SlideShare ist ein Scribd-Unternehmen logo

Scada assessment case study

‱
‱
Network Intelligence India
Network Intelligence India
Technologie
1 von 7
SCADA ASSESSMENT CASE STUDY From
SCADA Assessment – Case Study NOTICE This document contains information which is the intellectual property of Network Intelligence (India) Pvt. Ltd. (also called NII Consulting). This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of NII. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. NII disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of NII; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of NII. NII retains the right to make changes to this document at any time without notice. NII makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. COPYRIGHT Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting is a registered trademark of Network Intelligence India Pvt. Ltd. TRADEMARKS Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Name K. K. Mookhey Title Principal Consultant Company Network Intelligence (India) Pvt. Ltd. Address 204 Eco Space, Off Old Nagardas Road, Andheri (East), Mumbai 400069 E – Mail kkmookhey@niiconsulting.com ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study 1 Background Recently, we were assigned to perform network assessment of the SCADA Network for one of our clients. This case study outlines a brief introduction to SCADA, the sort of assessment we carried out, and typical vulnerabilities that can be found on SCADA systems 2 SCADA (Supervisory Control And Data Acquisition): It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based as described below:  Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.  Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind Farms, civil defense siren systems, and large communication systems.  Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption. Common system components:- A SCADA's System usually consists of the following subsystems:  A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.  A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.  Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.  Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.  Communication infrastructure connecting the supervisory system to the Remote Terminal Units. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study SCADA Server / Control Centre Architecture Web Server RAID server SCADA DWeZones UPS Logger /EMS Firewall DMZ Workstation ISR NMS Zone Monit Printer SERVER oring Consoles GPS system S SERVERS SERVERS System (B&W) Syste Printer with Dual Rack Switch m Monitors (Colou r) ICCP Archival Development NID Server(PDS) Communication Server (N/W Intrusion SERVERS ROUTERS VIDEO Detection PROJECTION System) To other SYSTEM To Backup zones location of the site. The main subsystems are: 1. SCADA/EMS Subsystem 2. Inter-Site Communication ICCP Subsystem 3. Web Subsystem and the Security Infrastructure 4. ISR Subsystem (HIS) 5. Archive Subsystem 6. Network Management Subsystem 7. Video Projection System (VPS) 8. Development Subsystem 9. User Interface (UI) Subsystem 10. GPS Time & Frequency Subsystem 11. WAN Subsystem 12. LAN Subsystem 13. Peripheral Devices SCADA/EMS Subsystem: Carries out the SCADA processing and the EMS calculations, feeds the historical information server, sends the data to the operator Consoles. The SCADA functions are Data Acquisition, Data processing, Alarm, and Tagging. EMS functions are Network Status Processor, Optimal Power Flow, Contingency Analysis, Security enhancement and Voltage VAR dispatch. Inter-Site Communication ICCP Subsystem: The inter-site communication (or OAG -Open Access Gateway) subsystem, handles the communication with different (sites) zones of the client using the different communication protocols. The one zone (site) communicates to the other zones systems using the standard IEC870-6 (TASE.2)/ICCP protocol. It interfaces with the SCADA/EMS servers on ISD protocol. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study Web Subsystem and the Security Infrastructure: The DMZ web subsystem is implemented with the SCADA/EMS server at site. Remote users can access the real-time data and displays through the DMZ web servers. Remote access is provided with appropriate permission and authorization mechanisms. The Web Access area is isolated by two Firewalls. The Web access system consists of Web server, Mail server and Data Replica Server. ISR Subsystem (HIS): The Information Storage and Retrieval subsystem stores user-defined data and events into the ORACLE-based historic database. The ISR system will store:  Real time database snapshot, storage and playback  Historical Information  SOE data  Alarm message log  Storage of files Archive Subsystem: The Archive subsystem provides centralized storage for whole system’s data. The Archive subsystem consists of an archive server and a tape autoloader to archive the information such as ISR data, Save cases, Source code files, System Backup (for restore) etc. Network Management Subsystem: The Network Management system monitors the interfaces to the SCADA/EMS servers, workstations, devices, and all SCADA/EMS gateway and routers and gathers performance statistics like resource utilisation. Video Projection System (VPS): VPS is a big display device with 8 segments of 67 inches size each. VPS is driven through a PC installed in its wall and connected on dual LAN Development Subsystem: Development System provides complete autonomous environment for future program development, application building, testing, and system integration, etc. for the system. User Interface (UI) Subsystem: The User Interface (UI) subsystem composed of workstation consoles with graphic cards to