An open virtual testbed for industrial control system security research

Reaves, Bradley Galloway

06 August 2011

ICS security has been a topic of scrutiny and research for several years, and many security issues are well known. However, research efforts are impeded by a lack of an open virtual industrial control system testbed for security research. This thesis describes a virtual testbed framework using Python to create discrete testbed components (including virtual devices and process simulators). This testbed is designed such that the testbeds are interoperable with real ICS devices and that the virtual testbeds can provide comparable ICS network behavior to a laboratory testbed. Two testbeds based on laboratory testbeds have been developed and have been shown to be interoperable with real industrial control systemequipment and vulnerable to attacks in the samemanner as a real system. Additionally, these testbeds have been quantitatively shown to produce traffic close to laboratory systems (within 90% similarity on most metrics).

Testbed

SCADA Security

Industrial Control System Security

Vulnerability Analysis Case Studies of Control Systems Human Machine Interfaces

McGrew, Robert Wesley

11 May 2013

This dissertation describes vulnerability research in the area of critical infrastructure security. The intent of this research is to develop a set of recommendations and guidelines for improving the security of Industrial Control System (ICS) and Supervisory Control and Data Acquisition systems software. Specifically, this research focuses on the Human- Machine Interface (HMI) software that is used on control panel workstations. This document covers a brief introduction to control systems security terminology in order to define the research area, a hypothesis for the research, and a discussion of the contribution that this research will provide to the field. Previous work in the area by other researchers is summarized, followed by a description of the vulnerability research, analysis, and creation of deliverables. Technical information on the details of a number of vulnerabilities is presented for a number of HMI vulnerabilities, for which either the author has performed the analysis, or from public vulnerability disclosures where sufficient information about the vulnerabilities is available. Following the body of technical vulnerability information, the common features and characteristics of known vulnerabilities in HMI software are discussed, and that information is used to propose a taxonomy of HMI vulnerabilities. Such a taxonomy can be used to classify HMI vulnerabilities and organize future work on identifying and mitigating such vulnerabilities in the future. Finally, the contributions of this work are presented, along with a summary of areas that have been identified as interesting future work.

security

exploits

vulnerabilities

control systems

HMI

SCADA

Toward Autonomic Security for Industrial Control Systems

Trivedi, Madhulika

14 August 2015

Supervisory control and data acquisition systems are extensively used in the critical infrastructure domain for controlling and managing large-scale industrial applications. This thesis presents a security management structure developed to protect ICS networks from security intrusions. This structure is formed by a combination of several modules for monitoring system-utilization parameters, data processing, detection of known attacks, forensic analysis to support against unknown attacks, estimation of control system-specific variables, and launch of appropriate protection methods. The best protection method to launch in case of an attack is chosen by a multi-criteria analysis controller based on operational costs and efficiency. A time-series ARIMA model is utilized to estimate the future state of the system and to protect it against cyber intrusions. Signature and performance based detection techniques assist in real-time identification of attacks with little or no human intervention. Simulation results for Scanning, Denial of Service and Injection attacks are provided.

cyber

intrusion

scada

autonomic

self-protection

Cibersegurança em sistemas de automação em plantas de tratamento de água. / Cibersecurity in automation systems in water treatment plants.

Azevedo, Marcelo Teixeira de

04 November 2010

Atualmente a segurança da informação tem sido uma preocupação constante das diversas instituições e países que utilizam recursos computacionais para comunicação e oferecimento de serviços. Métodos de proteção e contramedidas para redes tradicionais são conhecidos e comumente utilizados, tais como firewalls e detectores de intrusões. Para os sistemas de controle e aquisição de dados (Supervisory Control and Data Acquisition SCADA) não é diferente. Nos primórdios tais sistemas eram baseados em mainframes e arquitetura fechada, ou seja, dependentes dos fabricantes e consequentemente isolados de outros sistemas. Nos dias atuais os sistemas SCADA estão convergindo cada vez mais para plataformas baseadas em sistemas abertos e com a sua arquitetura fortemente apoiada em conectividade; sendo assim é usual a interligação de tais sistemas com a rede corporativa e em alguns casos com a própria internet. Partindo desse problema e com o atual desenvolvimento tecnológico em que se encontra a área de segurança da informação, é proposta uma metodologia para implantação de sistemas de automação em plantas de tratamento de água com ênfase em segurança e focada em sistemas industriais, utilizando as normas de segurança em automação ISA 99. Adicionalmente é proposto um mecanismo de análise e identificação de eventos maliciosos tendo por base o entendimento do fluxograma e etapas de uma planta de tratamento de água. Nesse sentido, os objetivos do presente trabalho são, em suma, estudar as normas, métodos e metodologias de segurança em sistemas industriais com foco em tratamento de água e propor uma metodologia cujo foco seja a minimização dos riscos de segurança. Para isso é proposto a avaliação de três cenários reais de tratamento de água para que assim seja possível simular os parâmetros de criticidade identificados no fluxograma e etapas do tratamento de água. Para tanto, desenvolveu-se um cenário conectado ao PLC que permitiu simular o comportamento e os impactos, além de um detector de eventos para análise dos resultados. / Currently, information security is a constant concern of the several institutions and countries that use computing resources for communication and service offering purposes. Protection methods and countermeasures for traditional networks such as firewalls and intrusion detectors are known and ordinarily used. The same goes for control systems and data acquisition (Supervisory Control and Data Acquisition - SCADA). In the beginning, such systems were based on mainframes and closed architecture, i.e., dependent on manufacturers and consequently isolated from other systems. Nowadays, the SCADA systems converge more and more to platforms based on open systems, with its architecture strongly relied on connectivity; thus, it is usual the interconnection of such systems with the corporate network and, in some cases, with Internet itself. From this issue, and with the current technology development in the information security area, a methodology is proposed to implement automation systems in water treatment plants with an emphasis on security, and focused on industrial systems, using automation safety rules ISA 99. The purpose of this essay is, in brief, to study safety rules, methods and methodologies for industrial systems with a focus on water treatment, and to propose a methodology directed to the minimization of safety hazards. For that purpose, it is proposed the evaluation of three water treatment real scenarios so that it is possible to simulate criticality parameters identified in the flow chart and stages of the water treatment. Therefore, a scenario connected to PLC was developed, allowing the simulation of the behavior and the impacts, in addition to an event detector for the result analysis.

Industrial network

Normas ISA

Redes industriais

SCADA

SCADA

Security

Segurança

Standard ISA

Cibersegurança em sistemas de automação em plantas de tratamento de água. / Cibersecurity in automation systems in water treatment plants.

Marcelo Teixeira de Azevedo

04 November 2010

Atualmente a segurança da informação tem sido uma preocupação constante das diversas instituições e países que utilizam recursos computacionais para comunicação e oferecimento de serviços. Métodos de proteção e contramedidas para redes tradicionais são conhecidos e comumente utilizados, tais como firewalls e detectores de intrusões. Para os sistemas de controle e aquisição de dados (Supervisory Control and Data Acquisition SCADA) não é diferente. Nos primórdios tais sistemas eram baseados em mainframes e arquitetura fechada, ou seja, dependentes dos fabricantes e consequentemente isolados de outros sistemas. Nos dias atuais os sistemas SCADA estão convergindo cada vez mais para plataformas baseadas em sistemas abertos e com a sua arquitetura fortemente apoiada em conectividade; sendo assim é usual a interligação de tais sistemas com a rede corporativa e em alguns casos com a própria internet. Partindo desse problema e com o atual desenvolvimento tecnológico em que se encontra a área de segurança da informação, é proposta uma metodologia para implantação de sistemas de automação em plantas de tratamento de água com ênfase em segurança e focada em sistemas industriais, utilizando as normas de segurança em automação ISA 99. Adicionalmente é proposto um mecanismo de análise e identificação de eventos maliciosos tendo por base o entendimento do fluxograma e etapas de uma planta de tratamento de água. Nesse sentido, os objetivos do presente trabalho são, em suma, estudar as normas, métodos e metodologias de segurança em sistemas industriais com foco em tratamento de água e propor uma metodologia cujo foco seja a minimização dos riscos de segurança. Para isso é proposto a avaliação de três cenários reais de tratamento de água para que assim seja possível simular os parâmetros de criticidade identificados no fluxograma e etapas do tratamento de água. Para tanto, desenvolveu-se um cenário conectado ao PLC que permitiu simular o comportamento e os impactos, além de um detector de eventos para análise dos resultados. / Currently, information security is a constant concern of the several institutions and countries that use computing resources for communication and service offering purposes. Protection methods and countermeasures for traditional networks such as firewalls and intrusion detectors are known and ordinarily used. The same goes for control systems and data acquisition (Supervisory Control and Data Acquisition - SCADA). In the beginning, such systems were based on mainframes and closed architecture, i.e., dependent on manufacturers and consequently isolated from other systems. Nowadays, the SCADA systems converge more and more to platforms based on open systems, with its architecture strongly relied on connectivity; thus, it is usual the interconnection of such systems with the corporate network and, in some cases, with Internet itself. From this issue, and with the current technology development in the information security area, a methodology is proposed to implement automation systems in water treatment plants with an emphasis on security, and focused on industrial systems, using automation safety rules ISA 99. The purpose of this essay is, in brief, to study safety rules, methods and methodologies for industrial systems with a focus on water treatment, and to propose a methodology directed to the minimization of safety hazards. For that purpose, it is proposed the evaluation of three water treatment real scenarios so that it is possible to simulate criticality parameters identified in the flow chart and stages of the water treatment. Therefore, a scenario connected to PLC was developed, allowing the simulation of the behavior and the impacts, in addition to an event detector for the result analysis.

