and routers and gathers performance statistics like resource utilisation. Video Projection System (VPS): VPS is a big display device with 8 segments of 67 inches size each. VPS is driven through a PC installed in its wall and connected on dual LAN Development Subsystem: Development System provides complete autonomous environment for future program development, application building, testing, and system integration, etc. for the system. User Interface (UI) Subsystem: The User Interface (UI) subsystem composed of workstation consoles with graphic cards to drive multiple monitors. GPS Time & Frequency Subsystem: The Time & Frequency subsystem (TFS) captures the GPS time and power system frequency, and synchronizes the time of all the servers and workstations via the LAN, using the standard Network Time Protocol (NTP). WAN Subsystem: The Wide Area Network (WAN) subsystem for connecting Main site and other sites comprises of routers and Modems and wide band communication link from ISP Network. Two Routers are installed in each zone for providing 2 Mbps (redundant) and 64 kbps Link. The main and backup sites are connected to each other through 2 Mbps channels. LAN Subsystem: The SCADA/EMS Local Area Network (LAN) subsystem provides the inter-connection of all the servers, workstations, and peripherals. LAN is formed with redundant standard Ethernet switches. Peripheral Devices: Loggers, Laser printers & Colour Video Copiers. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study 3 Network Assessment Tools used for Assessment: Auditpro (in-house developed Auditing tool), NMAP, Nessus, Super scan, Initial Phase: Prior to the assessment we tried to get maximum information of SCADA from the vendor. We gathered the following information:  2 SCADA applications (Vendor A and Vendor B) were being used on different sites (zones) of the client’s network.  Vendor A’s tech support and Vendor B’s tech support were maintaining the individual site (Zone) of the client.  Vendor A’s SCADA applications were installed on Solaris OS. Oracle was being used as backend database.  Vendor A’s SCADA software was almost obsolete. There were no patches available for the SCADA software and underlying OS. Vendor A was about to withdraw the support for SCADA in the year 2011.  AREAVA’s SCADA applications were installed on the windows 2003 servers and Open VMS operating systems.  Vendor B’s SCADA applications were using its own proprietary database known as DB431.  Also, Client were using Oracle as database for some additional applications connected to the SCADA network.  A previously conducted Vulnerability Assessment by a different consulting firm on the SCADA Servers has resulted in the SCADA servers crashing during the port scanning stage itself. Armed with the above information, we proceeded to perform the vulnerability assessment first on the test environment of the SCADA (Vendor A’s SCADA product). This was completed successfully without any SCADA server crash. The results were emailed to Vendor A’s tech support and IT representatives of the customer. We then proceeded for the actual assessment. Vulnerabilities discovered The following vulnerabilities were discovered  All the operating systems were in a default configuration without any hardening having been done to the extent that: o Many vulnerable services i.e. echo, daytime, finger were found running on the Windows and Solaris Operating Systems. o Vulnerable services like telnet, BOOTP, source routing, SNMPv2 with default community string public and private were found on the network devices. o Oracle Databases were also not hardened for example we found scott, system user had been given full administrative privilege on database server. o No Patches had been applied on any of the systems ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study o Older IOS/Firmware were being used on the network devices i.e. router, switches, firewall. o No password policy was defined for the SCADA Network. o Administrator credentials of SCADA servers were commonly being shared with all users. o Password being used for administrative accounts on Windows servers and databases, network devices were easily guessable. Network Segregation or the Lack of it  Some SCADA Servers were exposed to public network.  No VLAN was segregation was found.  The bridge connecting the SCADA network to the TCP/IP network was weakly configured – essentially in its default state Other side-effects During the assessment, the Nmap scan completed successfully. However, when we started with Nessus scans the SCADA applications crashed twice. Thankfully, there were redundant servers available for the crashed servers due to which no severe /major incident taken placed. But this showed that simply running a scan is enough to bring SCADA systems to their knees. 4 Root Cause Problems 1. SCADA systems are highly expensive and very mission-critical. Therefore, they are not tweaked or hardened once they’re up and running 2. SCADA systems are thought to be obscure – since no one knows how they work, no one is going to mess around with them, so why bother securing them 3. SCADA systems are thought to be isolated – but this has been shown to be false multiple times. Many SCADA systems are inter-connected to the corporate TCP/IP network or other TCP/IP networks opening them up to the same issues 4. SCADA vendors don’t bother with security. Once a multi-million dollars system is up and running it is just left as it is. So whether it is the Siemens network being attacked by the Stuxnet worm or others, SCADA systems are highly vulnerable due to vendor apathy 5 Conclusion SCADA systems should be treated as highly vulnerable and can be the target of an attack. SCADA attacks are moving out of the realm of science fiction movies and are very much a reality today. Yet organizations continue to adopt a lax stance towards securing SCADA networks. The very first step should be to conduct a thorough assessment of these systems. This has to be done with care since these systems turn out to be highly susceptible to attacks. Stuxnet is a major wake up call to all organizations who thought SCADA systems would never come under attack. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com