drive multiple monitors. GPS Time & Frequency Subsystem: The Time & Frequency subsystem (TFS) captures the GPS time and power system frequency, and synchronizes the time of all the servers and workstations via the LAN, using the standard Network Time Protocol (NTP). WAN Subsystem: The Wide Area Network (WAN) subsystem for connecting Main site and other sites comprises of routers and Modems and wide band communication link from ISP Network. Two Routers are installed in each zone for providing 2 Mbps (redundant) and 64 kbps Link. The main and backup sites are connected to each other through 2 Mbps channels. LAN Subsystem: The SCADA/EMS Local Area Network (LAN) subsystem provides the inter-connection of all the servers, workstations, and peripherals. LAN is formed with redundant standard Ethernet switches. Peripheral Devices: Loggers, Laser printers & Colour Video Copiers. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study 3 Network Assessment Tools used for Assessment: Auditpro (in-house developed Auditing tool), NMAP, Nessus, Super scan, Initial Phase: Prior to the assessment we tried to get maximum information of SCADA from the vendor. We gathered the following information:  2 SCADA applications (Vendor A and Vendor B) were being used on different sites (zones) of the client’s network.  Vendor A’s tech support and Vendor B’s tech support were maintaining the individual site (Zone) of the client.  Vendor A’s SCADA applications were installed on Solaris OS. Oracle was being used as backend database.  Vendor A’s SCADA software was almost obsolete. There were no patches available for the SCADA software and underlying OS. Vendor A was about to withdraw the support for SCADA in the year 2011.  AREAVA’s SCADA applications were installed on the windows 2003 servers and Open VMS operating systems.  Vendor B’s SCADA applications were using its own proprietary database known as DB431.  Also, Client were using Oracle as database for some additional applications connected to the SCADA network.  A previously conducted Vulnerability Assessment by a different consulting firm on the SCADA Servers has resulted in the SCADA servers crashing during the port scanning stage itself. Armed with the above information, we proceeded to perform the vulnerability assessment first on the test environment of the SCADA (Vendor A’s SCADA product). This was completed successfully without any SCADA server crash. The results were emailed to Vendor A’s tech support and IT representatives of the customer. We then proceeded for the actual assessment. Vulnerabilities discovered The following vulnerabilities were discovered  All the operating systems were in a default configuration without any hardening having been done to the extent that: o Many vulnerable services i.e. echo, daytime, finger were found running on the Windows and Solaris Operating Systems. o Vulnerable services like telnet, BOOTP, source routing, SNMPv2 with default community string public and private were found on the network devices. o Oracle Databases were also not hardened for example we found scott, system user had been given full administrative privilege on database server. o No Patches had been applied on any of the systems ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
SCADA Assessment – Case Study o Older IOS/Firmware were being used on the network devices i.e. router, switches, firewall. o No password policy was defined for the SCADA Network. o Administrator credentials of SCADA servers were commonly being shared with all users. o Password being used for administrative accounts on Windows servers and databases, network devices were easily guessable. Network Segregation or the Lack of it  Some SCADA Servers were exposed to public network.  No VLAN was segregation was found.  The bridge connecting the SCADA network to the TCP/IP network was weakly configured – essentially in its default state Other side-effects During the assessment, the Nmap scan completed successfully. However, when we started with Nessus scans the SCADA applications crashed twice. Thankfully, there were redundant servers available for the crashed servers due to which no severe /major incident taken placed. But this showed that simply running a scan is enough to bring SCADA systems to their knees. 4 Root Cause Problems 1. SCADA systems are highly expensive and very mission-critical. Therefore, they are not tweaked or hardened once they’re up and running 2. SCADA systems are thought to be obscure – since no one knows how they work, no one is going to mess around with them, so why bother securing them 3. SCADA systems are thought to be isolated – but this has been shown to be false multiple times. Many SCADA systems are inter-connected to the corporate TCP/IP network or other TCP/IP networks opening them up to the same issues 4. SCADA vendors don’t bother with security. Once a multi-million dollars system is up and running it is just left as it is. So whether it is the Siemens network being attacked by the Stuxnet worm or others, SCADA systems are highly vulnerable due to vendor apathy 5 Conclusion SCADA systems should be treated as highly vulnerable and can be the target of an attack. SCADA attacks are moving out of the realm of science fiction movies and are very much a reality today. Yet organizations continue to adopt a lax stance towards securing SCADA networks. The very first step should be to conduct a thorough assessment of these systems. This has to be done with care since these systems turn out to be highly susceptible to attacks. Stuxnet is a major wake up call to all organizations who thought SCADA systems would never come under attack. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com

