Overview

Intro

In Industry Infrastructure, developing secure Industrial Control Systems (ICS) is a challenge. ICS is shifting from proprietary technologies to standardized and open solutions. As connectivity grows, it raises concerns about the security of SCADA (Supervisory Control and Data Acquisition) systems, which many see as vulnerable to cyber-attacks. Major risk elements to SCADA systems are:

  • Connections to additional, possibly vulnerable networks;
  • Using standard hardware platforms with known vulnerabilities;
  • Using standard software with known vulnerabilities;
  • Other vulnerable remote connections;
  • Real-time deterministic requirements contrast information security controls, causing delays.

SCADA Attack Routes

The threat needs access to the SCADA system, and there are many SCADA systems connected to the Internet, corporate networks, and the public switched telephone network, offering multiple paths into the SCADA control network. Satellite and wireless communication systems provide additional paths to the control network. Typical SCADA attack routes include:

  • Internet connections

  • Network connections (Business, Enterprise networks)

  • Connections to other networks that contain vulnerabilities

  • Compromised virtual private networks (VPNs)

  • Back-door connections through dial-up modems

  • Unsafe wireless connections discovered by war-driving laptop users

  • Malformed IP packets, in which packet header information conflicts with actual packet data

  • IP fragmentation attacks, where a small transmitted fragment forces some of the TCP header field into a second fragment

  • Through vulnerabilities in the simple network management protocol (SNMP), which is used to gather network information and provide notification of network events

  • Open computer ports, such as UDP or TCP ports, that are unprotected or left open  unnecessarily

  • Weak authentication in protocols and SCADA elements

  • Maintenance hooks or trap doors, which are means to circumvent security controls during SCADA system development, testing, and maintenance

  • E-mail transactions on control network

  • Buffer overflow attacks on SCADA control servers, which are accessed by PLCs and SCADA human machine interfaces

  • Leased, private telephone lines


On this page:

NERC-CIP Security

Ensuring cyber security in control systems may initially seem daunting as it requires a commitment from the entire organization. Upper management needs to recognize the numerous benefits of a secure SCADA system. These advantages include ensuring system uptime, reliability and availability. Implementing good cyber security is smart business because a secure system is a trusted system, and customer retention and loyalty is built around trust. Vendors, system integrators, IT, and control engineers all share this responsibility.

There are many resources available now to help critical infrastructure SCADA systems enhance their security. For example, the standard ISA99 – Industrial Automation and Control Systems Security, establishes best practices, technical reports, and related information to define procedures for implementing and assessing electronically secure systems. Compliance with this standard can improve manufacturing and control system electronic security, help identify and address vulnerabilities, and reduce the risk of compromised confidential information and system degradation.

Government regulations also exist and continue to evolve to secure critical infrastructure industries. The most ambitious one for influencing government policy is the non-profit North American Electric Reliability Corporation (NERC) – Critical Infrastructure Protection (CIP) standard. Known as NERC-CIP, this standard has its roots in the Electricity Modernization Act – which is part of the US Energy Policy Act of 2005. Within the Energy Policy Act of 2005, there is a section which dictates that the NERC-CIP standard requires all power plants and electric utility facilities to develop new cyber security systems and procedures in accordance with a 3-year implementation plan. There are eight different CIP standards covering everything from Security Management Control and Critical Cyber Assets, to Incident Reporting and Recovery Plans.  Each one of the eight standards defines a series of specific requirements. The standards are:

CIP-002-1: Critical Cyber Asset Identification

CIP-003-1: Security Management Controls

CIP-004-1: Personnel and Training

CIP-005-1: Electronic Security Perimeter

CIP-006-1: Physical Security of Critical Cyber Assets

CIP-007-1: Systems Security Management

CIP-008-1: Incident Reporting and Response Planning

CIP-009-1: Recovery Plans for Critical Cyber Assets

Security Measures For NERC Compliance

Several features can be enabled or configured on the software platform to help achieve better system security. The basic procedures are:

  • Enable software platform Domain user control with Windows Active Directory;

  • FrameworX is CFR 21 Part11 compliant. All features described in this rule must be enabled/configured.

  • Enable (Native TCP/IP protocol) communication compression;

  • Enable Project Cryptography (password protection);

  • Enable Tracing options;

  • Working alongside software platform, data can be stored using compression and cryptography techniques inside Microsoft SQL, avoiding data replacement.

  • Integration with other tools to provide auto backup and disaster recovery tools can also be used;

  • Choose a tested/certified Anti-Virus and system environment application control.

Requirement

NERC-CIP Standard

Solution

User Access

CIP-004
CIP-005
CIP-007

Integration with Microsoft Active Directory
If AD integration is disabled, the software platform Domain offers:

  • Strong Passwords;

  • Password expiration control;

  • Inactivity auto-logoff;

  • Block/Unblock login after a sequence of wrong tries.

Access Control

CIP-003
CIP-004
CIP-005

Internal control and assignment of permissions (Screens, Alarms, Server Actions)
User Administration features.

Electronic Security Perimeter

CIP-003
CIP-005
CIP-007

Integration with Intrusion Detection/Control Systems (IDS/ICS) Ex: SNORT
Port data paths configurable.

Logging of Access and Usage

CIP-003
CIP-004
CIP-007
CIP-008

Electronic Signatures;
Built-in Tracking and Event Monitoring;
Audit Trail Database;
User-Defined Log Entries for specific actions or unactions.

Workforce Management

CIP-004
CIP-007

User rights revocable by Administrator or through Microsoft Active Directory.

Security Software Management

CIP-007

Project cryptography;
Integration with software management solutions like McAfee Application Control / Policy Orchestrator.

Alerts and Notifications

CIP-005
CIP-007
CIP-008

Log and Trace of any kind of access and actions
Can send notifications in several forms, like SMS, Email, SNMP, WebServices, other protocol messages, etc.

Recovery Plans

CIP-009

Auto-Backup, integration with versioning software like Subversion or SVN;
Use Server redundancy (hot – standby);
Usage of RAID disks;


In this section: