SlideShare uma empresa Scribd logo

A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'s Critical Infrastructure

Transferir como PPTX, PDF
Christopher Klaus
Christopher Klaus

Discussion on next steps for researching cybersecurity issues of control systems.

1 de 16
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation's Critical Infrastructure Christopher Klaus Cyber Defense Laboratory Western Kentucky University SCADA Cyber Attack Data Warehouse User Facility UNCLASSIFIED 1
Significations of SCADA Vulnerabilities  Maroochy Shire Sewage Spill In 2000, a disgruntled rejected employee remotely accessed sewerage pumping stations, releasing millions of liters of raw sewage into nearby rivers and parks.  Davis-Besse power plant In 2003, the Nuclear Regulatory Commission confirmed the Slammer worm infected Davis-Besse nuclear power plant's SCADA network, disabling a safety monitoring system for nearly 5 hours and the plant’s process computer for almost 6 hours.  SX Train Signaling System In 2003, the Sobig virus infected the CSX train control computer, shutting down the train/track signaling systems in the entire east cost of the U.S. Train services were delayed for 4 to 6 hours.  Worcester Air Traffic Communications In 1997, a teenager knocked out phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower’s main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress. 2 UNCLASSIFIED
Objectives  Initiate a testing model of competing teams (Red & Blue) to alternatively attack and defend a target SCADA system being evaluated.  Implement INTERROGATOR architecture with example SCADA systems to capture SCADA cyber attacks [network traffic data].  Store SCADA cyber attack data in NACMAST Enterprise Data Warehouse.  Demonstrate research utility of SCADA vulnerability testing, and of stored SCADA cyber attack data.  Expand the model from a SCADA Laboratory to the Biosphere 2 for a SCADA Testbed User Facility for use by various researchers.  Make the SCADA cyber attack data on the NACMAST Enterprise Data Warehouse available for use by researchers as another component of the User Facility. 3 UNCLASSIFIED
F O U R C O M P O N E N T S • SCADA Laboratory • INTERROGATOR Architecture • NACMAST Enterprise Data Warehouse • Biosphere 2 User Facility Hardware Overview UNCLASSIFIED 4
SCADA Laboratory 5 UNCLASSIFIED 5 Motors, Drives, Actuators Sensors and other Input/Output Devices Programmable Logic Controllers (PLC) Human Machine Interface (HMI) PC Based Controllers Ethernet Remote Terminal Unit (RTU) A SCADA Laboratory will be an initial environment for performing and defending against SCADA Cyber attacks. This environment will also allow testing of appropriate data capture methods and confirm the research utility before expanding to the level of a User Facility. SCADA Laboratory Firewall
INTERROGATOR Architecture 6 UNCLASSIFIED SCADA Laboratory Firewall Sensors Network sensors on the SCADA Laboratory’s firewall to transfer raw traffic subsets to the NACMAST Enterprise Data Warehouse.
NACMAST Enterprise Data Warehouse  Description  A large capacity warehouse to hold Cyber attack data for retrospective analysis.  A matrix of storage arrays for both DoD and non-DoD purposes  Mission  To perform retrospective analysis on Cyber attack data  To develop tools to aid in retrospective analysis  Status  Ready to collect and store SCADA cyber attack data UNCLASSIFIED 7
Biosphere 2 as a User Facility 8 UNCLASSIFIED  The Biosphere 2 is currently controlled by SCADA systems.  The Biosphere 2 is a good representative of Critical Infrastructures.  Leveraging the SCADA Laboratory implementation, the Biosphere 2 would gain the ability to capture SCADA cyber attacks.
F O U R C O M P O N E N T S • Red and Blue Teams • SCADA Cyber Attack Data Analysis • Vulnerability Evaluation of Industry SCADA Systems User Facility Research Overview UNCLASSIFIED 9
Red and Blue Teams  Red & Blue teams would alternate attack and defense activities using the SCADA Laboratory and eventually the Biosphere 2.  These teams would development SCADA cyber attacks and defenses against attacks, such as:  Unauthorized Command Execution  SCADA Denial of Service  SCADA Man-in-the-Middle  Replay  Malicious Service Commands  SCADA cyber attack profiles will be stored for training and research. UNCLASSIFIED 10
SCADA Cyber Attack Data Analysis  Utilization of Autonomic Cyber Security to detect abnormal behavior.  Classification of known SCADA cyber attacks using data mining techniques (e.g. neural networks, wavelet analysis, genetic algorithms).  Pattern recognition of SCADA cyber attacks using data mining techniques .  Neural network prediction of SCADA cyber attacks based on identified patterns. 11 UNCLASSIFIED
Vulnerability Evaluation of SCADA Systems  Installation of SCADA systems from various vendors could be tested with the SCADA cyber attack profiles to determine vulnerabilities.  Methods used to harden other SCADA systems against such attacks could then be applied to determine if these defensive methods work for that vendor’s system. 12 UNCLASSIFIED
O N E C O M P O N E N T • NACMAST Enterprise SCADA Training User Training Overview UNCLASSIFIED 13
NACMAST Enterprise SCADA Training  Training for researchers, analysts and other participants will covers User Facility components  SCADA cyber attack data on the NACMAST Enterprise Data Warehouse  Utilization of the Biosphere 2 for specific SCADA systems  Training encompasses:  Requirements for SCADA system installation at Biosphere 2  Best practices for Red and Blue team attack and defense activities with SCADA systems.  Use of IDS tools available NACMAST Enterprise Data Warehouse  Vulnerability assessment of SCADA systems  Threat assessment  Methods to harden SCADA systems  Research using stored SCADA cyber attack data UNCLASSIFIED 14
Summary  Prototype a SCADA Testbed environment that allows capture of SCADA cyber attack data.  Collect a variety and significant amount of SCADA cyber attacks in the NACMAST Enterprise Data Warehouse.  Utilize Red & Blue teams for one method of research and analysis of stored data for another method.  Leverage knowledge gained to turn the Biosphere 2 into a SCADA Cyber Attack Data Warehouse User Facility.  Invite researchers to utilize this User Facility.  Invite industry to implement their SCADA systems for vulnerability testing. 15 UNCLASSIFIED
Questions? 16 UNCLASSIFIED

