International Conference on Biomedical Engineering ...

International Conference on Biomedical Engineering and Assistive Technologies

2010

SECURITY THREATS TO SCADA SYSTEMS Rajeev Kumar Chauhan*a, Kalpana Chauhan*b, Dr. M.L. Dewal*c *a Lecturer, Department of Electrical and Electronics Engineering, K.E.C. Ghaziabad, India *b Research Scholar, Indian Institute of Technology Roorkee, India *c Assistant Professor, Department of Electrical Engg, Indian Institute of Technology Roorkee, India *a [email protected]; [email protected]; [email protected]

Abstract----- SCADA systems have evolved from exotic hardware and software in the 1970’s, to systems that can include standard PCs and operating systems, TCP/IP communications and Internet access. The threat exposure has increased further by the common practice of linking SCADA networks to business networks. Intentional security threats to SCADA systems can be grouped as follows: 1. Malware 2.Terrorist 3. Hacker

4. Insider

The insider may be motivated to damage or disrupt the SCADA system or the utility’s physical system. So we provide user security to prevent users from accessing certain parts of the system. Keywords: RSLogix, RSview32, SCADA, Security.

1. INTODUCTION Process Control Systems (PCS) refer to the overall set of systems that remotely monitor and measure remote sensors from a centralized location. These sensors also typically possess some type of automated response capability when certain criteria are met. A subset of PCS systems that manage systems over very large geographic areas are typically referred to as Supervisory Control and Data Acquisition systems or SCADA systems. SCADA systems make up the critical infrastructure associated with electric utilities, water and sewage treatment plants, and large-scale transportation systems like interstate rail. Distributed Control Systems (DCS) and Industrial Control Systems (ICS) are also subsets of PCS systems. Both DCS and ICS systems are more geographically localized systems typically used in manufacturing plants and pharmaceutical production facilities. Most SCADA and other PCS systems used by companies

1

today were developed years ago, long before public and private networks or desktop computing were a common part of business operations. As a result, the need to incorporate security measures in these systems was not anticipated. At the time, good security for SCADA systems meant limiting and securing the physical access to the network and the consoles that controlled the systems. Engineers rationalized that if the systems were suitably isolated from any physical entryways, and if access was limited to authorized personnel only, the systems were fully secure and unlikely to be compromised. This is no longer the case. The complex architecture, interconnected nature and extreme sensitivity of SCADA and Process Control Systems mandate that organizations have a comprehensive plan for assessing and mitigating potential online vulnerabilities and threats. Intentional security threats to SCADA systems can be grouped as follows:  Malware: Like any IT system, SCADA systems are potentially vulnerable to viruses, worms, Trojans and spyware. For the purposes of this characterization I define the malware threat as an undirected attack that has no “interest” in SCADA systems. It could impact the system by Corrupting data, overwhelming communications, installing back doors or key stroke loggers.  Hacker: Here the individual is an outsider who may be interested in probing, intruding, or controlling a system because of the challenge. Another possibility is modifying data related to rate generation. While not an incident, one example of hacker interest was a presentation at the 2003 Brumcon meeting titled “Water Management Systems Using Packet Radio” The talk apparently discussed radio systems used by the British water


utilities, how to monitor un-encrypted traffic and create denial of service attacks.  Terrorist: This is the threat that distinguishes critical infrastructure systems from most IT systems. A terrorist is likely to want to either disable the SCADA system to disrupt monitoring and control capability, take control of the SCADA system to feed false values to the operators or to use the control system to degrade service or possibly damage the physical critical infrastructure system. Based on evidence collected in Afghanistan, Al Qaeda had a “high level of interest” in DCS and SCADA devices. In addition to interest, Al Qaeda presumably has appropriately skilled members, for example it was also reported that Khalid Sheikh Mohammed, their arrested Operations chief was an engineering student in North Carolina who later worked in the water industry in the Middle East.  Insider: The disgruntled worker who knows the system can be one of the largest threats. The insider may be motivated to damage or disrupt the SCADA system or the utility’s physical system. An insider may also attempt to illicitly gain higher privileges for convenience sake. Bored or inquisitive Operators may inadvertently create problems. [SCADA engineers may make errors that bring down the system.] The objective of the purpose to block users from accessing certain of the system.

2. SOFTWARE RSView32 [3] is an integrated Human Machine Interface for monitoring and controlling automation machines and processes. Its versatility shows with seamless integration to other Rockwell Software and Microsoft products as well as third-party applications. RSView32 have distinctive features: i. Powerful graphics editor. ii. Graphic import/export wizard. iii. Customize the look of graphic displays. iv. Comprehensive alarms editor. v. Full-featured data log editor. vi. Sophisticated logic and control editor. vii. Security features: *Secure RSView32 at the project level. *Secure RSView32 at the system level

3. INSIDER SECURITY

2

2010

We provide user security to our system so that controlling and monitoring is secured according to user. If we want that some part of the process is controlled or monitored by particular user and no one has permission to do so, we developed user security by four features of SCADA.  Command Security: In this type of security the system checks the security codes of commands and macros no matter they are issued from: Macros Object Display and Global keys Command line Button objects Object configured with touch animation  Graphic display security: Security is assigned to a graphic display in the Graphic Display editor. Engineer can assign security while he or she are creating a graphic display, or can assign it later.  OLE object security: when an engineer is activated an OLE object there is no security with in the associated application therefore the engineer has the only way to secure the application is to assign security to the OLE Object.  Tag security:In this part of security we define security to Tags so that a user is restricting to write access to a tag. A user cannot change the tags value. Login and logout switches are used for entering and aborting into the project.

