SlideShare uma empresa Scribd logo

Scada assessment case study

Network Intelligence India
Network Intelligence India
Tecnologia
1 de 7
SCADA ASSESSMENT CASE STUDY From
SCADA Assessment – Case Study NOTICE This document contains information which is the intellectual property of Network Intelligence (India) Pvt. Ltd. (also called NII Consulting). This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of NII. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. NII disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of NII; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of NII. NII retains the right to make changes to this document at any time without notice. NII makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. COPYRIGHT Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting is a registered trademark of Network Intelligence India Pvt. Ltd. TRADEMARKS Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Name K. K. Mookhey Title Principal Consultant Company Network Intelligence (India) Pvt. Ltd. Address 204 Eco Space, Off Old Nagardas Road, Andheri (East), Mumbai 400069 E – Mail kkmookhey@niiconsulting.com ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study 1 Background Recently, we were assigned to perform network assessment of the SCADA Network for one of our clients. This case study outlines a brief introduction to SCADA, the sort of assessment we carried out, and typical vulnerabilities that can be found on SCADA systems 2 SCADA (Supervisory Control And Data Acquisition): It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based as described below:  Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.  Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind Farms, civil defense siren systems, and large communication systems.  Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption. Common system components:- A SCADA's System usually consists of the following subsystems:  A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.  A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.  Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.  Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.  Communication infrastructure connecting the supervisory system to the Remote Terminal Units. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study SCADA Server / Control Centre Architecture Web Server RAID server SCADA DWeZones UPS Logger /EMS Firewall DMZ Workstation ISR NMS Zone Monit Printer SERVER oring Consoles GPS system S SERVERS SERVERS System (B&W) Syste Printer with Dual Rack Switch m Monitors (Colou r) ICCP Archival Development NID Server(PDS) Communication Server (N/W Intrusion SERVERS ROUTERS VIDEO Detection PROJECTION System) To other SYSTEM To Backup zones location of the site. The main subsystems are: 1. SCADA/EMS Subsystem 2. Inter-Site Communication ICCP Subsystem 3. Web Subsystem and the Security Infrastructure 4. ISR Subsystem (HIS) 5. Archive Subsystem 6. Network Management Subsystem 7. Video Projection System (VPS) 8. Development Subsystem 9. User Interface (UI) Subsystem 10. GPS Time & Frequency Subsystem 11. WAN Subsystem 12. LAN Subsystem 13. Peripheral Devices SCADA/EMS Subsystem: Carries out the SCADA processing and the EMS calculations, feeds the historical information server, sends the data to the operator Consoles. The SCADA functions are Data Acquisition, Data processing, Alarm, and Tagging. EMS functions are Network Status Processor, Optimal Power Flow, Contingency Analysis, Security enhancement and Voltage VAR dispatch. Inter-Site Communication ICCP Subsystem: The inter-site communication (or OAG -Open Access Gateway) subsystem, handles the communication with different (sites) zones of the client using the different communication protocols. The one zone (site) communicates to the other zones systems using the standard IEC870-6 (TASE.2)/ICCP protocol. It interfaces with the SCADA/EMS servers on ISD protocol. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study Web Subsystem and the Security Infrastructure: The DMZ web subsystem is implemented with the SCADA/EMS server at site. Remote users can access the real-time data and displays through the DMZ web servers. Remote access is provided with appropriate permission and authorization mechanisms. The Web Access area is isolated by two Firewalls. The Web access system consists of Web server, Mail server and Data Replica Server. ISR Subsystem (HIS): The Information Storage and Retrieval subsystem stores user-defined data and events into the ORACLE-based historic database. The ISR system will store:  Real time database snapshot, storage and playback  Historical Information  SOE data  Alarm message log  Storage of files Archive Subsystem: The Archive subsystem provides centralized storage for whole system’s data. The Archive subsystem consists of an archive server and a tape autoloader to archive the information such as ISR data, Save cases, Source code files, System Backup (for restore) etc. Network Management Subsystem: The Network Management system monitors the interfaces to the SCADA/EMS servers, workstations, devices, and all SCADA/EMS gateway and routers and gathers performance statistics like resource utilisation. Video Projection System (VPS): VPS is a big display device with 8 segments of 67 inches size each. VPS is driven through a PC installed in its wall and connected on dual LAN Development Subsystem: Development System provides complete autonomous environment for future program development, application building, testing, and system integration, etc. for the system. User Interface (UI) Subsystem: The User Interface (UI) subsystem composed of workstation consoles with graphic cards