Recomendados

Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scadabhavuksharma10
 
Intrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkIntrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkVinayak Raja
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 

Recomendados

Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineKaspersky
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scadabhavuksharma10
 
Intrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkIntrusion detection in wireless sensor network
Intrusion detection in wireless sensor networkVinayak Raja
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...IAEME Publication
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detectionLikan Patra
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA SecurityNarinrit Prem-apiwathanokul
 
Satrack
SatrackSatrack
SatrackAmlanMusib
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
CDL Scada Security Poster
CDL Scada Security PosterCDL Scada Security Poster
CDL Scada Security PosterChristopher Klaus
 
Cdl Scada Poster V2
Cdl Scada Poster V2Cdl Scada Poster V2
Cdl Scada Poster V2keithandrew
 
Scada slide
Scada slideScada slide
Scada slideTowfiqur Rahman
 
First SCADA LAB International Workshop
First SCADA LAB International WorkshopFirst SCADA LAB International Workshop
First SCADA LAB International WorkshopScadaLab Project
 
SCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfSCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfebrahimbadushata00
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksInternational Journal of Engineering Inventions www.ijeijournal.com
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009Narinrit Prem-apiwathanokul
 
SCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technologyijtsrd
 

Mais conteúdo relacionado

Mais procurados

Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...IAEME Publication
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detectionLikan Patra
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADAcsandit
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 

Mais procurados (11)

Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
 
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
A KEY LEVEL SELECTION WITHIN HASH CHAINS FOR THE EFFICIENT ENERGY CONSUMPTION...
 
Artificial neural network for misuse detection
Artificial neural network for misuse detectionArtificial neural network for misuse detection
Artificial neural network for misuse detection
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
 
Improving SCADA Security
Improving SCADA SecurityImproving SCADA Security
Improving SCADA Security
 
Satrack
SatrackSatrack
Satrack
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 

Semelhante a A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'s Critical Infrastructure

Cdl Scada Poster V2
Cdl Scada Poster V2Cdl Scada Poster V2
Cdl Scada Poster V2keithandrew
 
First SCADA LAB International Workshop
First SCADA LAB International WorkshopFirst SCADA LAB International Workshop
First SCADA LAB International WorkshopScadaLab Project
 
SCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfSCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfebrahimbadushata00
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA NetworksIJRES Journal
 
SCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technologyijtsrd
 
IRJET- Sandbox Technology
IRJET- Sandbox TechnologyIRJET- Sandbox Technology
IRJET- Sandbox TechnologyIRJET Journal
 
IDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIRJET Journal
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014iotisrael
 