4. METHOD We configure two user Accounts, one is Rajeev and another is Rakesh by the tag security to prevent users from accessing certain parts of the system. We assigned following security codes in the user account editor. Rajeev is assigned security codes B, C, D, E, F, G, H, I, J, K, L, M, N, O, and P. Rakesh is assigned security codes A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, and P. This means that Rajeev may access to the START1, START2, START3, AUTO START, Em.START, Em.STOP, STOP1, STOP2 and STOP3 only. Rakesh may access to the START1, START2, START3, AUTO START, Em.START, Em. STOP STOP1, STOP2, STOP3 and TOTAL CYCLE and CYCLE PR. VALUE. We provide login and logout switch. If users want to access my system then he has to press login. Then a login window will open as shown in below fig 2.


2010

codes depending upon individual users so that only specific user can access the system, and others will be blocked. Individual users have security codes for there specific areas. This restricts the users of edit the program. So the whole project is secure at each operating level.

7. REFERNCES 1.

2. 3. 4. FIGURE. 2: SCADA LOGIN WINDOW 5.

5. RESULTS The entry of total cycle and cycle Pr. Value can not be accepted by the system without login user Rakesh. If operator enters the value of total cycle and cycle Pr. Value then new entry may be shown with red back ground as shown in fig3. It means the new entry is not accepted by the system. When he login system with user Rakesh with right password and then enter new entry. The new enter value may be shown with blue back ground. Back ground of entry box shows that the entry is accepted of not. If the entry box back ground is red the entry is not accepted and if the entry box back ground is blue the entry is accepted.

6. 7.

8.

9.

10. 11. 12.

13. 14.

15. 16.

17. FIGURE.3. SYSTEM LOGIN WITH USER RAKESH

6. DISCUSS We can provide security to every switch by giving them password. But the authority of passwords is belongs to specific users for specific operations. This paper gives a approach to provide user security to a project. This paper provides security to a multi-user system. It gives security

3

Andrew Hildick-Smith “Security for Critical Infrastructure SCADA Systems”, GSEC Practical Assignment, Version 1.4c, Option 1, February 23, 2005.pages:6-7 Pollet, Jonathan, “SCADA Security Strategy”, Plant Data Technologies, August 8, 2002. Listen think solve, product profileRSView32, publicationVW32PP002B-EN-P-August 2007. “Convergence Task Force Report” President’s National Security Telecommunications Advisory Committee, Washington, DC, June 2001 “A Strategic Approach to Protecting SCADA and Process Control Systems” Internet Security Systems White Paper, Australia and New Zealand Internet Security Systems Pty Ltd. Level 6, 15 Astor Terrace Spring Hill Queensland 4000 Australia Bruce Li, P.Eng. “SCADA application in water and waste water industry” Declan IWS, February, 2007. McClanahan, SCADA and IP: is network convergence really here? Industry Applications Magazine, IEEE, and Volume: 9, Issue: 2, March-April 2003 Pages: 29 – 36. D.T. Miklovic, “Real time control networks for batch and process industries,” Research Triangle Park, North Carolina: Instrument Society of America, 1992. Nash, Emma, Hackers bigger threat than rogue staff, VNU Publications, May 15,2003, Online Available : www.vnunet.com/News/114097 Surge in criminal-driven cyber attacks anticipated in 2006, Global Business Security Index Report, Dec 2005 Tony Stephanou, Assessing and Exploiting the Internal Security of an Organization, The SANS Institute, Mar 13, 2001 R.K. Chauhan, K. Chauhan, and M.L. Dewal, “Implementation of an Intelligent System in Process Control,” National Conference on Trends in Instrumentation and Control Engineering (TICE 2009), pp. 156-160. R.K. Chauhan, “Recent Advances in SCADA alarm System,” International Journal of Smart Home, Vol. 4, no. 4, (2010), pp. 1-10. K. Chauhan, M. L. Dewal, and R.K. Chauhan, “Analysis of Fingerprints based on Ridge Structure,” International Multi Conference on Intelligent Systems and Nanotechnology (IISN2010), pp. 201-203. R. K. Chauhan, and M.L. Dewal, “Multi-Supervisory Control and Data Display,” International Journal of Computer Applications, vol. 2, no.1 (2010), pp. 1-5. R.K. Chauhan, K. Chauhan, and M.L. Dewal, “Deployment of SCADA for Ring Main System based power Supply,” International Multi Conference on Intelligent Systems and Nanotechnology (IISN-2010), pp. 410-413. R.K. Chauhan, M.L. Dewal, and K. Chauhan, “Utility of SCADA in Power Generation and Distribution System,” 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT- 2010), pp. 648-652.