Recommandé

Border security using wireless integrated network sensors(wins)
Border security using wireless integrated network sensors(wins)Border security using wireless integrated network sensors(wins)
Border security using wireless integrated network sensors(wins)PRADEEP Cheekatla
 
Proximity sensors
Proximity sensorsProximity sensors
Proximity sensorsRoopak Ramanarayanan
 
sensors (It`s type)
sensors (It`s type)sensors (It`s type)
sensors (It`s type)Narendra Bhandava
 
Wireless SCADA Data Communications
Wireless SCADA Data CommunicationsWireless SCADA Data Communications
Wireless SCADA Data CommunicationsDaniel Ehrenreich
 
Inductive proximity sensor
Inductive proximity sensorInductive proximity sensor
Inductive proximity sensorAkmal Hakim
 
Ese570 mos theory_p206
Ese570 mos theory_p206Ese570 mos theory_p206
Ese570 mos theory_p206bheemsain
 
Forced sensor (Sensor)
Forced sensor (Sensor) Forced sensor (Sensor)
Forced sensor (Sensor)Yashwant Srikrishnan
 
SCADA of the Future
SCADA of the FutureSCADA of the Future
SCADA of the FutureSchneider Electric
 

Recommandé

Border security using wireless integrated network sensors(wins)
Border security using wireless integrated network sensors(wins)Border security using wireless integrated network sensors(wins)
Border security using wireless integrated network sensors(wins)PRADEEP Cheekatla
 
Proximity sensors
Proximity sensorsProximity sensors
Proximity sensorsRoopak Ramanarayanan
 
sensors (It`s type)
sensors (It`s type)sensors (It`s type)
sensors (It`s type)Narendra Bhandava
 
Wireless SCADA Data Communications
Wireless SCADA Data CommunicationsWireless SCADA Data Communications
Wireless SCADA Data CommunicationsDaniel Ehrenreich
 
Inductive proximity sensor
Inductive proximity sensorInductive proximity sensor
Inductive proximity sensorAkmal Hakim
 
Ese570 mos theory_p206
Ese570 mos theory_p206Ese570 mos theory_p206
Ese570 mos theory_p206bheemsain
 
Forced sensor (Sensor)
Forced sensor (Sensor) Forced sensor (Sensor)
Forced sensor (Sensor)Yashwant Srikrishnan
 
SCADA of the Future
SCADA of the FutureSCADA of the Future
SCADA of the FutureSchneider Electric
 
Underwater sensor network
Underwater sensor networkUnderwater sensor network
Underwater sensor networkfrestoadi
 
New Approach for Intelligent Motor Control Centers
New Approach for Intelligent Motor Control CentersNew Approach for Intelligent Motor Control Centers
New Approach for Intelligent Motor Control CentersSchneider Electric
 
Strain Gauges
Strain GaugesStrain Gauges
Strain Gaugesprashantborakhede1
 
Inrush current reduction in three phase power transformer by using prefluxing...
Inrush current reduction in three phase power transformer by using prefluxing...Inrush current reduction in three phase power transformer by using prefluxing...
Inrush current reduction in three phase power transformer by using prefluxing...IAEME Publication
 
Pressure sensor Measurement
Pressure sensor Measurement Pressure sensor Measurement
Pressure sensor Measurement marcoReud
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
MOS as Diode, Switch and Active Resistor
MOS as Diode, Switch and Active ResistorMOS as Diode, Switch and Active Resistor
MOS as Diode, Switch and Active ResistorSudhanshu Janwadkar
 