Empfohlen

Callpaper concept: An overview
Callpaper concept: An overviewCallpaper concept: An overview
Callpaper concept: An overviewPankaj Kumar
 
Introduction to HMI (Human Machine Interface) | Just Engineering
Introduction to HMI (Human Machine Interface) | Just EngineeringIntroduction to HMI (Human Machine Interface) | Just Engineering
Introduction to HMI (Human Machine Interface) | Just EngineeringJustengg1
 
Virtual instrumentation
Virtual instrumentationVirtual instrumentation
Virtual instrumentationAbhijeet Agarwal
 
Seminar report skinput techonology
Seminar report skinput techonology Seminar report skinput techonology
Seminar report skinput techonology Golam Murshid
 
Internet of things (io t)
Internet of things (io t)Internet of things (io t)
Internet of things (io t)Biniam Behailu
 
Biometric Voting System
Biometric Voting System Biometric Voting System
Biometric Voting System VisualBee.com
 
Wearables & Smart Homes
Wearables & Smart HomesWearables & Smart Homes
Wearables & Smart HomesDuncan Purves
 
Pace IT - Basic Client-Side Virtualization
Pace IT - Basic Client-Side VirtualizationPace IT - Basic Client-Side Virtualization
Pace IT - Basic Client-Side VirtualizationPace IT at Edmonds Community College
 

Empfohlen

Callpaper concept: An overview
Callpaper concept: An overviewCallpaper concept: An overview
Callpaper concept: An overviewPankaj Kumar
 
Introduction to HMI (Human Machine Interface) | Just Engineering
Introduction to HMI (Human Machine Interface) | Just EngineeringIntroduction to HMI (Human Machine Interface) | Just Engineering
Introduction to HMI (Human Machine Interface) | Just EngineeringJustengg1
 
Virtual instrumentation
Virtual instrumentationVirtual instrumentation
Virtual instrumentationAbhijeet Agarwal
 
Seminar report skinput techonology
Seminar report skinput techonology Seminar report skinput techonology
Seminar report skinput techonology Golam Murshid
 
Internet of things (io t)
Internet of things (io t)Internet of things (io t)
Internet of things (io t)Biniam Behailu
 
Biometric Voting System
Biometric Voting System Biometric Voting System
Biometric Voting System VisualBee.com
 
Wearables & Smart Homes
Wearables & Smart HomesWearables & Smart Homes
Wearables & Smart HomesDuncan Purves
 
Pace IT - Basic Client-Side Virtualization
Pace IT - Basic Client-Side VirtualizationPace IT - Basic Client-Side Virtualization
Pace IT - Basic Client-Side VirtualizationPace IT at Edmonds Community College
 