SCADA Networks is a supervisory control data acquisition network con.pdf
SCADA Networks is a supervisory control data acquisition network con.pdfSCADA Networks is a supervisory control data acquisition network con.pdf
SCADA Networks is a supervisory control data acquisition network con.pdfinfo382133
 
Cryptography and Authentication Placement to Provide Secure Channel for SCADA...
Cryptography and Authentication Placement to Provide Secure Channel for SCADA...Cryptography and Authentication Placement to Provide Secure Channel for SCADA...
Cryptography and Authentication Placement to Provide Secure Channel for SCADA...CSCJournals
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malwareAyed Al Qartah
 

Semelhante a A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'s Critical Infrastructure (20)

CDL Scada Security Poster
CDL Scada Security PosterCDL Scada Security Poster
CDL Scada Security Poster
 
Cdl Scada Poster V2
Cdl Scada Poster V2Cdl Scada Poster V2
Cdl Scada Poster V2
 
Scada slide
Scada slideScada slide
Scada slide
 
First SCADA LAB International Workshop
First SCADA LAB International WorkshopFirst SCADA LAB International Workshop
First SCADA LAB International Workshop
 
SCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdfSCADA forensic tools open source. What are they What they doSo.pdf
SCADA forensic tools open source. What are they What they doSo.pdf
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
 
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
 
Encryption Security in SCADA Networks
Encryption Security in SCADA NetworksEncryption Security in SCADA Networks
Encryption Security in SCADA Networks
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
SCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain TechnologySCADA Systems Vulnerabilities and Blockchain Technology
SCADA Systems Vulnerabilities and Blockchain Technology
 
IRJET- Sandbox Technology
IRJET- Sandbox TechnologyIRJET- Sandbox Technology
IRJET- Sandbox Technology
 
IDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in Cloud
 
Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014Securing Critical Iot Infrastructure, IoT Israel 2014
Securing Critical Iot Infrastructure, IoT Israel 2014
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
SCADA Networks is a supervisory control data acquisition network con.pdf
SCADA Networks is a supervisory control data acquisition network con.pdfSCADA Networks is a supervisory control data acquisition network con.pdf
SCADA Networks is a supervisory control data acquisition network con.pdf
 
Cryptography and Authentication Placement to Provide Secure Channel for SCADA...
Cryptography and Authentication Placement to Provide Secure Channel for SCADA...Cryptography and Authentication Placement to Provide Secure Channel for SCADA...
Cryptography and Authentication Placement to Provide Secure Channel for SCADA...
 
Defending against industrial malware
Defending against industrial malwareDefending against industrial malware
Defending against industrial malware
 