Transmission Line
Transmission LineTransmission Line
Transmission LinePRITAM DEBNATH
 
Thermal sensor and its application
Thermal sensor and its applicationThermal sensor and its application
Thermal sensor and its applicationMalaykumar21
 
Pull up & pull down resistors
Pull up & pull down resistorsPull up & pull down resistors
Pull up & pull down resistorsAshutosh Sam
 
Temperature sensor
Temperature sensorTemperature sensor
Temperature sensorHimani Harbola
 
Insulated gate bipolar transistor
Insulated gate bipolar transistorInsulated gate bipolar transistor
Insulated gate bipolar transistormangal das
 
Foundation fieldbus
Foundation fieldbusFoundation fieldbus
Foundation fieldbussharadonlinemails
 
EMI/EMC
EMI/EMC EMI/EMC
EMI/EMC Abida Zama
 
Sensor Characteristics and Selection
Sensor Characteristics and Selection Sensor Characteristics and Selection
Sensor Characteristics and Selection Engr.Dr.Abdul Rehman Abbasi
 
Sensors and its classification 1
Sensors and its classification 1Sensors and its classification 1
Sensors and its classification 1Mani Vannan M
 
package/compact substation
package/compact substationpackage/compact substation
package/compact substationnehakardam
 
Power system automation
Power system automationPower system automation
Power system automationKiran Gham
 
CMOS Topic 5 -_cmos_inverter
CMOS Topic 5 -_cmos_inverterCMOS Topic 5 -_cmos_inverter
CMOS Topic 5 -_cmos_inverterIkhwan_Fakrudin
 
Pressure sensor lecture
Pressure sensor lecturePressure sensor lecture
Pressure sensor lectureutpal sarkar
 
Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awarenesschrisjsmith
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...TI Safe
 

Contenu connexe

Tendances

Underwater sensor network
Underwater sensor networkUnderwater sensor network
Underwater sensor networkfrestoadi
 
New Approach for Intelligent Motor Control Centers
New Approach for Intelligent Motor Control CentersNew Approach for Intelligent Motor Control Centers
New Approach for Intelligent Motor Control CentersSchneider Electric
 
Inrush current reduction in three phase power transformer by using prefluxing...
Inrush current reduction in three phase power transformer by using prefluxing...Inrush current reduction in three phase power transformer by using prefluxing...
Inrush current reduction in three phase power transformer by using prefluxing...IAEME Publication
 
Pressure sensor Measurement
Pressure sensor Measurement Pressure sensor Measurement
Pressure sensor Measurement marcoReud
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
MOS as Diode, Switch and Active Resistor
MOS as Diode, Switch and Active ResistorMOS as Diode, Switch and Active Resistor
MOS as Diode, Switch and Active ResistorSudhanshu Janwadkar
 
Thermal sensor and its application
Thermal sensor and its applicationThermal sensor and its application
Thermal sensor and its applicationMalaykumar21
 
Pull up & pull down resistors
Pull up & pull down resistorsPull up & pull down resistors
Pull up & pull down resistorsAshutosh Sam
 
Insulated gate bipolar transistor
Insulated gate bipolar transistorInsulated gate bipolar transistor
Insulated gate bipolar transistormangal das
 
Sensors and its classification 1
Sensors and its classification 1Sensors and its classification 1
Sensors and its classification 1Mani Vannan M
 
package/compact substation
package/compact substationpackage/compact substation
package/compact substationnehakardam
 
Power system automation
Power system automationPower system automation
Power system automationKiran Gham
 
CMOS Topic 5 -_cmos_inverter
CMOS Topic 5 -_cmos_inverterCMOS Topic 5 -_cmos_inverter
CMOS Topic 5 -_cmos_inverterIkhwan_Fakrudin
 
Pressure sensor lecture
Pressure sensor lecturePressure sensor lecture
Pressure sensor lectureutpal sarkar
 

Tendances (20)

Underwater sensor network
Underwater sensor networkUnderwater sensor network
Underwater sensor network
 
New Approach for Intelligent Motor Control Centers
New Approach for Intelligent Motor Control CentersNew Approach for Intelligent Motor Control Centers
New Approach for Intelligent Motor Control Centers
 
Strain Gauges
Strain GaugesStrain Gauges
Strain Gauges
 
Inrush current reduction in three phase power transformer by using prefluxing...
Inrush current reduction in three phase power transformer by using prefluxing...Inrush current reduction in three phase power transformer by using prefluxing...
Inrush current reduction in three phase power transformer by using prefluxing...
 