Seminar report Of Touchless Touchscreen
Seminar report Of Touchless TouchscreenSeminar report Of Touchless Touchscreen
Seminar report Of Touchless TouchscreenLovely Professional University
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Skinput technology
Skinput technologySkinput technology
Skinput technologyNandini Nagaraj
 
Human machine interface
Human machine interfaceHuman machine interface
Human machine interfaceR A Akerkar
 
InTouch HMI SCADA
InTouch HMI SCADA InTouch HMI SCADA
InTouch HMI SCADA Wonderware United Kingdom
 
Rain technology ppt
Rain technology pptRain technology ppt
Rain technology pptDC Graphics
 
DakNet PPT
DakNet PPTDakNet PPT
DakNet PPTSeminar Links
 
SMART DUST
SMART DUSTSMART DUST
SMART DUSTKhyravdhy Tannaya
 
SCADA Introduction
SCADA IntroductionSCADA Introduction
SCADA IntroductionPranavAutomation
 
Sniffer for Detecting Lost Mobile
Sniffer for Detecting Lost MobileSniffer for Detecting Lost Mobile
Sniffer for Detecting Lost MobileSeminar Links
 
IOT and Characteristics of IOT
IOT and Characteristics of IOTIOT and Characteristics of IOT
IOT and Characteristics of IOTAmberSinghal1
 
Future of Wireless Technology
Future of Wireless TechnologyFuture of Wireless Technology
Future of Wireless TechnologyNisha Menon K
 
Components of IOT Implementation
Components of IOT ImplementationComponents of IOT Implementation
Components of IOT ImplementationAashiq Ahamed N
 
PID Controllers
PID Controllers PID Controllers
PID Controllers Hussain K
 
Seminar report of digital twin
Seminar report of digital twinSeminar report of digital twin
Seminar report of digital twinfaheem m m
 
IOT Networks
IOT NetworksIOT Networks
IOT NetworksMarc Nader
 
Voice morphing
Voice morphingVoice morphing
Voice morphingsukhbeer2314
 
Hyper transport technology
Hyper transport technologyHyper transport technology
Hyper transport technologyAkhil Kumar
 
Voicemorphing
VoicemorphingVoicemorphing
VoicemorphingVibhu Mishra
 
Project report on mesh hybrid topology network vision
Project report on mesh hybrid topology network visionProject report on mesh hybrid topology network vision
Project report on mesh hybrid topology network visionJignesh Ameta
 
Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awarenesschrisjsmith
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...TI Safe
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Yehia Mamdouh
 
Skinput technology
Skinput technologySkinput technology
Skinput technologyNandini Nagaraj
 
Human machine interface
Human machine interfaceHuman machine interface
Human machine interfaceR A Akerkar
 
Rain technology ppt
Rain technology pptRain technology ppt
Rain technology pptDC Graphics
 
Sniffer for Detecting Lost Mobile
Sniffer for Detecting Lost MobileSniffer for Detecting Lost Mobile
Sniffer for Detecting Lost MobileSeminar Links
 
IOT and Characteristics of IOT
IOT and Characteristics of IOTIOT and Characteristics of IOT
IOT and Characteristics of IOTAmberSinghal1
 
Future of Wireless Technology
Future of Wireless TechnologyFuture of Wireless Technology
Future of Wireless TechnologyNisha Menon K
 
Components of IOT Implementation
Components of IOT ImplementationComponents of IOT Implementation
Components of IOT ImplementationAashiq Ahamed N
 
PID Controllers
PID Controllers PID Controllers
PID Controllers Hussain K
 
Seminar report of digital twin
Seminar report of digital twinSeminar report of digital twin
Seminar report of digital twinfaheem m m
 
