Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. This paper addresses the issues regarding security and performs a vulnerability analysis.
Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. This paper addresses the issues regarding security and performs a vulnerability analysis.
Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. This paper addresses the issues regarding security and performs a vulnerability analysis.
Towards Improving SCADA Control Systems Security with Vulnerability Analysis Giovanni Cagalaban and Seoksoo Kim *
Department of Multimedia, Hannam University, Ojeong-dong, Daedeok-gu, 306-791 Daejeon, Korea gcagalaban@yahoo.com, sskim0123@naver.com Abstract. Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. Despite growing awareness of security issues especially in SCADA networks, there exist little or scarce in- formation about SCADA vulnerabilities and attacks. This research addresses the issues regarding security and performs a vulnerability analysis. Modeling of attack trees was created to simulate the vulnerability analysis and carry out as- sessment methodologies to test existing SCADA security design and implemen- tation. Also, this paper proposes a security framework towards improving security for SCADA control systems. Keywords: SCADA control system, vulnerability analysis, security framework. 1 Introduction SCADA networks are composed of control systems that gather data from sensors and instruments located at remote sites and to transmit data at a central site for either con- trol or monitoring purposes [1][2]. With a computer system monitoring and controlling a process which can be industrial, infrastructure or facility-based, many SCADA networks may be susceptible to attacks and misuses because they were de- veloped with little attention being paid to security. Worse, there exist still little or scarce information about SCADA vulnerabilities and attacks, despite the growing awareness of security issues in industrial networks. Even though some vulnerability testing and research are being conducted in this area, very little has been released publicly. To address the limitations in SCADA security, this study conducts vulnerability as- sessment methodologies to test the existing SCADA security design and implementa- tion. With the growing concern about the security and safety of the SCADA control systems, this paper provides a relevant analysis of most important issues and a per- spective on enhancing security of these systems. This also discusses key develop- ments that mark the evolution of the SCADA control systems along with the increase. Further, this describes key requirements and features needed to improve the security of the current SCADA networks.
* Corresponding author. 28 G. Cagalaban and S. Kim
2 Related Works Various research and assessment activities have revealed an effective methodology for identifying vulnerabilities and developing assessment methods to secure SCADA systems. Applying the probabilistic risk assessment to physical systems was at- tempted by [3]. Several test tools that have been successful in locating new vulnerabilities in network devices based on grammar and fuzzy techniques are also been developed in academic researches. Considerable work has also been done by [4]. SCADA protocol vulnerabilities, especially the Modbus protocol, were analyzed by Byres [5] and he suggested the use of attack trees to define a series of attacker goals, determine possible means to achieve that goal and identify the weak links of the sys- tem. Despite efforts to improve and provide guidance to help ensure program activities address real control system security issues, still there are very little security tools that have been released publicly. 3 SCADA Security Testbed This research designs a simple prototypical SCADA security testbed to be used for vulnerability assessment. A prototypical SCADA master and slave programs were used to simulate the serial communication between a SCADA master station and RTUs or slaves. Security attacks were simulated using direct access to the infrastructure. The prototypical security testbed consists of one MTU that communicates with several RTUs. The system used SCADA software for process monitoring and con- trol. RTUs are running a Modbus communication driver to communicate and ex- change data with the MTU. We assume that the prototypical SCADA system uses Modbus communication as represented by RS232, RS422 and RS485 communication standard. Modbus protocol was used since it lack inherent security that any moder- ately skilled hacker would be able to carry out a large variety of attacks if system access can be achieved. Thus, we utilized RS485 and RS232 standards to establish and examine the communication between SCADA Master and RTUs. 3.1 Attack Scenario In this study, we develop a methodology to illustrate in a structured way the attack possibilities and their relationships. To provide a clear illustration, we design the security testbed and created attack scenarios. One scenario is the man-in-the-middle physical configuration is shown in Fig. 1 wherein the SCADA master and slave is connected with an intruder that sniffs on the network traffic. The man-in-the-middle computer serves as an intruder to perform sniffing and fault injection through the use of a developed program. The goal of this attack was to analyze the communication link between the SCADA communication port and the RTU. Sources of attack can be classified into two types [6]. The first type is internal attacker which comes from the compromised device inside the network. Internal attacks are harder to detect and can potentially create severe damages to the system. Another type of attack is external attack where unauthenticated attackers can steal routing information and inject erro- neous information to take control of the system. Towards Improving SCADA Control Systems Security with Vulnerability Analysis 29
Fig. 1. Sniffing Attack 3.2 Attack Tree Modeling The use of attack trees as introduced by [7][8] form a convenient way to systemati- cally categorize the different ways in which a system can be attacked. Attack trees are multi-leveled diagrams consisting of one root, leaves, and children.