Pressure sensor Measurement
Pressure sensor Measurement Pressure sensor Measurement
Pressure sensor Measurement
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applications
 
MOS as Diode, Switch and Active Resistor
MOS as Diode, Switch and Active ResistorMOS as Diode, Switch and Active Resistor
MOS as Diode, Switch and Active Resistor
 
Transmission Line
Transmission LineTransmission Line
Transmission Line
 
Thermal sensor and its application
Thermal sensor and its applicationThermal sensor and its application
Thermal sensor and its application
 
Pull up & pull down resistors
Pull up & pull down resistorsPull up & pull down resistors
Pull up & pull down resistors
 
Temperature sensor
Temperature sensorTemperature sensor
Temperature sensor
 
Insulated gate bipolar transistor
Insulated gate bipolar transistorInsulated gate bipolar transistor
Insulated gate bipolar transistor
 
Foundation fieldbus
Foundation fieldbusFoundation fieldbus
Foundation fieldbus
 
EMI/EMC
EMI/EMC EMI/EMC
EMI/EMC
 
Sensor Characteristics and Selection
Sensor Characteristics and Selection Sensor Characteristics and Selection
Sensor Characteristics and Selection
 
Sensors and its classification 1
Sensors and its classification 1Sensors and its classification 1
Sensors and its classification 1
 
package/compact substation
package/compact substationpackage/compact substation
package/compact substation
 
Power system automation
Power system automationPower system automation
Power system automation
 
CMOS Topic 5 -_cmos_inverter
CMOS Topic 5 -_cmos_inverterCMOS Topic 5 -_cmos_inverter
CMOS Topic 5 -_cmos_inverter
 
Pressure sensor lecture
Pressure sensor lecturePressure sensor lecture
Pressure sensor lecture
 

Similaire à Scada assessment case study

Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awarenesschrisjsmith
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...TI Safe
 
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityExtending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityReal-Time Innovations (RTI)
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft
 
OMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationOMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationGerardo Pardo-Castellote
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked Networks
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesChanmeet Singh
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinJavier Guillermo, MBA, MSc, PMP
 
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Capgemini
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesFitCEO, Inc. (FCI)
 
Convergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixConvergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixVerimatrix
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationJose María Carazo Cepedano
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation processAjay Ohri
 

Similaire à Scada assessment case study (20)

Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awareness
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityExtending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
 
Linda Jackman - Oracle
Linda Jackman - OracleLinda Jackman - Oracle
Linda Jackman - Oracle
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring
 
OMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationOMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integration
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution Utilities
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
 
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
 
Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...
 
Scada
ScadaScada
Scada
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
 
Convergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixConvergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - Verimatrix
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and Automation
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation process
 