IOT Networks
IOT NetworksIOT Networks
IOT NetworksMarc Nader
 
Voice morphing
Voice morphingVoice morphing
Voice morphingsukhbeer2314
 
Hyper transport technology
Hyper transport technologyHyper transport technology
Hyper transport technologyAkhil Kumar
 
Voicemorphing
VoicemorphingVoicemorphing
VoicemorphingVibhu Mishra
 
Project report on mesh hybrid topology network vision
Project report on mesh hybrid topology network visionProject report on mesh hybrid topology network vision
Project report on mesh hybrid topology network visionJignesh Ameta
 

Was ist angesagt? (20)

Seminar report Of Touchless Touchscreen
Seminar report Of Touchless TouchscreenSeminar report Of Touchless Touchscreen
Seminar report Of Touchless Touchscreen
 
Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing Scada Industrial Control Systems Penetration Testing
Scada Industrial Control Systems Penetration Testing
 
Skinput technology
Skinput technologySkinput technology
Skinput technology
 
Human machine interface
Human machine interfaceHuman machine interface
Human machine interface
 
InTouch HMI SCADA
InTouch HMI SCADA InTouch HMI SCADA
InTouch HMI SCADA
 
Rain technology ppt
Rain technology pptRain technology ppt
Rain technology ppt
 
DakNet PPT
DakNet PPTDakNet PPT
DakNet PPT
 
SMART DUST
SMART DUSTSMART DUST
SMART DUST
 
SCADA Introduction
SCADA IntroductionSCADA Introduction
SCADA Introduction
 
Sniffer for Detecting Lost Mobile
Sniffer for Detecting Lost MobileSniffer for Detecting Lost Mobile
Sniffer for Detecting Lost Mobile
 
IOT and Characteristics of IOT
IOT and Characteristics of IOTIOT and Characteristics of IOT
IOT and Characteristics of IOT
 
Future of Wireless Technology
Future of Wireless TechnologyFuture of Wireless Technology
Future of Wireless Technology
 
Components of IOT Implementation
Components of IOT ImplementationComponents of IOT Implementation
Components of IOT Implementation
 
PID Controllers
PID Controllers PID Controllers
PID Controllers
 
Seminar report of digital twin
Seminar report of digital twinSeminar report of digital twin
Seminar report of digital twin
 
IOT Networks
IOT NetworksIOT Networks
IOT Networks
 
Voice morphing
Voice morphingVoice morphing
Voice morphing
 
Hyper transport technology
Hyper transport technologyHyper transport technology
Hyper transport technology
 
Voicemorphing
VoicemorphingVoicemorphing
Voicemorphing
 
Project report on mesh hybrid topology network vision
Project report on mesh hybrid topology network visionProject report on mesh hybrid topology network vision
Project report on mesh hybrid topology network vision
 

Ähnlich wie Scada assessment case study

Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awarenesschrisjsmith
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...TI Safe
 
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityExtending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityReal-Time Innovations (RTI)
 
Linda Jackman - Oracle
Linda Jackman - OracleLinda Jackman - Oracle
Linda Jackman - OracleGreentech Media
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft
 
OMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationOMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationGerardo Pardo-Castellote
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked Networks
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesChanmeet Singh
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinJavier Guillermo, MBA, MSc, PMP
 
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Capgemini
 
Scada
ScadaScada
Scadabilly_lx
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesFitCEO, Inc. (FCI)
 
Convergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixConvergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixVerimatrix
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applicationsUchi Pou
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationJose MarĂ­a Carazo Cepedano
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation processAjay Ohri
 

Ähnlich wie Scada assessment case study (20)

Invensys upstream scada technology awareness
Invensys upstream scada technology awarenessInvensys upstream scada technology awareness
Invensys upstream scada technology awareness
 
[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...[White paper] detecting problems in industrial networks though continuous mon...
[White paper] detecting problems in industrial networks though continuous mon...
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and ScalabilityExtending OPC-UA through Architecture Flexibility, Performance, and Scalability
Extending OPC-UA through Architecture Flexibility, Performance, and Scalability
 