to drive multiple monitors. GPS Time & Frequency Subsystem: The Time & Frequency subsystem (TFS) captures the GPS time and power system frequency, and synchronizes the time of all the servers and workstations via the LAN, using the standard Network Time Protocol (NTP). WAN Subsystem: The Wide Area Network (WAN) subsystem for connecting Main site and other sites comprises of routers and Modems and wide band communication link from ISP Network. Two Routers are installed in each zone for providing 2 Mbps (redundant) and 64 kbps Link. The main and backup sites are connected to each other through 2 Mbps channels. LAN Subsystem: The SCADA/EMS Local Area Network (LAN) subsystem provides the inter-connection of all the servers, workstations, and peripherals. LAN is formed with redundant standard Ethernet switches. Peripheral Devices: Loggers, Laser printers & Colour Video Copiers. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study 3 Network Assessment Tools used for Assessment: Auditpro (in-house developed Auditing tool), NMAP, Nessus, Super scan, Initial Phase: Prior to the assessment we tried to get maximum information of SCADA from the vendor. We gathered the following information:  2 SCADA applications (Vendor A and Vendor B) were being used on different sites (zones) of the client’s network.  Vendor A’s tech support and Vendor B’s tech support were maintaining the individual site (Zone) of the client.  Vendor A’s SCADA applications were installed on Solaris OS. Oracle was being used as backend database.  Vendor A’s SCADA software was almost obsolete. There were no patches available for the SCADA software and underlying OS. Vendor A was about to withdraw the support for SCADA in the year 2011.  AREAVA’s SCADA applications were installed on the windows 2003 servers and Open VMS operating systems.  Vendor B’s SCADA applications were using its own proprietary database known as DB431.  Also, Client were using Oracle as database for some additional applications connected to the SCADA network.  A previously conducted Vulnerability Assessment by a different consulting firm on the SCADA Servers has resulted in the SCADA servers crashing during the port scanning stage itself. Armed with the above information, we proceeded to perform the vulnerability assessment first on the test environment of the SCADA (Vendor A’s SCADA product). This was completed successfully without any SCADA server crash. The results were emailed to Vendor A’s tech support and IT representatives of the customer. We then proceeded for the actual assessment. Vulnerabilities discovered The following vulnerabilities were discovered  All the operating systems were in a default configuration without any hardening having been done to the extent that: o Many vulnerable services i.e. echo, daytime, finger were found running on the Windows and Solaris Operating Systems. o Vulnerable services like telnet, BOOTP, source routing, SNMPv2 with default community string public and private were found on the network devices. o Oracle Databases were also not hardened for example we found scott, system user had been given full administrative privilege on database server. o No Patches had been applied on any of the systems ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study o Older IOS/Firmware were being used on the network devices i.e. router, switches, firewall. o No password policy was defined for the SCADA Network. o Administrator credentials of SCADA servers were commonly being shared with all users. o Password being used for administrative accounts on Windows servers and databases, network devices were easily guessable. Network Segregation or the Lack of it  Some SCADA Servers were exposed to public network.  No VLAN was segregation was found.  The bridge connecting the SCADA network to the TCP/IP network was weakly configured – essentially in its default state Other side-effects During the assessment, the Nmap scan completed successfully. However, when we started with Nessus scans the SCADA applications crashed twice. Thankfully, there were redundant servers available for the crashed servers due to which no severe /major incident taken placed. But this showed that simply running a scan is enough to bring SCADA systems to their knees. 4 Root Cause Problems 1. SCADA systems are highly expensive and very mission-critical. Therefore, they are not tweaked or hardened once they’re up and running 2. SCADA systems are thought to be obscure – since no one knows how they work, no one is going to mess around with them, so why bother securing them 3. SCADA systems are thought to be isolated – but this has been shown to be false multiple times. Many SCADA systems are inter-connected to the corporate TCP/IP network or other TCP/IP networks opening them up to the same issues 4. SCADA vendors don’t bother with security. Once a multi-million dollars system is up and running it is just left as it is. So whether it is the Siemens network being attacked by the Stuxnet worm or others, SCADA systems are highly vulnerable due to vendor apathy 5 Conclusion SCADA systems should be treated as highly vulnerable and can be the target of an attack. SCADA attacks are moving out of the realm of science fiction movies and are very much a reality today. Yet organizations continue to adopt a lax stance towards securing SCADA networks. The very first step should be to conduct a thorough assessment of these systems. This has to be done with care since these systems turn out to be highly susceptible to attacks. Stuxnet is a major wake up call to all organizations who thought SCADA systems would never come under attack. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com

