Professional Documents
Culture Documents
•ICS’s are typically used in industries such as oil & gas production, power
generation and nuclear installations. ICS’s are specifically designed and
manufactured for the industrial environment, they are designed to be installed
for offshore and onshore applications.
Incident Description
2000 Maroochy Water A disgruntled former
Treatment ,Australia employee hacked into the
( SCADA system) system, took control of 150
pumping stations and released
1 million liters of raw sewage
into local parks, rivers and
even the grounds of a Hyatt
Regency hotel over a 3 month
period.
Observations •Radio communications commonly used in SCADA systems are often
insecure or improperly configured
•SCADA devices and software should be secured to the extent possible using
physical and logical controls
•Difficult to differentiate attacks from malfunctions
•Also recommended : Anti-virus , Firewall protection, Appropriate use of
encryption , Upgrade-able SCADA systems (from a security perspective) ,
Proper staff training and Security auditing and control.
2000 Maroochy Water Treatment
•What is a Firewall?
•Types of Firewalls
•Classes of Firewalls
•Overall Security Goals of ICS network Firewalls
•Common ICS network Segregation Architectures
Security means access control
Firewalls
•What is a Firewall?
A firewall is a mechanism used to control and monitor traffic to and from a network
for the purpose of protecting devices on the network. It compares the traffic passing
through it to a predefined security criteria or policy, discarding messages that do not
meet the policy’s
Security means access control
Firewalls
•Types of Firewalls
A firewall can come in many different designs and configurations
1. It can be a separate hardware device
physically connected to a network
(such as the Cisco ASA® or
the Symantec Security Gateway® firewalls)
Network traffic is sent in discrete groups of bits, called a packet. Each packet
typically contains a number of separate pieces of information, including (but
not limited to) items such as the:
• Sender's identity (Source Address).
• Recipient's identity (Destination Address).
• Service to which the packet pertains (Port Number).
• Network operation and status flags.
• Actual payload of data to be delivered to the service.
A firewall, determines what action to take with the packet, These decisions are
based on a series of rules commonly referred to as Access Control Lists (ACLs).
Security means access control
Firewalls
•Overall Security Goals of ICS network Firewalls
Ideally, a process control or SCADA network would be a closed system, accessible only
by trusted internal components such as the Human Machine Interface (HMI) stations
and data historians.
But
the need for external access from both corporate users and selected 3rd parties
exists
•production and maintenance management information needs to be relayed to
computers and users outside of the plant floor for management purposes
•vendors may need to access controllers for support purposes. Implicitly this means
that some network paths exist from the outside
Security means access control
Firewalls
•Overall Security Goals of ICS network Firewalls
The goal of the firewall, simply stated, is to minimize the risk of unauthorized access
(or network traffic) to internal components on the ICS systems. Such a risk
minimization strategy will typically include the following general objectives.
1. No direct connections from the Internet to the PCN/SCADA network and viceversa.
2. Restricted access from the enterprise network to the control network.
3. Unrestricted (but only authorized) access from the enterprise network to shared
PCN/enterprise servers
4. Secure methods for authorized remote support of control systems.
5. Secure connectivity for wireless devices (if used).
6. Monitoring of traffic attempting to enter and on the PCN.
Security means access control
Firewalls
•Common ICS network Segregation Architectures.
1. Dual-Homed Computers .
2. Dual-Homed Server with Personal Firewall Software .
3. Packet Filtering Router/Layer-3 Switch between PCN and EN.
4. Two-Port Firewall between PCN and EN.
5. Router/Firewall Combination between PCN and EN .
6. Firewall with Demilitarized Zones between PCN and EN .
7. Paired Firewalls between PCN and EN .
Common ICS network Segregation Architectures
1.Dual-Homed Computers.
Observations •A computer without proper security controls could pose additional threats
•All connections between the control network and the corporate network
should be through a firewall. This configuration provides no security
improvement and should not be used to bridge networks (e.g., ICS and
corporate networks).
Common ICS network Segregation Architectures
Observations •The first issue with this solution is that it will only provide a mechanism to
allow the sharing of server data. If there is any other traffic that needs to
traverse the PCN to EN boundary (such as remote maintenance access to a
controller) then this architecture will either completely block that traffic or
leave the PCN poorly secured.
Common ICS network Segregation Architectures
Observations •This type of packet filter design is only secure if the enterprise network is
known to be highly secure in its own right and is not generally subject to
attacks.
Common ICS network Segregation Architectures
4.Two-Port Firewall between PCN and EN.
Common ICS network Segregation Architectures
4.Two-Port Firewall between PCN and EN.
•if HTTP packets are allowed through the firewall, then Trojan horse
software accidentally introduced on an HMI or control network laptop could
be controlled by a remote entity and send data .
Observations •The use of a router/firewall combination. The router sits in front of the
firewall and offers basic packet filtering services, while the firewall handles
the more complex issues using either stateful inspection or proxy
techniques. This type of design is very popular in Internet-facing firewalls
because it allows the faster router to handle the bulk of the incoming
packets, especially in the case of DoS attacks, and reduces the load on the
firewall. It also offers improved defense-in-depth because there are two
different devices an adversary must bypass
Common ICS network Segregation Architectures
6.Firewall with Demilitarized Zones between PCN and EN .
Common ICS network Segregation Architectures
6.Firewall with Demilitarized Zones between PCN and EN .
Observations •If firewalls from two different manufacturers are used, then this solution
may offer a “defence in depth” advantage. It also allows process control
groups and the IT groups to have clearly separated device responsibility
since each can manage a firewall on its own. In fact it is the study team’s
understanding that this design is recommended in the Federal Energy
Regulatory Commission (FERC) Proposal for Security Standards for this
reason
Industrial Control Systems cyber Security
summary
Industrial Control Systems cyber Security
references
1. "NRC Information Notice 2003-14: Potential Vulnerability of Plant Computer
Network to Worm Infection", United States Nuclear Regulatory Commission,
Washington, DC, August 29, 2003
3. “Experion PKS Network and Security Planning Guide EP-DSX173, Release 210”,
Honeywell Limited Australia, October 2004