Normas ISA

Redes industriais

SCADA

Segurança

Industrial network

SCADA

Security

Standard ISA

Bloom Filter Based Intrusion Detection for Smart Grid

Parthasarathy, Saranya

2012 May 1900

This thesis addresses the problem of local intrusion detection for SCADA (Supervisory Control and Data Acquisition) field devices in the smart grid. A methodology is proposed to detect anomalies in the communication patterns using a combination of n-gram analysis and Bloom Filter. The predictable and regular nature of the SCADA communication patterns is exploited to train the intrusion detection system. The protocol considered to test the proposed approach is MODBUS which is used for communication between a SCADA server and field devices in power system. The approach is tested for attacks like HMI compromise and Man-in-the-Middle. Bloom Filter is chosen because of its strong space advantage over other data structures like hash tables, linked lists etc. for representing sets. The advantage comes from its probabilistic nature and compact array structure. The false positive rates are found to be minimal with careful choice of parameters for Bloom Filter design. Also the memory-efficient property of Bloom Filter makes it suitable for implementation in resource constrained SCADA components. It is also established that the knowledge of physical state of the power system i.e., normal, emergency or restorative state can help in improving the accuracy of the proposed approach.

SCADA IDS

Bloom Filter Based IDS

Smart Grid IDS

IDS for SCADA System in Smart Grid

Trimatės grafikos elementų panaudojimas vizualizacijos sistemose / Using 3D elements in visualization systems

Mažutis, Tadas

15 July 2009

Šio darbo tikslas yra suprojektuoti ir realizuoti vizualizacijos sistemą, naudojančią trimačius elementus ir atlikti tyrimą, ar tokia vizualizacijos sistemos koncepcija padeda spręsti tam tikras operatorių problemas. Darbo metu siekiama išsiaiškinti, ar trimačiai elementai gali būti naudingesni nei dvimačiai jų analogai. Vizualizacijos sistemai realizuoti panaudotas Microsoft DirectX trimatės grafikos kūrimo priemonių rinkinys. Sukurtas realiai veikiančios dvimatės vizualizacijos sistemos trimatis analogas, apimantis tam tikrą realios sistemos dalį. Atliktas tyrimas, kurio tikslas – išsiaiškinti, ar sukurta sistema turi pranašumą prieš savo pirmtką identifikuojant ir lokalizuojant sistemoje įvykusiems įvykiams. / The goal of this work is to develop vizualization system which uses 3D elements. Also to perform research with goal to analyze if such visualization system helps to solve particular problems for operators. During this work will be trying to answer the question if 3D elements can be more helpful than 2D elements. Microsoft DirectX SDK is used to create visualization system. Only a specific part of running 2D visualization system is created. Research is performed to identify if created system can be more helpful in identifying and localizing system events.