Recomendados

IoT sensing and actuation
IoT sensing and actuationIoT sensing and actuation
IoT sensing and actuationHitesh Mohapatra
 
Introduction to Embedded System I: Chapter 2 (5th portion)
Introduction to Embedded System I: Chapter 2 (5th portion)Introduction to Embedded System I: Chapter 2 (5th portion)
Introduction to Embedded System I: Chapter 2 (5th portion)Moe Moe Myint
 
Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded Systemanand hd
 
Metal detector robot
Metal detector robotMetal detector robot
Metal detector robotf114n
 
Chapter 3 Charateristics and Quality Attributes of Embedded System
Chapter 3 Charateristics and Quality Attributes of Embedded SystemChapter 3 Charateristics and Quality Attributes of Embedded System
Chapter 3 Charateristics and Quality Attributes of Embedded SystemMoe Moe Myint
 
Automatic railway gate control using arduino uno
Automatic railway gate control using arduino unoAutomatic railway gate control using arduino uno
Automatic railway gate control using arduino unoselvalakshmi24
 
PIR sensing with arduino
PIR sensing with arduinoPIR sensing with arduino
PIR sensing with arduinochetan kadiwal
 
Iot projects 2021-2022
Iot projects 2021-2022Iot projects 2021-2022
Iot projects 2021-2022MSR PROJECTS
 

Recomendados

IoT sensing and actuation
IoT sensing and actuationIoT sensing and actuation
IoT sensing and actuationHitesh Mohapatra
 
Introduction to Embedded System I: Chapter 2 (5th portion)
Introduction to Embedded System I: Chapter 2 (5th portion)Introduction to Embedded System I: Chapter 2 (5th portion)
Introduction to Embedded System I: Chapter 2 (5th portion)Moe Moe Myint
 
Typical Embedded System
Typical Embedded SystemTypical Embedded System
Typical Embedded Systemanand hd
 
Metal detector robot
Metal detector robotMetal detector robot
Metal detector robotf114n
 
Chapter 3 Charateristics and Quality Attributes of Embedded System
Chapter 3 Charateristics and Quality Attributes of Embedded SystemChapter 3 Charateristics and Quality Attributes of Embedded System
Chapter 3 Charateristics and Quality Attributes of Embedded SystemMoe Moe Myint
 
Automatic railway gate control using arduino uno
Automatic railway gate control using arduino unoAutomatic railway gate control using arduino uno
Automatic railway gate control using arduino unoselvalakshmi24
 
PIR sensing with arduino
PIR sensing with arduinoPIR sensing with arduino
PIR sensing with arduinochetan kadiwal
 
Iot projects 2021-2022
Iot projects 2021-2022Iot projects 2021-2022
Iot projects 2021-2022MSR PROJECTS
 
Design and Construction of GSM Based Fire Alarm System using PIC Microcontroller
Design and Construction of GSM Based Fire Alarm System using PIC MicrocontrollerDesign and Construction of GSM Based Fire Alarm System using PIC Microcontroller
Design and Construction of GSM Based Fire Alarm System using PIC Microcontrollerijtsrd
 
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...Arunkumar Gowdru
 
ARM7-ARCHITECTURE
ARM7-ARCHITECTURE ARM7-ARCHITECTURE
ARM7-ARCHITECTURE Dr.YNM
 
Antenna PARAMETERS
Antenna PARAMETERSAntenna PARAMETERS
Antenna PARAMETERSAJAL A J
 
