Critical Infrastructure Security

1
Critical Infrastructure Security

• Pieter.Hartel_at_utwente.nl

2
Introduction

• Supervisory Control And Data Acquisition
• Eight critical infrastructures
• electrical power systems
• gas and oil
• water supply systems
• telecommunications
• banking and finance
• transportation
• emergency services
• continuity of government

SCADA
Bar04a K. Barnes and B. Johnson. Introduction
to SCADA protection and vulnerabilities.
Technical Report INEEL/EXT-04-01710, Idaho
National Engineering and Environmental
Laboratory, Mar 2004. http//www.inl.gov/technical
publications/Documents/3310860.pdf
3
Example system

• Large geographical area hard to protect
• Ageing proprietary protocols equipment
• Many standards
• Security through
• Redundancy
• Physical security
• Monitoring
• Call back modems
• Procedures

4
Master/Slave architecture
Control room
Source http//en.wikipedia.org/wiki/SCADA
5
Differences IT/SCADA Security (1)

• Data loss, interruption ok (ish).
• High data rates, delays ok.
• Recovery by rebooting system crashes not usually
  serious.
• Antivirus widely employed.
• Security awareness and training reasonably high.

• Data loss, interruptions not tolerated.
• Deterministic response times in local control
  loops real-time responses needed large delays
  or down-times not tolerated.
• Crashes can be fatal.
• Antivirus software difficult because delays.
• Low security awareness and training.

Kru06 R. L. Krutz. Securing SCADA Systems.
Wiley Publishing Inc., Indianapolis, 2006.
6
Differences IT/SCADA Security (2)

• Encryption used (VPN, SSL, HTTPS).
• Penetration testing routine.
• Software patches routine.
• Security audits routine.
• Equipment usually replaced every three to five
  years.

• Most data and control messages unencrypted.
• Penetration testing not routine, disruptive.
• Patches infrequent, disruptive.
• Security audits not routinely performed.
• Equipment used for a long time.

7
IT technology applied to SCADA

• Access control VPN
• The usual problems
• Firewall IDS Threats
• There are 150-200 SCADA protocols
• Networks segmented
• Legacy
• Authentication using IP addresses
• Hosts vulnerable to all standard attacks

Igu06 V. M. Igure, S. A. Laughter, and R. D.
Williams. Security issues in SCADA networks.
Computers Security, 25(7)498-506, Oct 2006.
http//dx.doi.org/10.1016/j.cose.2006.03.001
8
What can be done to improve? (1)

• Identify all connections / services
• disconnect/remove the unnecessary ones
• Strengthen/harden the security of the remaining
  connections/services
• Avoid proprietary protocols
• Enable security features provided
• Control back doors used by vendors
• Deploy IDS and 24/7 monitoring
• Perform technical physical security audits
• Establish Red teams

OE02 21 Steps to Improve the Security of SCADA
Systems, U.S. Department of Energy Sep. 2002,
http//www.oe.energy.gov/DocumentsandMedia/21_Step
s_-_SCADA.pdf
9
What can be done to improve? (2)

• Clearly define roles
• Document
• Establish rigorous ongoing risk management
• Defense in depth
• Identify requirements
• Configuration management
• Routine self-assessments
• Backups and recovery plans
• Hold staff accountable
• Establish policies and train the staff

10
Things that can be done now

• SCADA systems collect a lot of data
• Login success/failure
• Changes to set points
• Alarms
• SCADA Networks can exploit
• Network more or less static
• Carry more or less predictable traffic
• Redundancy in the traffic (master/slave)
• Examples

11
Example 1 DDoS by Syn Flood
Allocate resource

• Solutions
• Syn Cookies
• Random dropping
• Client puzzles

12
Client puzzles
Secret S Time t

• One-way function F(.)
• Stateless
• No PKI
• No Retry
• Easy to verify
• Hardness control

Puzzle,R?
XF(S,t,R)
F(t,R,X)
recompute
t,R,X F(t,R,X)?
SYN,t,R,X
X F(S,t,R)
Jue99 A. Juels and J. G. Brainard. Client
puzzles A cryptographic countermeasure against
connection depletion attacks. In Network and
Distributed System Security Symposium (NDSS), San
Diego, California, Feb 1999. The Internet
Society. http//www.isoc.org/isoc/conferences/ndss
/99/proceedings/papers/juels.pdf
13
Eavesdropping on long comms line

• Point to point
• Low data rate (300 bps!)
• Low latency (polling rounds)
• MAC on message does not work
• New encryption mode

Wri04 A. K. Wright, J. A. Kinast, and J.
McCarty. Low-Latency cryptographic protection for
SCADA communications. In M. Jakobsson, M. Yung,
and J. Zhou, editors, 2nd Int. Conf. on Applied
Cryptography and Network Security (ACNS), volume
LNCS 3089, pages 263-277, Yellow Mountain, China,
Jun 2004. Springer. http//springerlink.metapress.
com/content/bv0m6jyjkjvpv76k/
14
Conclusions

• Past Security by obscurity
• Present best practices from IT
• Future new techniques