Linda Jackman - Oracle
Linda Jackman - OracleLinda Jackman - Oracle
Linda Jackman - Oracle
 
CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring CA Nimsoft xen desktop monitoring
CA Nimsoft xen desktop monitoring
 
OMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integrationOMG DDS: The data centric future beyond message-based integration
OMG DDS: The data centric future beyond message-based integration
 
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control WebinarActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
ActionPacked! Networks Hosts Cisco Application Visibility & Control Webinar
 
SCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution UtilitiesSCADA packages for Power Distribution Utilities
SCADA packages for Power Distribution Utilities
 
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 LinkedinNMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
NMS Projects and POCs completed and ongoing for OSS NAM v 1.5 Linkedin
 
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
Alstom Grid And Capgemini Form Global Alliance For Smart Grid: About the Firs...
 
Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...Safety Monitoring system for a manufacturing workstation using Web Service Te...
Safety Monitoring system for a manufacturing workstation using Web Service Te...
 
Scada
ScadaScada
Scada
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
 
Convergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - VerimatrixConvergence India 2013 Multi-network Forum - Verimatrix
Convergence India 2013 Multi-network Forum - Verimatrix
 
Scada system architecture, types and applications
Scada system architecture, types and applicationsScada system architecture, types and applications
Scada system architecture, types and applications
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
Zigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and AutomationZigbee Wireless Sensor Network - RTLS and Automation
Zigbee Wireless Sensor Network - RTLS and Automation
 
The Stuxnet Worm creation process
The Stuxnet Worm creation processThe Stuxnet Worm creation process
The Stuxnet Worm creation process
 
391 394
391 394391 394
391 394
 

Mehr von Network Intelligence India

ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITNetwork Intelligence India
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyNetwork Intelligence India
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerNetwork Intelligence India
 

Mehr von Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
Mobile Device Management (MDM)
Mobile Device Management (MDM)Mobile Device Management (MDM)
Mobile Device Management (MDM)
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 

KĂŒrzlich hochgeladen

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂșjo
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 

KĂŒrzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Scada assessment case study