Informatics Engineering

Vizualizacija

Interaktyvioji vizualizacija

SCADA

3D

2D

Visualization

Interactive visualization

SCADA

3D

2D

Desenvolvimento de sistema inteligente de controle de arranjo de antenas para aplicação no sistema Celpe

OLIVEIRA, Elias Marques Ferreira De

22 February 2016

Submitted by Irene Nascimento (irene.kessia@ufpe.br) on 2017-01-30T18:03:51Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação - Elias Marques V4.2 (Revisão Biblioteca).pdf: 4899848 bytes, checksum: 78834b022de3c1d5eb7fcee1273f65c7 (MD5) / Made available in DSpace on 2017-01-30T18:03:51Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação - Elias Marques V4.2 (Revisão Biblioteca).pdf: 4899848 bytes, checksum: 78834b022de3c1d5eb7fcee1273f65c7 (MD5) Previous issue date: 2016-02-22 / FACEPE / Este trabalho de dissertação apresenta a concepção e implantação de um sistema controlador de arranjo de antenas capaz de integrar-se a uma rede de comunicação SCADA e direcionar o diagrama de radiação de um arranjo de antenas, garantindo melhor comunicação entre estação base e remota. É apresentado um circuito de RF capaz de realizar o controle automático das fases de alimentação de um arranjo de antenas composto por diversos dispositivos de RF, incluindo um defasador de 8 bits. São apresentados testes destes dispositivos bem como a caracterização de ramos constituídos por estes componentes. Desenvolveu-se também um circuito controlador de arranjo de antenas que desempenha funções de identificação de endereços e determina as fases a serem utilizadas no controle dos defasadores. O circuito foi testado em um projeto piloto no campus da UFPE e está instalado na subestação da CELPE na cidade de Gravatá, no interior do estado de Pernambuco. / This dissertation presents the design and implementation of a Antenna Array Controller System capable of integrating into a SCADA network and directing the main radiation lobe, granting best communication between base and remote stations. An RF circuit is presented capable of automatically controlling the phases fed to the antenna array composed by several RF devices, including an 8-bit phase shifter. Tests of the devices and the characterization of braches composed by them are shown. In addition, an antenna array controller has been developed to perform functions that include the identification of an address and the determination of the phase to be used in the phase shifters’ control. The circuit was tested in a pilot project at the UFPE campus and is installed at a CELPE substation in the city of Gravatá.

Automatic Forensic Analysis of PCCC Network Traffic Log

Senthivel, Saranyan

09 August 2017

Most SCADA devices have a few built-in self-defence mechanisms and tend to implicitly trust communications received over the network. Therefore, monitoring and forensic analysis of network traffic is a critical prerequisite for building an effective defense around SCADA units. In this thesis work, We provide a comprehensive forensic analysis of network traffic generated by the PCCC(Programmable Controller Communication Commands) protocol and present a prototype tool capable of extracting both updates to programmable logic and crucial configuration information. The results of our analysis shows that more than 30 files are transferred to/from the PLC when downloading/uplloading a ladder logic program using RSLogix programming software including configuration and data files. Interestingly, when RSLogix compiles a ladder-logic program, it does not create any lo-level representation of a ladder-logic file. However the low-level ladder logic is present and can be extracted from the network traffic log using our prototype tool. the tool extracts SMTP configuration from the network log and parses it to obtain email addresses, username and password. The network log contains password in plain text.

Information Security

Metodología de Automatización de un sistema de descarga/carga de combustible buque/tanque mediante control por SCADA – Aplicación en el puerto de Ilo

Durand Sal y Rosas, Renzo David

January 2015

La metodología de automatización de un sistema de descarga/carga de combustible buque/tanque mediante control por SCADA presenta la ingeniería conceptual básica para el desarrollo del sistema, incluye lineamientos generales, normas, restricciones y se mencionan algunas recomendaciones aprendidas en el desarrollo de esta aplicación en el puerto de Ilo. Se presentan formas generales de estructurar esta aplicación y en el caso de ser requerido cambiar el tipo de combustible (tener en cuenta las propiedades físico y químicas del material como viscosidad, densidad, entre otras), también se puede cambiar la ubicación geográfica (tener en cuenta la altura de instalación para los motores y accionamientos electrónicos, así como consideraciones de pintura, entre otros); sin embargo, la idea que se presenta es mantener una estructura de lectura de información y escritura de órdenes para gobernar este sistema vía SCADA, sea indistintamente el tipo de combustible a utilizar o locación a instalar, principalmente utilizando los conceptos de control & instrumentación para especificación de instrumentos y respaldo de manuales de fabricantes, así como aplicaciones de comunicaciones industriales e integración de sistemas.

Metodología de automatización

Sistema de descarga/carga de combustible

Control por SCADA