SCADA by K.LIPESH
SCADA by K.LIPESH SCADA by K.LIPESH
SCADA by K.LIPESH
 

A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'s Critical Infrastructure

  • 1. A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation's Critical Infrastructure Christopher Klaus Cyber Defense Laboratory Western Kentucky University SCADA Cyber Attack Data Warehouse User Facility UNCLASSIFIED 1
  • 2. Significations of SCADA Vulnerabilities  Maroochy Shire Sewage Spill In 2000, a disgruntled rejected employee remotely accessed sewerage pumping stations, releasing millions of liters of raw sewage into nearby rivers and parks.  Davis-Besse power plant In 2003, the Nuclear Regulatory Commission confirmed the Slammer worm infected Davis-Besse nuclear power plant's SCADA network, disabling a safety monitoring system for nearly 5 hours and the plant’s process computer for almost 6 hours.  SX Train Signaling System In 2003, the Sobig virus infected the CSX train control computer, shutting down the train/track signaling systems in the entire east cost of the U.S. Train services were delayed for 4 to 6 hours.  Worcester Air Traffic Communications In 1997, a teenager knocked out phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower’s main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress. 2 UNCLASSIFIED
  • 3. Objectives  Initiate a testing model of competing teams (Red & Blue) to alternatively attack and defend a target SCADA system being evaluated.  Implement INTERROGATOR architecture with example SCADA systems to capture SCADA cyber attacks [network traffic data].  Store SCADA cyber attack data in NACMAST Enterprise Data Warehouse.  Demonstrate research utility of SCADA vulnerability testing, and of stored SCADA cyber attack data.  Expand the model from a SCADA Laboratory to the Biosphere 2 for a SCADA Testbed User Facility for use by various researchers.  Make the SCADA cyber attack data on the NACMAST Enterprise Data Warehouse available for use by researchers as another component of the User Facility. 3 UNCLASSIFIED
  • 4. F O U R C O M P O N E N T S • SCADA Laboratory • INTERROGATOR Architecture • NACMAST Enterprise Data Warehouse • Biosphere 2 User Facility Hardware Overview UNCLASSIFIED 4
  • 5. SCADA Laboratory 5 UNCLASSIFIED 5 Motors, Drives, Actuators Sensors and other Input/Output Devices Programmable Logic Controllers (PLC) Human Machine Interface (HMI) PC Based Controllers Ethernet Remote Terminal Unit (RTU) A SCADA Laboratory will be an initial environment for performing and defending against SCADA Cyber attacks. This environment will also allow testing of appropriate data capture methods and confirm the research utility before expanding to the level of a User Facility. SCADA Laboratory Firewall
  • 6. INTERROGATOR Architecture 6 UNCLASSIFIED SCADA Laboratory Firewall Sensors Network sensors on the SCADA Laboratory’s firewall to transfer raw traffic subsets to the NACMAST Enterprise Data Warehouse.
  • 7. NACMAST Enterprise Data Warehouse  Description  A large capacity warehouse to hold Cyber attack data for retrospective analysis.  A matrix of storage arrays for both DoD and non-DoD purposes  Mission  To perform retrospective analysis on Cyber attack data  To develop tools to aid in retrospective analysis  Status  Ready to collect and store SCADA cyber attack data UNCLASSIFIED 7
  • 8. Biosphere 2 as a User Facility 8 UNCLASSIFIED  The Biosphere 2 is currently controlled by SCADA systems.  The Biosphere 2 is a good representative of Critical Infrastructures.  Leveraging the SCADA Laboratory implementation, the Biosphere 2 would gain the ability to capture SCADA cyber attacks.
  • 9. F O U R C O M P O N E N T S • Red and Blue Teams • SCADA Cyber Attack Data Analysis • Vulnerability Evaluation of Industry SCADA Systems User Facility Research Overview UNCLASSIFIED 9
  • 10. Red and Blue Teams  Red & Blue teams would alternate attack and defense activities using the SCADA Laboratory and eventually the Biosphere 2.  These teams would development SCADA cyber attacks and defenses against attacks, such as:  Unauthorized Command Execution  SCADA Denial of Service  SCADA Man-in-the-Middle  Replay  Malicious Service Commands  SCADA cyber attack profiles will be stored for training and research. UNCLASSIFIED 10
  • 11. SCADA Cyber Attack Data Analysis  Utilization of Autonomic Cyber Security to detect abnormal behavior.  Classification of known SCADA cyber attacks using data mining techniques (e.g. neural networks, wavelet analysis, genetic algorithms).  Pattern recognition of SCADA cyber attacks using data mining techniques .  Neural network prediction of SCADA cyber attacks based on identified patterns. 11 UNCLASSIFIED
  • 12. Vulnerability Evaluation of SCADA Systems  Installation of SCADA systems from various vendors could be tested with the SCADA cyber attack profiles to determine vulnerabilities.  Methods used to harden other SCADA systems against such attacks could then be applied to determine if these defensive methods work for that vendor’s system. 12 UNCLASSIFIED
  • 13. O N E C O M P O N E N T • NACMAST Enterprise SCADA Training User Training Overview UNCLASSIFIED 13
  • 14. NACMAST Enterprise SCADA Training  Training for researchers, analysts and other participants will covers User Facility components  SCADA cyber attack data on the NACMAST Enterprise Data Warehouse  Utilization of the Biosphere 2 for specific SCADA systems  Training encompasses:  Requirements for SCADA system installation at Biosphere 2  Best practices for Red and Blue team attack and defense activities with SCADA systems.  Use of IDS tools available NACMAST Enterprise Data Warehouse  Vulnerability assessment of SCADA systems  Threat assessment  Methods to harden SCADA systems  Research using stored SCADA cyber attack data UNCLASSIFIED 14
  • 15. Summary  Prototype a SCADA Testbed environment that allows capture of SCADA cyber attack data.  Collect a variety and significant amount of SCADA cyber attacks in the NACMAST Enterprise Data Warehouse.  Utilize Red & Blue teams for one method of research and analysis of stored data for another method.  Leverage knowledge gained to turn the Biosphere 2 into a SCADA Cyber Attack Data Warehouse User Facility.  Invite researchers to utilize this User Facility.  Invite industry to implement their SCADA systems for vulnerability testing. 15 UNCLASSIFIED

Notas do Editor

  1. As Critical Infrastructures have been connected to our Cyber Infrastructure, they have become vulnerable to cyber attacks.