Professional Documents
Culture Documents
Agenda
Introduction Cisco and control system security Review of cyber threats, vulnerabilities, and countermeasures Addressing the need for secure SCADA
A sampling of cyber security initiative standards Assessment of security products Need for testing industrial-network devices SCADA protocol enhancement
Conclusion
http://www.cisco.com/go/ciag/
2003, Cisco Systems, Inc. All rights reserved.
Research Sponsorship
2003, Cisco Systems, Inc. All rights reserved.
Implementation
Insecure coding practices Narrow focus on functionality testing
Implementation
TCP/IP stack issues? Protocol flaws? OS/App flaws? Windows HMI Flaws WEP Flaws Network infrastructure device DoS
Configuration
802.11 Defaults (no WEP) Weak/default passwords Inadequate filtering on router/firewall OS defaults
10
AGA 12-1 Cryptographic Protection of SCADA Communications Goal is to protect Master-Slave(RTU) communication links from a variety of active/passive attacks Develops standard retrofit solution for insecure communication links via cryptographic modules
Dialup Frame Relay Microwave and other Serial Links
Encryption and key management protocol developed specifically for low-latency applications
Low speed links Short Messages Request/Response Polled Messages
11
12
13
Cross-sector effort to identify and consolidate best practices for Manufacturing & Control System (MC&S) Environment Three Technical Reports to be released in 2003
Security Technologies for M&CS Integrating Electronic Security into M&CS Audit and Metrics for Security Performance
http://www.isa.org
14
Spawned effort to develop specific reference architectures for specific M&CS applications Lots of questions can be used drive research
15
16
17
18
19
20
21
Conclusions
As with the terrorism, cyber risk models are tricky
How can we determine the probability? Should we focus on vulnerabilities or threats?
Multiple ongoing security initiatives that document and develop near-term SCADA security solutions
Will best-practices be used? Are practitioners actually engaged? How will customer requirements be integrated?
Significant amount of research, testing, and analysis is needed to identify threats, unique vulnerabilities, and effective countermeasures
Will there be a market demand? Or regulation? How can information-sharing obstacles be overcome?
Feedback?
2003, Cisco Systems, Inc. All rights reserved.
22
This presentation:
http://www.io.com/~mdfranz/papers/
23