Fig. 2. Attack Tree 30 G. Cagalaban and S. Kim
To model our attack, we implemented the use of attack trees to provide a more ho- listic analysis of threats and vulnerabilities and integrating physical, personal, and information security disciplines [9][10]. The graphical and structured tree notation provides us an intuitive aid in our threat analysis process. Using attack trees, we can elaborate events such as specific attack goals in a structured way that must occur for a successful intrusion of the system to take place. Fig. 2 shows an example of an attack tree on the SCADA system. 4 Vulnerability Analysis To assess the possible security vulnerabilities, some method of assessing and rating the risk of any vulnerability is needed. The impact in this case is an expression of the likelihood that a defined threat will exploit a specific set of vulnerability of a particular attractive target to cause a given set of consequences. Table 1. Vulnerability Assessment Attackers Goal Attack Type Impact Rate Security Recommendation Gain SCADA system access Internal High Authentication and integrity Compromise master HMI Internal High Authentication and session Gain SCADA through remote access External Low Authentication and Transmission media Network access on master External Very Low Confidentiality and Authentication Disable master Internal Moderate Authentication and integrity Master attack through slave External Moderate Frame format and authentication Disable slave Internal Very High Frame format and authentication
The purpose of the of the analysis is to determine the values associated with the goal of attack to give a better understanding which also reflect the classification of the faults to compromise the whole system. These also indicate where security recommendations are required. Using attack trees allows common attacks to be refer- enced as reusable modules that apply to multiple network scenarios. Table 1 shows the results of the vulnerability assessment of sniffing activities and compromising the SCADA system. Vulnerability analysis provides important and critical information for different at- tack scenarios. For example, these include information such as type and the impact of the attack that would allow an attacker to successfully break the system. Based on the Towards Improving SCADA Control Systems Security with Vulnerability Analysis 31
information, the plausibility of each of the attacks can be considered. If one or more attacks are estimated to be likely or possible with improvement in technology over time, the vulnerability analysis would indicate that the current security model must be upgraded or revised. 5 Security Framework Vulnerability analysis can delineate a security framework that has a potential to guard against the attacks, which are threats to SCADA systems. In this research, vulnerabil- ity analysis is presented as effective method for testing SCADA security framework. A method of assessing and rating the risk of any vulnerability is needed. The risk in this case is an expression of the likelihood that a defined threat will exploit a specific set of vulnerability of a particular attractive target to cause a given set of conse- quences. Fig. 3. shows the proposed security framework. It is a modified version described by Stoneburner [11]. The figure shows an effective calculation of risk which requires a definition of mishap and identification of potential harm to safety. This is calculated as an impact of hazard multiplied by likelihood of mishap event happening.
Fig. 3. Security Framework The effective calculation of risks for SCADA systems bridges the gap between se- curity and safety. With the aid of integrated computer systems, the line that delineates security and safety is almost negligible. 6 Conclusion The study indicated that the use of these vulnerability assessment in SCADA communications can significantly reduce the vulnerability of these critical systems to malicious cyber attacks, potentially avoiding the serious consequences of such attacks. Implementing security features as those described above ensures higher security, reliability, and availability of control systems. Thus organizations need to reassess the SCADA control systems and risk model to achieve in depth defense solutions for these systems. The increasing threats against SCADA control systems indicate that there should be more directions in the development of these systems. A strategy to deal with 32 G. Cagalaban and S. Kim
cyber attacks against the nations critical infrastructure requires first understanding the full nature of the threat. A depth defense and proactive solutions to improve the security of SCADA control systems ensures the future of control systems and survivability of critical infrastructure. References 1. Cepisca, C., Andrei, H., Petrescu, E., Pirvu, C., Petrescu, C.: Remote Data Acquisition System for Hydro Power Plants. In: Proceedings of the 6th WSEAS International Confer- ence on Power Systems, pp. 5964 (2006) 2. Dobriceanu, M., Bitoleanu, A., Popescu, M., Enache, S., Subtirelu, E.: SCADA System for Monitoring Water Supply Networks. WSEAS Transactions on Systems 1(7), 10701079 (2008) 3. Satoh, H., Kumamoto, H.: Viewpoint of ISO GMITS and Probabilistic Risk Assessment in information Security. WSEAS Trans. on Information Science and Application 2, 237244 (2008) 4. Steven, J.: Adopting an enterprise software security framework. IEEE Security & Pri- vacy 4(2), 8487 (2006) 5. Byres, E.: Understanding Vulnerabilities in SCADA and Control Systems (2004) 6. Ghaffari, A.: Vulnerability and Security of Mobile Ad hoc Networks. In: Proceedings of the 6 th WSEAS International Conference on Simulation, Modelling and Optimization (SMO 2006), pp. 124129 (2006) 7. Schneier, B.: Attack trees: Modeling security threats. Dr. Dobbs Journal (1999) 8. Khand, P. A.: System Level Security Modeling Using Attack Trees. In: 2nd International Conference on Computer, Control and Communication (IC4 2009), pp. 1-6 (2009) 9. Byres, E., Franz, M., Miller, D.: The use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. In: International Infrastructure Survivability Workshp (IISW). IEEE, Los Alamitos (2004) 10. Poolsapassit, N., Ray, I.: A Systematic Approach for Investigating Computer Attacks Us- ing Attack Trees. In: The 3rd IFIP TC-11 WG 11.9 Working Conference on Digital Foren- sics (2007) 11. Stoneburner, G.: Toward a unified security/safety model. IEEE Computer 39(8), 9697 (2006)