Cyber-security of SCADA and Other Industrial Control Systems (eBook)

Acknowledgements 6
Contents 8
About the Authors 10
Chapter 1: Introduction and Preview 21
1.1 The Structure and Functions of an ICS 22
1.1.1 Key Segments of an ICS 22
1.1.2 Safety and Reliability in ICS 24
1.1.3 Security of ICS Field Network Components 27
1.2 Preview of this Book 28
References 33
Chapter 2: Components of Industrial Control Systems 34
2.1 Introduction 34
2.2 Industrial Control System Functional Components 35
2.2.1 Programmable Logic Controller 35
2.2.2 Remote Terminal Unit 36
2.2.3 Intelligent Electronic Device 38
2.2.4 Engineering Workstation 39
2.2.5 Human Machine Interface 39
2.2.6 Data Historian 40
2.2.7 Communications Gateways 41
2.2.8 Front End Processor 41
2.2.9 ICS Field Devices 41
2.3 Types of ICS 43
2.3.1 Process Control System 43
2.3.2 Safety Instrumented System 43
2.3.3 Distributed Control System 43
2.3.4 Building Automation System 44
2.3.5 Supervisory Control and Data Acquisition 45
2.3.6 Energy Management System 46
2.3.7 Other Type of ICSs 46
References 46
Chapter 3: Wireless Infrastructure in Industrial Control Systems 48
3.1 Introduction 48
3.2 Wireless Technologies for ICSs 49
3.2.1 WirelessHART 50
3.2.2 ISA 100.11a Standard 52
3.2.3 Z-Wave 53
3.2.4 Zigbee 53
3.2.5 Bluetooth 54
3.2.6 Microwave 54
3.2.7 Satellite 55
3.3 Cyber and Physical Threats to Wireless ICSs 55
3.3.1 Generic Threat Model 55
3.3.2 Specific Threats for Wireless ICS Technologies 56
3.3.3 Desired Security Mechanisms 58
3.3.4 Additional Security Mechanisms 61
3.4 Integration of Wireless Technologies to an Existing ICS Infrastructure: Smart Grid and Micro-Grid Case 62
3.4.1 FIU Smart Grid Testbed 62
3.4.2 Test Case: Handling Islanding Situation via Wireless Communication 64
3.5 Summary and Conclusions 66
References 66
Chapter 4: Operational Technology and Information Technology in Industrial Control Systems 69
4.1 Introduction 69
4.2 Difference Between IT and OT 70
4.2.1 Operational 70
4.2.1.1 Operational Objectives 71
Safety 71
Environmental 72
Societal Dependencies 72
Physical Infrastructure 73
4.2.1.2 High Availability Requirements 73
4.2.1.3 Geographic Location 74
4.2.2 Technological 75
4.2.2.1 Limited Support for Security Mechanisms 75
4.2.2.2 Embedded Systems 75
4.2.2.3 Network Protocols 76
4.2.2.4 Real-Time Performance 77
4.2.2.5 Legacy and Esoteric Technologies 78
4.2.2.6 Cyber-Physical Risk Analysis 78
4.2.3 Managerial 79
4.2.3.1 Long Lifecycle 79
4.2.3.2 Financial Investments 80
4.2.3.3 Vendors & Procurement
4.2.3.4 Managerial Domains 81
4.3 Convergence of IT Technologies into ICSs 82
4.3.1 Mobile Computing 82
4.3.2 Cloud Computing 83
4.3.3 Internet of Things and Smart Cities 83
4.4 Summary and Conclusions 84
References 84
Chapter 5: Threats in Industrial Control Systems 87
5.1 Introduction 87
5.2 The ICS Threat Landscape: A Paradigm Shifted 88
5.3 Organizational Threats 89
5.3.1 The Executive Level 90
5.3.2 The Chief Information Security Officer 90
5.3.3 Cultural Differences 91
5.3.4 Education and Training 91
5.3.5 Depreciation Cycle 92
5.3.6 ICT Security Standards 93
5.3.7 Procurement 93
5.4 Architecture and Technology Threats 94
5.4.1 Old Technology 94
5.4.2 Insecurity by Design 94
5.4.3 New functionality for Old Packaging 95
5.4.4 Protocols 95
5.5 Networking and Telecommunications 97
5.5.1 Operational Environment 97
5.5.2 Remote Network Access 98
5.5.3 Dependencies of ICT Systems 98
5.5.4 Direct Connection to the Internet 99
5.6 Human Factors 99
5.6.1 User Awareness 100
5.6.2 Policies and Procedures 100
5.6.3 Disgruntled Employees 100