  • 2. SCADA Assessment – Case Study NOTICE This document contains information which is the intellectual property of Network Intelligence (India) Pvt. Ltd. (also called NII Consulting). This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of NII. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. NII disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of NII; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of NII. NII retains the right to make changes to this document at any time without notice. NII makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. COPYRIGHT Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting is a registered trademark of Network Intelligence India Pvt. Ltd. TRADEMARKS Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Name K. K. Mookhey Title Principal Consultant Company Network Intelligence (India) Pvt. Ltd. Address 204 Eco Space, Off Old Nagardas Road, Andheri (East), Mumbai 400069 E – Mail kkmookhey@niiconsulting.com ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 3. SCADA Assessment – Case Study 1 Background Recently, we were assigned to perform network assessment of the SCADA Network for one of our clients. This case study outlines a brief introduction to SCADA, the sort of assessment we carried out, and typical vulnerabilities that can be found on SCADA systems 2 SCADA (Supervisory Control And Data Acquisition): It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility-based as described below:  Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.  Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind Farms, civil defense siren systems, and large communication systems.  Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption. Common system components:- A SCADA's System usually consists of the following subsystems:  A Human-Machine Interface or HMI is the apparatus which presents process data to a human operator, and through this, the human operator monitors and controls the process.  A supervisory (computer) system, gathering (acquiring) data on the process and sending commands (control) to the process.  Remote Terminal Units (RTUs) connecting to sensors in the process, converting sensor signals to digital data and sending digital data to the supervisory system.  Programmable Logic Controller (PLCs) used as field devices because they are more economical, versatile, flexible, and configurable than special-purpose RTUs.  Communication infrastructure connecting the supervisory system to the Remote Terminal Units. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 4. SCADA Assessment – Case Study SCADA Server / Control Centre Architecture Web Server RAID server SCADA DWeZones UPS Logger /EMS Firewall DMZ Workstation ISR NMS Zone Monit Printer SERVER oring Consoles GPS system S SERVERS SERVERS System (B&W) Syste Printer with Dual Rack Switch m Monitors (Colou r) ICCP Archival Development NID Server(PDS) Communication Server (N/W Intrusion SERVERS ROUTERS VIDEO Detection PROJECTION System) To other SYSTEM To Backup zones location of the site. The main subsystems are: 1. SCADA/EMS Subsystem 2. Inter-Site Communication ICCP Subsystem 3. Web Subsystem and the Security Infrastructure 4. ISR Subsystem (HIS) 5. Archive Subsystem 6. Network Management Subsystem 7. Video Projection System (VPS) 8. Development Subsystem 9. User Interface (UI) Subsystem 10. GPS Time & Frequency Subsystem 11. WAN Subsystem 12. LAN Subsystem 13. Peripheral Devices SCADA/EMS Subsystem: Carries out the SCADA processing and the EMS calculations, feeds the historical information server, sends the data to the operator Consoles. The SCADA functions are Data Acquisition, Data processing, Alarm, and Tagging. EMS functions are Network Status Processor, Optimal Power Flow, Contingency Analysis, Security enhancement and Voltage VAR dispatch. Inter-Site Communication ICCP Subsystem: The inter-site communication (or OAG -Open Access Gateway) subsystem, handles the communication with different (sites) zones of the client using the different communication protocols. The one zone (site) communicates to the other zones systems using the standard IEC870-6 (TASE.2)/ICCP protocol. It interfaces with the SCADA/EMS servers on ISD protocol. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 5. SCADA Assessment – Case Study Web Subsystem and the Security Infrastructure: The DMZ web subsystem is implemented with the SCADA/EMS server at site. Remote users can access the real-time data and displays through the DMZ web servers. Remote access is provided with appropriate permission and authorization mechanisms. The Web Access area is isolated by two Firewalls. The Web access system consists of Web server, Mail server and Data Replica Server. ISR Subsystem (HIS): The Information Storage and Retrieval subsystem stores user-defined data and events into the ORACLE-based historic database. The ISR system will store:  Real time database snapshot, storage and playback  Historical Information  SOE data  Alarm message log  Storage of files Archive Subsystem: The Archive subsystem provides centralized storage for whole system’s data. The Archive subsystem consists of an archive server and a tape autoloader to archive the information such as ISR data, Save cases, Source code files, System Backup (for restore) etc. Network Management Subsystem: The Network Management system monitors the interfaces to the SCADA/EMS servers, workstations, devices, and all SCADA/EMS gateway and routers and gathers performance statistics like resource utilisation. Video Projection System (VPS): VPS is a big display device with 8 segments of 67 inches size each. VPS is driven through a PC installed in its wall and connected on dual LAN Development Subsystem: Development System provides complete autonomous environment for future program development, application building, testing, and system integration, etc. for