391 394
391 394391 394
391 394
 
SCADA
SCADASCADA
SCADA
 

Plus de Network Intelligence India

ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyNetwork Intelligence India
 

Plus de Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 

Dernier

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 

Dernier (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

Scada assessment case study

  • 2. SCADA Assessment – Case Study NOTICE This document contains information which is the intellectual property of Network Intelligence (India) Pvt. Ltd. (also called NII Consulting). This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of NII. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. NII disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of NII; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of NII. NII retains the right to make changes to this document at any time without notice. NII makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. COPYRIGHT Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting is a registered trademark of Network Intelligence India Pvt. Ltd. TRADEMARKS Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Name K. K. Mookhey Title Principal Consultant Company Network Intelligence (India) Pvt. Ltd. Address 204 Eco Space, Off Old Nagardas Road, Andheri (East), Mumbai 400069 E – Mail kkmookhey@niiconsulting.com ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 3. SCADA Assessment – Case Study 1 Background Recently, we were assigned to perform network assessment of the SCADA Network for one of our clients. This case study outlines a brief introduction to SCADA, the sort of assessment we carried out, and typical vulnerabilities that can be found on SCADA systems 2 SCADA (Supervisory Control And Data Acquisition): It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based as described below:  Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.  Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind Farms, civil defense siren systems, and large communication systems.  Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption. Common system components:- A SCADA's System usually consists of the following subsystems:  A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.  A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.  Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.  Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.  Communication infrastructure connecting the supervisory system to the Remote Terminal Units. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 4. SCADA Assessment – Case Study SCADA Server / Control Centre Architecture Web Server RAID server SCADA DWeZones UPS Logger /EMS Firewall DMZ Workstation ISR NMS Zone Monit Printer SERVER oring Consoles GPS system S SERVERS SERVERS System (B&W) Syste Printer with Dual Rack Switch m Monitors (Colou r) ICCP Archival Development NID Server(PDS) Communication Server (N/W Intrusion SERVERS ROUTERS VIDEO Detection PROJECTION System) To other SYSTEM To Backup zones location of the site. The main subsystems are: 1. SCADA/EMS Subsystem 2. Inter-Site Communication ICCP Subsystem 3. Web Subsystem and the Security Infrastructure 4. ISR Subsystem (HIS) 5. Archive Subsystem 6. Network Management Subsystem 7. Video Projection System (VPS) 8. Development Subsystem 9. User Interface (UI) Subsystem 10. GPS Time & Frequency Subsystem 11. WAN Subsystem 12. LAN Subsystem 13. Peripheral Devices SCADA/EMS Subsystem: Carries out the SCADA processing and the EMS calculations, feeds the historical information server, sends the data to the operator Consoles. The SCADA functions are Data Acquisition, Data processing, Alarm, and Tagging. EMS functions are Network Status Processor, Optimal Power Flow, Contingency Analysis, Security enhancement and Voltage VAR dispatch. Inter-Site Communication ICCP Subsystem: The inter-site communication (or OAG -Open Access Gateway) subsystem, handles the communication with different (sites) zones of the client using the different communication protocols. The one zone (site) communicates to the other zones systems using the standard IEC870-6 (TASE.2)/ICCP protocol. It interfaces with the SCADA/EMS servers on ISD protocol. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 5. SCADA Assessment – Case Study Web Subsystem and the Security Infrastructure: The DMZ web subsystem is implemented with the SCADA/EMS server at site. Remote users can access the real-time data and displays through the DMZ web servers. Remote access is provided with appropriate permission and authorization mechanisms. The Web Access area is isolated by two Firewalls. The Web access system consists of Web server, Mail server and Data Replica Server. ISR Subsystem (HIS): The Information Storage and Retrieval subsystem stores user-defined data and events into the ORACLE-based historic database. The ISR system will store:  Real time database snapshot, storage and playback  Historical Information  SOE data  Alarm message log  Storage of files Archive Subsystem: The Archive subsystem provides centralized storage for whole system’s data. The Archive subsystem consists of an archive server and a tape autoloader to archive the information such as ISR data, Save cases, Source code files, System Backup (for restore) etc. Network Management Subsystem: The Network Management system monitors the interfaces to the SCADA/EMS servers, workstations, devices, and all SCADA/EMS gateway and routers and gathers performance statistics like resource utilisation. Video Projection System (VPS): VPS is a big display device with 8 segments of 67 inches size each. VPS is driven through a PC installed in its wall and connected on dual LAN Development Subsystem: Development System provides complete autonomous environment for future program development, application building, testing, and system integration, etc. for