5.7 Operations and maintenance of ICS 100
5.7.1 Passwords 101
5.7.2 Who Is “Empowered”? 101
5.7.3 Change Management 101
5.7.4 Patching 102
5.7.5 Malware Protection 103
5.7.6 Hardware Access and Networking 103
5.8 The ICS Environment 104
5.8.1 Physical Security 104
5.8.2 Dependencies 104
5.8.3 Third Parties on Site 105
5.8.4 Remote Access 106
5.9 Summary and Conclusions 106
References 107
Chapter 6: Attacks on Industrial Control Systems 112
6.1 Introduction 112
6.2 Overview 113
6.2.1 Known Attacks 113
6.2.2 General Attack Methods 114
6.2.3 Rootkits 117
6.2.4 Example Notional System 118
6.2.5 Capture the Flag and ICS-CERT 120
6.3 Stuxnet Attack 122
6.3.1 Background 122
6.3.2 Deployment and Propagation 123
6.3.3 Effects 126
6.4 Summary and Conclusions 127
References 127
Chapter 7: Security Taxonomies of Industrial Control Systems 128
7.1 Introduction 128
7.2 Overview 129
7.2.1 Taxonomy Examples 129
7.2.2 Vulnerability Taxonomies 131
7.2.3 Attack Taxonomies 133
7.2.3.1 Attack-Vulnerability-Damage Model (Fleury et al. 2008) 135
7.2.3.2 A Taxonomy of Targeted Attack (Line et al. 2014) 136
7.2.3.3 Taxonomy of Cyber Attacks on SCADA Systems (Zhu et al 2011) 138
7.2.4 Comparison of Taxonomy Area of Interest 139
7.3 Emerging Developments and Research 139
7.3.1 A Proposed Taxonomy for Vulnerabilities 139
7.3.2 Ontological Approaches to SCADA Vulnerabilities or Attacks 141
7.3.3 Cyber Attacker Taxonomy 143
7.3.3.1 Incident-Based Matrix 146
7.4 Future Developments and Directions 146
7.5 Summary and Conclusions 147
References 148
Chapter 8: Cyber Risk in Industrial Control Systems 150
8.1 Introduction 150
8.2 Approaches to Risk Modeling and Analysis 151
8.2.1 Expert Elicited Models 151
8.2.2 Attack Graphs 153
8.2.3 Games 154
8.2.4 Petri Nets 155
8.2.5 Stochastic Cyber Attack Models with Petri Nets 159
8.3 Petri Nets for Control Systems 164
8.3.1 Attack Model 164
8.3.2 Computing State Reachability 167
8.3.3 Reachability under Monotonicity 168
8.3.4 Measuring Risk 169
8.3.5 Backtracking for Risk Management Planning 170
8.4 An Example Petri Net Analysis of a Control System 172
8.5 Summary and Conclusions 181
References 182
Chapter 9: Security Metrics in Industrial Control Systems 184
9.1 Introduction 184
9.2 Motivation 185
9.3 Background on Resilience Metrics 185
9.3.1 What Makes a Good Metric? 185
9.3.2 Metrics for IT Systems 188
9.3.3 Metrics for ICS Networks 190
9.4 Approaches for ICS Metrics 193
9.4.1 Cyber Resilience Matrix Example 193
9.4.2 Network Simulation Example 195
9.5 Tips for Generating Metrics 197
9.5.1 Generalized Metric Development Process 197
9.5.2 Best Practices in Metric Development and Validation 198
9.6 Summary and Conclusions 199
References 200
Chapter 10: Situational Awareness in Industrial Control Systems 203
10.1 Introduction 203
10.2 Cyber-Physical Systems are Complex 205
10.3 SA as a Human-driven Process 207
10.4 Cyber Kill Chain: Adversarial Reasoning 210
10.5 Stuxnet Through the Cyber Kill Chain: An ICS Example 213
10.5.1 Phase 1: Recon and Probing—Stuxnet Development 213
10.5.2 Phase 2: Stuxnet Delivery 214
10.5.3 Phase 3: Exploiting SCADA Systems 215
10.5.4 Phases 4 and 5: Stuxnet’s Foothold and Control 216
10.5.5 Phase 6: Stuxnet in Action 217
10.6 Guidelines 218
10.6.1 Expertise of the Operator(s) Responsible for Developing SA 218
10.6.2 Sensors and Data 219
10.6.3 System Documentation, Assessment, and “Blue Teaming” 220
10.6.4 Automation 221
10.6.5 Limiting Human Actions and Physical Parameter Controls 222
10.7 Summary and Conclusions 222
References 223
Chapter 11: Intrusion Detection in Industrial Control Systems 225
11.1 Introduction 225