Coal Mine Safety Monitoring and Alerting System
Coal Mine Safety Monitoring and Alerting SystemCoal Mine Safety Monitoring and Alerting System
Coal Mine Safety Monitoring and Alerting SystemIRJET Journal
 
Sensors
SensorsSensors
SensorsMahmoud Hussein
 
Zeroth Review Model Slide
Zeroth Review Model SlideZeroth Review Model Slide
Zeroth Review Model Slideenggshankar
 
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLSINTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLSJOLLUSUDARSHANREDDY
 
Task assignment and scheduling
Task assignment and schedulingTask assignment and scheduling
Task assignment and schedulingRajalakshmiSermadurai
 
Array antennas
Array antennasArray antennas
Array antennasSushant Burde
 
Virtual instrumentation9898
Virtual instrumentation9898Virtual instrumentation9898
Virtual instrumentation9898rollno21
 
human detection robot
human detection robothuman detection robot
human detection robotS Ayub
 
Visitor counter
Visitor counterVisitor counter
Visitor counterASHISH KUMAR
 
Magic tee
Magic tee Magic tee
Magic tee saniya shaikh
 
519 transmission line theory
519 transmission line theory519 transmission line theory
519 transmission line theorychanjee
 
Fundamentals of Designing with Sensors
Fundamentals of Designing with SensorsFundamentals of Designing with Sensors
Fundamentals of Designing with SensorsAnalog Devices, Inc.
 
Shiv smart door ppt
Shiv smart door pptShiv smart door ppt
Shiv smart door pptMahesh Patil
 
iot industry automation
iot industry automationiot industry automation
iot industry automationmansi sharma
 
Encoder
EncoderEncoder
EncoderMd. Hasan Imam Bijoy
 
Array Antennas
Array AntennasArray Antennas
Array AntennasRoma Rico Flores
 
Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awarenesschrisjsmith
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...TI Safe
 

Mais conteúdo relacionado

Mais procurados

Design and Construction of GSM Based Fire Alarm System using PIC Microcontroller
Design and Construction of GSM Based Fire Alarm System using PIC MicrocontrollerDesign and Construction of GSM Based Fire Alarm System using PIC Microcontroller
Design and Construction of GSM Based Fire Alarm System using PIC Microcontrollerijtsrd
 
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...Arunkumar Gowdru
 
ARM7-ARCHITECTURE
ARM7-ARCHITECTURE ARM7-ARCHITECTURE
ARM7-ARCHITECTURE Dr.YNM
 
Antenna PARAMETERS
Antenna PARAMETERSAntenna PARAMETERS
Antenna PARAMETERSAJAL A J
 
Coal Mine Safety Monitoring and Alerting System
Coal Mine Safety Monitoring and Alerting SystemCoal Mine Safety Monitoring and Alerting System
Coal Mine Safety Monitoring and Alerting SystemIRJET Journal
 
Zeroth Review Model Slide
Zeroth Review Model SlideZeroth Review Model Slide
Zeroth Review Model Slideenggshankar
 
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLSINTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLSJOLLUSUDARSHANREDDY
 
Virtual instrumentation9898
Virtual instrumentation9898Virtual instrumentation9898
Virtual instrumentation9898rollno21
 
human detection robot
human detection robothuman detection robot
human detection robotS Ayub
 
519 transmission line theory
519 transmission line theory519 transmission line theory
519 transmission line theorychanjee
 
Fundamentals of Designing with Sensors
Fundamentals of Designing with SensorsFundamentals of Designing with Sensors
Fundamentals of Designing with SensorsAnalog Devices, Inc.
 
Shiv smart door ppt
Shiv smart door pptShiv smart door ppt
Shiv smart door pptMahesh Patil
 
iot industry automation
iot industry automationiot industry automation
iot industry automationmansi sharma
 

Mais procurados (20)

Design and Construction of GSM Based Fire Alarm System using PIC Microcontroller
Design and Construction of GSM Based Fire Alarm System using PIC MicrocontrollerDesign and Construction of GSM Based Fire Alarm System using PIC Microcontroller
Design and Construction of GSM Based Fire Alarm System using PIC Microcontroller
 
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
Microcontrollers(8051) Notes written by Arun Kumar G, Associate Professor, De...
 