the system. User Interface (UI) Subsystem: The User Interface (UI) subsystem composed of workstation consoles with graphic cards to drive multiple monitors. GPS Time & Frequency Subsystem: The Time & Frequency subsystem (TFS) captures the GPS time and power system frequency, and synchronizes the time of all the servers and workstations via the LAN, using the standard Network Time Protocol (NTP). WAN Subsystem: The Wide Area Network (WAN) subsystem for connecting Main site and other sites comprises of routers and Modems and wide band communication link from ISP Network. Two Routers are installed in each zone for providing 2 Mbps (redundant) and 64 kbps Link. The main and backup sites are connected to each other through 2 Mbps channels. LAN Subsystem: The SCADA/EMS Local Area Network (LAN) subsystem provides the inter-connection of all the servers, workstations, and peripherals. LAN is formed with redundant standard Ethernet switches. Peripheral Devices: Loggers, Laser printers & Colour Video Copiers. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 6. SCADA Assessment – Case Study 3 Network Assessment Tools used for Assessment: Auditpro (in-house developed Auditing tool), NMAP, Nessus, Super scan, Initial Phase: Prior to the assessment we tried to get maximum information of SCADA from the vendor. We gathered the following information:  2 SCADA applications (Vendor A and Vendor B) were being used on different sites (zones) of the client’s network.  Vendor A’s tech support and Vendor B’s tech support were maintaining the individual site (Zone) of the client.  Vendor A’s SCADA applications were installed on Solaris OS. Oracle was being used as backend database.  Vendor A’s SCADA software was almost obsolete. There were no patches available for the SCADA software and underlying OS. Vendor A was about to withdraw the support for SCADA in the year 2011.  AREAVA’s SCADA applications were installed on the windows 2003 servers and Open VMS operating systems.  Vendor B’s SCADA applications were using its own proprietary database known as DB431.  Also, Client were using Oracle as database for some additional applications connected to the SCADA network.  A previously conducted Vulnerability Assessment by a different consulting firm on the SCADA Servers has resulted in the SCADA servers crashing during the port scanning stage itself. Armed with the above information, we proceeded to perform the vulnerability assessment first on the test environment of the SCADA (Vendor A’s SCADA product). This was completed successfully without any SCADA server crash. The results were emailed to Vendor A’s tech support and IT representatives of the customer. We then proceeded for the actual assessment. Vulnerabilities discovered The following vulnerabilities were discovered  All the operating systems were in a default configuration without any hardening having been done to the extent that: o Many vulnerable services i.e. echo, daytime, finger were found running on the Windows and Solaris Operating Systems. o Vulnerable services like telnet, BOOTP, source routing, SNMPv2 with default community string public and private were found on the network devices. o Oracle Databases were also not hardened for example we found scott, system user had been given full administrative privilege on database server. o No Patches had been applied on any of the systems ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 7. SCADA Assessment – Case Study o Older IOS/Firmware were being used on the network devices i.e. router, switches, firewall. o No password policy was defined for the SCADA Network. o Administrator credentials of SCADA servers were commonly being shared with all users. o Password being used for administrative accounts on Windows servers and databases, network devices were easily guessable. Network Segregation or the Lack of it  Some SCADA Servers were exposed to public network.  No VLAN was segregation was found.  The bridge connecting the SCADA network to the TCP/IP network was weakly configured – essentially in its default state Other side-effects During the assessment, the Nmap scan completed successfully. However, when we started with Nessus scans the SCADA applications crashed twice. Thankfully, there were redundant servers available for the crashed servers due to which no severe /major incident taken placed. But this showed that simply running a scan is enough to bring SCADA systems to their knees. 4 Root Cause Problems 1. SCADA systems are highly expensive and very mission-critical. Therefore, they are not tweaked or hardened once they’re up and running 2. SCADA systems are thought to be obscure – since no one knows how they work, no one is going to mess around with them, so why bother securing them 3. SCADA systems are thought to be isolated – but this has been shown to be false multiple times. Many SCADA systems are inter-connected to the corporate TCP/IP network or other TCP/IP networks opening them up to the same issues 4. SCADA vendors don’t bother with security. Once a multi-million dollars system is up and running it is just left as it is. So whether it is the Siemens network being attacked by the Stuxnet worm or others, SCADA systems are highly vulnerable due to vendor apathy 5 Conclusion SCADA systems should be treated as highly vulnerable and can be the target of an attack. SCADA attacks are moving out of the realm of science fiction movies and are very much a reality today. Yet organizations continue to adopt a lax stance towards securing SCADA networks. The very first step should be to conduct a thorough assessment of these systems. This has to be done with care since these systems turn out to be highly susceptible to attacks. Stuxnet is a major wake up call to all organizations who thought SCADA systems would never come under attack. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com