11.2 Background 226
11.2.1 Motivation for Intrusion Detection Systems (IDSs) in Industrial Control Systems (ICSs) 226
11.2.2 Early Intrusion Detection Systems 226
11.2.3 Evolution from Early to Modern IDSs 227
11.3 Modern Intrusion Detection Techniques 228
11.3.1 Host-Based Intrusion Detection Systems (HIDS) 228
11.3.2 Network-Based Intrusion Detection Systems (NIDS) 229
11.3.2.1 Signature-Based Intrusion Detection Methods 229
11.3.2.2 Non-signature-Based Intrusion Detection Methods 230
11.3.2.3 Methods Used in Practice 230
11.4 Intrusion Detection in ICSs 231
11.4.1 Anatomy of An Industrial Control System 231
11.4.2 Host-Based Intrusion Detection Systems (HIDS) in ICSs 232
11.4.3 Network-Based Intrusion Detection Systems (NIDS) in ICSs 233
11.4.3.1 Signature-Based Intrusion Detection Methods in ICSs 233
11.4.3.2 Non-Signature-Based Intrusion Detection Methods in ICSs 234
Early Examples (Before 2010) 234
Recent Examples (2010 or After) 235
11.5 Process-Oriented Intrusion Detection 237
11.5.1 Overview 237
11.5.1.1 Semantic Security Modeling from Network Traffic Data 238
11.5.1.2 ARL Collaborative Modeling using SME Input, Network Traffic Data, and Process Monitoring Data 238
11.5.2 ARL Collaborative Intrusion Detection: A Case Study of a Sample Plant 239
11.5.2.1 Background: Description of a Plant 240
Physical Plant Model 240
Implementation: Electronic Plant Model 241
Plant Control Network 242
Human Machine Interface (HMI) 242
PLC/Regulator (PID Controller) 243
Network Traffic Monitor 243
Independent High-Speed Sensor 244
11.5.2.2 Configuration of Plan Security Monitoring Model 244
Inference of Critical Values from Network Traffic Data 244
Determination of Critical Values from SME Input and Network Traffic Data 245
Model Refinement and Verification using Network Traffic Data 246
Model Refinement and Verification using Out-of-Band Data (High speed sensor) 248
11.5.2.3 Intrusion Detection Alerting 249
11.6 Summary and Conclusions 251
References 252
Chapter 12: Cyber Physical Intrusion Detection 254
12.1 Introduction 254
12.2 Leveraging Physical Monitoring in ICS Cybersecurity 255
12.3 Example—SCADA Cybersecurity Monitoring Using Power Fingerprinting 256
12.3.1 Monitoring Physical Side-Channels to Detect Malicious Intrusions and Unauthorized Execution 257
12.3.2 Integrity Assessment and Intrusion Detection 257
12.3.3 Characterization 258
12.3.4 PFP Advantages and Limitations 259
12.4 Case Study: Siemens S7-1200 Monitoring 259
12.4.1 The System 259
12.4.2 Baseline Reference Extraction 262
12.4.3 Detection Performance 263
12.5 Future Developments 265
12.6 Summary and Conclusions 265
References 266
Chapter 13: Experimental Methods for Control System Security Research 267
13.1 Introduction 267
13.2 Overview of the Approaches 268
13.2.1 Live, Virtual, Constructive 268
13.2.1.1 Real Time Digital Simulator (RTDS) 269
13.2.1.2 Critical Infrastructure Protection and Resiliency Simulator (CIPR/sim) 269
13.2.2 The Need for Cyber Analysis 269
13.2.2.1 Threat Analysis 270
13.2.2.2 LVC Supports Cyber Fidelity Requirements 271
13.2.2.3 Advanced Modeling Support for SCADA and ICS Applications 272
13.2.3 Modeling Methodology Applied to Industrial Control and SCADA Systems 272
13.2.3.1 Obtaining Modeled System Specification 275
13.3 Modeling Industrial Control and SCADA Systems Using Hybrid Testbed 276
13.3.1 Simulated and Emulated Devices Used in the Hybrid Testbed Experiment 277
13.3.1.1 Device Model: Simulated 277
13.3.1.2 Device Model: Emulated 279
13.3.1.3 Device Model: Physical 279
13.3.2 Industrial Control and SCADA Systems Security Assessment Demonstration Experiment and Setup 279