ARM7-ARCHITECTURE
ARM7-ARCHITECTURE ARM7-ARCHITECTURE
ARM7-ARCHITECTURE
 
Antenna PARAMETERS
Antenna PARAMETERSAntenna PARAMETERS
Antenna PARAMETERS
 
Coal Mine Safety Monitoring and Alerting System
Coal Mine Safety Monitoring and Alerting SystemCoal Mine Safety Monitoring and Alerting System
Coal Mine Safety Monitoring and Alerting System
 
Sensors
SensorsSensors
Sensors
 
Zeroth Review Model Slide
Zeroth Review Model SlideZeroth Review Model Slide
Zeroth Review Model Slide
 
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLSINTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
INTERRUPT ROUTINES IN RTOS EN VIRONMENT HANDELING OF INTERRUPT SOURCE CALLS
 
Task assignment and scheduling
Task assignment and schedulingTask assignment and scheduling
Task assignment and scheduling
 
Array antennas
Array antennasArray antennas
Array antennas
 
Virtual instrumentation9898
Virtual instrumentation9898Virtual instrumentation9898
Virtual instrumentation9898
 
human detection robot
human detection robothuman detection robot
human detection robot
 
Visitor counter
Visitor counterVisitor counter
Visitor counter
 
Magic tee
Magic tee Magic tee
Magic tee
 
519 transmission line theory
519 transmission line theory519 transmission line theory
519 transmission line theory
 
Fundamentals of Designing with Sensors
Fundamentals of Designing with SensorsFundamentals of Designing with Sensors
Fundamentals of Designing with Sensors
 
Shiv smart door ppt
Shiv smart door pptShiv smart door ppt
Shiv smart door ppt
 
iot industry automation
iot industry automationiot industry automation
iot industry automation
 
Encoder
EncoderEncoder
Encoder
 
Array Antennas
Array AntennasArray Antennas
Array Antennas
 

Semelhante a Scada assessment case study

Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awarenesschrisjsmith
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...TI Safe
 
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityExtending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityReal-Time Innovations (RTI)
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft
 
OMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationOMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationGerardo Pardo-Castellote
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked Networks
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesChanmeet Singh
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinJavier Guillermo, MBA, MSc, PMP
 
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Capgemini
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesFitCEO, Inc. (FCI)
 
Convergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixConvergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixVerimatrix
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationJose María Carazo Cepedano
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation processAjay Ohri
 

Semelhante a Scada assessment case study (20)

Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awareness
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityExtending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
 
Linda Jackman - Oracle
Linda Jackman - OracleLinda Jackman - Oracle
Linda Jackman - Oracle
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring
 
OMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationOMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integration
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution Utilities
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
 
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
 
Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...
 
Scada
ScadaScada
Scada
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
 
Convergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixConvergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - Verimatrix
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applications
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and Automation
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation process
 
391 394
391 394391 394
391 394
 

Mais de Network Intelligence India

ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyNetwork Intelligence India
 

Mais de Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 

Último

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Último (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Scada assessment case study