the system. User Interface (UI) Subsystem: The User Interface (UI) subsystem composed of workstation consoles with graphic cards to drive multiple monitors. GPS Time & Frequency Subsystem: The Time & Frequency subsystem (TFS) captures the GPS time and power system frequency, and synchronizes the time of all the servers and workstations via the LAN, using the standard Network Time Protocol (NTP). WAN Subsystem: The Wide Area Network (WAN) subsystem for connecting Main site and other sites comprises of routers and Modems and wide band communication link from ISP Network. Two Routers are installed in each zone for providing 2 Mbps (redundant) and 64 kbps Link. The main and backup sites are connected to each other through 2 Mbps channels. LAN Subsystem: The SCADA/EMS Local Area Network (LAN) subsystem provides the inter-connection of all the servers, workstations, and peripherals. LAN is formed with redundant standard Ethernet switches. Peripheral Devices: Loggers, Laser printers & Colour Video Copiers. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 6. SCADA Assessment – Case Study 3 Network Assessment Tools used for Assessment: Auditpro (in-house developed Auditing tool), NMAP, Nessus, Super scan, Initial Phase: Prior to the assessment we tried to get maximum information of SCADA from the vendor. We gathered the following information:  2 SCADA applications (Vendor A and Vendor B) were being used on different sites (zones) of the client’s network.  Vendor A’s tech support and Vendor B’s tech support were maintaining the individual site (Zone) of the client.  Vendor A’s SCADA applications were installed on Solaris OS. Oracle was being used as backend database.  Vendor A’s SCADA software was almost obsolete. There were no patches available for the SCADA software and underlying OS. Vendor A was about to withdraw the support for SCADA in the year 2011.  AREAVA’s SCADA applications were installed on the windows 2003 servers and Open VMS operating systems.  Vendor B’s SCADA applications were using its own proprietary database known as DB431.  Also, Client were using Oracle as database for some additional applications connected to the SCADA network.  A previously conducted Vulnerability Assessment by a different consulting firm on the SCADA Servers has resulted in the SCADA servers crashing during the port scanning stage itself. Armed with the above information, we proceeded to perform the vulnerability assessment first on the test environment of the SCADA (Vendor A’s SCADA product). This was completed successfully without any SCADA server crash. The results were emailed to Vendor A’s tech support and IT representatives of the customer. We then proceeded for the actual assessment. Vulnerabilities discovered The following vulnerabilities were discovered  All the operating systems were in a default configuration without any hardening having been done to the extent that: o Many vulnerable services i.e. echo, daytime, finger were found running on the Windows and Solaris Operating Systems. o Vulnerable services like telnet, BOOTP, source routing, SNMPv2 with default community string public and private were found on the network devices. o Oracle Databases were also not hardened for example we found scott, system user had been given full administrative privilege on database server. o No Patches had been applied on any of the systems ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com
  • 7. SCADA Assessment – Case Study o Older IOS/Firmware were being used on the network devices i.e. router, switches, firewall. o No password policy was defined for the SCADA Network. o Administrator credentials of SCADA servers were commonly being shared with all users. o Password being used for administrative accounts on Windows servers and databases, network devices were easily guessable. Network Segregation or the Lack of it  Some SCADA Servers were exposed to public network.  No VLAN was segregation was found.  The bridge connecting the SCADA network to the TCP/IP network was weakly configured – essentially in its default state Other side-effects During the assessment, the Nmap scan completed successfully. However, when we started with Nessus scans the SCADA applications crashed twice. Thankfully, there were redundant servers available for the crashed servers due to which no severe /major incident taken placed. But this showed that simply running a scan is enough to bring SCADA systems to their knees. 4 Root Cause Problems 1. SCADA systems are highly expensive and very mission-critical. Therefore, they are not tweaked or hardened once they’re up and running 2. SCADA systems are thought to be obscure – since no one knows how they work, no one is going to mess around with them, so why bother securing them 3. SCADA systems are thought to be isolated – but this has been shown to be false multiple times. Many SCADA systems are inter-connected to the corporate TCP/IP network or other TCP/IP networks opening them up to the same issues 4. SCADA vendors don’t bother with security. Once a multi-million dollars system is up and running it is just left as it is. So whether it is the Siemens network being attacked by the Stuxnet worm or others, SCADA systems are highly vulnerable due to vendor apathy 5 Conclusion SCADA systems should be treated as highly vulnerable and can be the target of an attack. SCADA attacks are moving out of the realm of science fiction movies and are very much a reality today. Yet organizations continue to adopt a lax stance towards securing SCADA networks. The very first step should be to conduct a thorough assessment of these systems. This has to be done with care since these systems turn out to be highly susceptible to attacks. Stuxnet is a major wake up call to all organizations who thought SCADA systems would never come under attack. ©Network Intelligence India Pvt. Ltd. www.niiconsulting.com