13.3.2.1 Global Internet-like System 281
13.3.2.2 Enterprise Networked Information Systems 281
13.3.2.3 Supervisory Control and Data Acquisition (SCADA) System 282
13.3.2.4 Models, Simulations, and Emulations Used in Demonstration Experiment 284
Device Representations 284
Application and Traffic Representations 285
13.3.3 Industrial Control and SCADA Systems Security Assessment Demonstration Experiment—Security Mechanisms Use Case 285
13.3.3.1 Analysis of Cyber-Attacks Targeting the Business Network 286
13.3.3.2 Analysis of Cyber-Attacks Against the Control System Network 287
13.3.4 Data Collection and Analytics in Hybrid Testbed Experiments 289
13.4 Summary and Conclusions 289
References 290
Chapter 14: Governance and Assessment Strategies for Industrial Control Systems 292
14.1 Introduction 292
14.2 Overview 293
14.2.1 A Motivating Story 293
14.2.2 Some Definitions 295
14.2.3 Purpose of Governance 298
14.2.4 Groups Issuing ICS Governance 298
14.2.5 ICS Assessments 299
14.3 Examples of ICS Assessment Processes 302
14.3.1 NIST Cybersecurity Framework 302
14.3.2 Department of Energy (DoE) and DHS Cyber Capability Maturity Model (C2M2) 306
14.3.3 Robust ICS Planning & Evaluation (RIPE) Framework
14.3.4 DHS ICS Cyber Emergency Response Team (CERT) Cyber Security Evaluation Tool (CSET) 311
14.3.5 Overview of Assessment Methodologies 315
14.4 Summary and Conclusions 316
References 317
Chapter 15: Responding to Attacks on Industrial Control Systems and SCADA Systems 318
15.1 Introduction 318
15.2 Cyber Warfare 319
15.2.1 Jus ad bellum (“Right to War”) 319
15.2.2 Use of Force 320
15.2.3 Schmitt Analytical Framework 321
15.2.4 Mitigation and Response 322
15.3 Case Study Analyses for Use of Force 323
15.3.1 China Case Study 324
15.3.2 Iran Case Study 328
15.3.3 Havex Case Study 331
15.4 Summary and Conclusions 334
References 335
Chapter 16: In Conclusion: The Future Internet of Things and Security of Its Control Systems 336
16.1 Introduction 336
16.2 Overview of Change in Control Systems 337
16.2.1 Industrial Revolution: Earliest Times to the Present 337
16.2.2 Sustainability of an Industrial Enterprise 338
16.2.2.1 Economic Factors 338
16.2.2.2 Environmental Factors 339
16.2.2.3 Social Factors 339
16.2.2.4 The Future 339
16.2.3 The Internet of Things (IoT) 340
16.2.3.1 Global Development of the IIoT 340
16.2.3.2 Expected Impact 341
16.3 Game Changers in the Future ICS and IoT Security 342
16.3.1 Construction of the Future IoT 344
16.3.1.1 Devices 344
Miniaturization of End Devices and Sensors 344
Mobility and Wearable Devices 345
16.3.1.2 Materials and Material Processes 347
Advances in Materials 347
3D Manufacturing 348
16.3.1.3 Automation and Robotics 349
Automation and Artificial Intelligence 349
Robotics 350
Nanobots 351
16.3.1.4 Software 352
Software and Applications 352
16.3.2 Users of the Future IoT 354
16.3.2.1 Industrial Plant Users 354
Plant Control Methods 354
Data Transfer Media in Plants 355
Smart Sensors 355
The Network Layer 356
16.3.2.2 Consumers 357
16.3.3 Support for the Future IoT 357
16.3.3.1 Computing and Infrastructure 357
Industrial Control Efficiency 357
Networks and Infrastructure 358
New Territories for Network Complexity 359
Computing and Cloud Services 360
New Computing Paradigms 360
16.3.3.2 Government and Industry Guidance and Collaboration 361
16.4 Predictions and Potential Solutions 362
16.4.1 Resilient Self-Adaption 363
16.4.2 Mixed-Trust Systems 363
16.4.3 Big Data Analytics 363
16.4.4 Proactive Threat Responsiveness 364
16.5 Summary and Conclusions 364
References 365