  • 2. SCADA Assessment – Case Study NOTICE This document contains information which is the intellectual property of Network Intelligence (India) Pvt. Ltd. (also called NII Consulting). This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of NII. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. NII disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of NII; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of NII. NII retains the right to make changes to this document at any time without notice. NII makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. COPYRIGHT Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting is a registered trademark of Network Intelligence India Pvt. Ltd. TRADEMARKS Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Name K. K. Mookhey Title Principal Consultant Company Network Intelligence (India) Pvt. Ltd. Address 204 Eco Space, Off Old Nagardas Road, Andheri (East), Mumbai 400069 E – Mail kkmookhey@niiconsulting.com ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 3. SCADA Assessment – Case Study 1 Background Recently, we were assigned to perform network assessment of the SCADA Network for one of our clients. This case study outlines a brief introduction to SCADA, the sort of assessment we carried out, and typical vulnerabilities that can be found on SCADA systems 2 SCADA (Supervisory Control And Data Acquisition): It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based as described below:  Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.  Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind Farms, civil defense siren systems, and large communication systems.  Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption. Common system components:- A SCADA's System usually consists of the following subsystems:  A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.  A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.  Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.  Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.  Communication infrastructure connecting the supervisory system to the Remote Terminal Units. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 4. SCADA Assessment – Case Study SCADA Server / Control Centre Architecture Web Server RAID server SCADA DWeZones UPS Logger /EMS Firewall DMZ Workstation ISR NMS Zone Monit Printer SERVER oring Consoles GPS system S SERVERS SERVERS System (B&W) Syste Printer with Dual Rack Switch m Monitors (Colou r) ICCP Archival Development NID Server(PDS) Communication Server (N/W Intrusion SERVERS ROUTERS VIDEO Detection PROJECTION System) To other SYSTEM To Backup zones location of the site. The main subsystems are: 1. SCADA/EMS Subsystem 2. Inter-Site Communication ICCP Subsystem 3. Web Subsystem and the Security Infrastructure 4. ISR Subsystem (HIS) 5. Archive Subsystem 6. Network Management Subsystem 7. Video Projection System (VPS) 8. Development Subsystem 9. User Interface (UI) Subsystem 10. GPS Time & Frequency Subsystem 11. WAN Subsystem 12. LAN Subsystem 13. Peripheral Devices SCADA/EMS Subsystem: Carries out the SCADA processing and the EMS calculations, feeds the historical information server, sends the data to the operator Consoles. The SCADA functions are Data Acquisition, Data processing, Alarm, and Tagging. EMS functions are Network Status Processor, Optimal Power Flow, Contingency Analysis, Security enhancement and Voltage VAR dispatch. Inter-Site Communication ICCP Subsystem: The inter-site communication (or OAG -Open Access Gateway) subsystem, handles the communication with different (sites) zones of the client using the different communication protocols. The one zone (site) communicates to the other zones systems using the standard IEC870-6 (TASE.2)/ICCP protocol. It interfaces with the SCADA/EMS servers on ISD protocol. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 5. SCADA Assessment – Case Study Web Subsystem and the Security Infrastructure: The DMZ web subsystem is implemented with the SCADA/EMS server at site. Remote users can access the real-time data and displays through the DMZ web servers. Remote access is provided with appropriate permission and authorization mechanisms. The Web Access area is isolated by two Firewalls. The Web access system consists of Web server, Mail server and Data Replica Server. ISR Subsystem (HIS): The Information Storage and Retrieval subsystem stores user-defined data and events into the ORACLE-based historic database. The ISR system will store:  Real time database snapshot, storage and playback  Historical Information  SOE data  Alarm message log  Storage of files Archive Subsystem: The Archive subsystem provides centralized storage for whole system’s data. The Archive subsystem consists of an archive server and a tape autoloader to archive the information such as ISR data, Save cases, Source code files, System Backup (for restore) etc. Network Management Subsystem: The Network Management system monitors the interfaces to the SCADA/EMS servers, workstations, devices, and all SCADA/EMS gateway and routers and gathers performance statistics like resource utilisation. Video Projection System (VPS): VPS is a big display device with 8 segments of 67 inches size each. VPS is driven through a PC installed in its wall and connected on dual LAN Development Subsystem: Development System provides complete autonomous environment for future program development, application building, testing, and system integration, etc. for the system. User Interface (UI) Subsystem: The User Interface (UI) subsystem composed of workstation consoles with graphic cards to drive multiple monitors. GPS Time & Frequency Subsystem: The Time & Frequency subsystem (TFS) captures the GPS time and power system frequency, and synchronizes the time of all the servers and workstations via the LAN, using the standard Network Time Protocol (NTP). WAN Subsystem: The Wide Area Network (WAN) subsystem for connecting Main site and other sites comprises of routers and Modems and wide band communication link from ISP Network. Two Routers are installed in each zone for providing 2 Mbps (redundant) and 64 kbps Link. The main and backup sites are connected to each other through 2 Mbps channels. LAN Subsystem: The SCADA/EMS Local Area Network (LAN) subsystem provides the inter-connection of all the servers, workstations, and peripherals. LAN is formed with redundant standard Ethernet switches. Peripheral Devices: Loggers, Laser printers & Colour Video Copiers. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 6. SCADA Assessment – Case Study 3 Network Assessment Tools used for Assessment: Auditpro (in-house developed Auditing tool), NMAP, Nessus, Super scan, Initial Phase: Prior to the assessment we tried to get maximum information of SCADA from the vendor. We gathered the following information:  2 SCADA applications (Vendor A and Vendor B) were being used on different sites (zones) of the client’s network.  Vendor A’s tech support and Vendor B’s tech support were maintaining the individual site (Zone) of the client.  Vendor A’s SCADA applications were installed on Solaris OS. Oracle was being used as backend database.  Vendor A’s SCADA software was almost obsolete. There were no patches available for the SCADA software and underlying OS. Vendor A was about to withdraw the support for SCADA in the year 2011.  AREAVA’s SCADA applications were installed on the windows 2003 servers and Open VMS operating systems.  Vendor B’s SCADA applications were using its own proprietary database known as DB431.  Also, Client were using Oracle as database for some additional applications connected to the SCADA network.  A previously conducted Vulnerability Assessment by a different consulting firm on the SCADA Servers has resulted in the SCADA servers crashing during the port scanning stage itself. Armed with the above information, we proceeded to perform the vulnerability assessment first on the test environment of the SCADA (Vendor A’s SCADA product). This was completed successfully without any SCADA server crash. The results were emailed to Vendor A’s tech support and IT representatives of the customer. We then proceeded for the actual assessment. Vulnerabilities discovered The following vulnerabilities were discovered  All the operating systems were in a default configuration without any hardening having been done to the extent that: o Many vulnerable services i.e. echo, daytime, finger were found running on the Windows and Solaris Operating Systems. o Vulnerable services like telnet, BOOTP, source routing, SNMPv2 with default community string public and private were found on the network devices. o Oracle Databases were also not hardened for example we found scott, system user had been given full administrative privilege on database server. o No Patches had been applied on any of the systems ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 7. SCADA Assessment – Case Study o Older IOS/Firmware were being used on the network devices i.e. router, switches, firewall. o No password policy was defined for the SCADA Network. o Administrator credentials of SCADA servers were commonly being shared with all users. o Password being used for administrative accounts on Windows servers and databases, network devices were easily guessable. Network Segregation or the Lack of it  Some SCADA Servers were exposed to public network.  No VLAN was segregation was found.  The bridge connecting the SCADA network to the TCP/IP network was weakly configured – essentially in its default state Other side-effects During the assessment, the Nmap scan completed successfully. However, when we started with Nessus scans the SCADA applications crashed twice. Thankfully, there were redundant servers available for the crashed servers due to which no severe /major incident taken placed. But this showed that simply running a scan is enough to bring SCADA systems to their knees. 4 Root Cause Problems 1. SCADA systems are highly expensive and very mission-critical. Therefore, they are not tweaked or hardened once they’re up and running 2. SCADA systems are thought to be obscure – since no one knows how they work, no one is going to mess around with them, so why bother securing them 3. SCADA systems are thought to be isolated – but this has been shown to be false multiple times. Many SCADA systems are inter-connected to the corporate TCP/IP network or other TCP/IP networks opening them up to the same issues 4. SCADA vendors don’t bother with security. Once a multi-million dollars system is up and running it is just left as it is. So whether it is the Siemens network being attacked by the Stuxnet worm or others, SCADA systems are highly vulnerable due to vendor apathy 5 Conclusion SCADA systems should be treated as highly vulnerable and can be the target of an attack. SCADA attacks are moving out of the realm of science fiction movies and are very much a reality today. Yet organizations continue to adopt a lax stance towards securing SCADA networks. The very first step should be to conduct a thorough assessment of these systems. This has to be done with care since these systems turn out to be highly susceptible to attacks. Stuxnet is a major wake up call to all organizations who thought SCADA systems would never come under attack. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com