Continued from previous part: Thinking About Security Considerations in SCADA Systems (1)
In this part of technical article, I will focus on various types of threats which must be considered in order to plan the security management of a SCADA system. Some of them (first two) were described in the previous part, so focus will be on physical threats, threats via communication and threats to software management.
Threats may be of following types:
- Environmental threats (previous part)
- Electronic threats (previous part)
- Physical threat
- Threat via Communication and information networks
- Threats to Software Management and documentation
In general, SCADA system equipment should be located inside secured areas having the same degree of security deemed appropriate for the supported systems. However, the electronic nature of these systems provides opportunities for compromise from both inside and outside the secured area that must be addressed.
– 3.a –
HMI devices for controllers that provide access to the entire SCADA system shall use password protected screen access with multiple levels of access control, and automatic logout routines with short time settings.
– 3.b –
Equipment enclosures and pull and junction boxes should be kept locked or secured with tamper resistant hardware. Doors and covers should be provided with tamper switches or other means of detecting attempted intrusion, connected to the site security system.
Tamper detection devices should be designed to detect the initial stages of access such as removal of fasteners, unlatching of doors, etc.
– 3.c –
Raceways and enclosures for SCADA circuits external to the secured area should be designed to resist entry by unauthorized persons. Access to field wiring circuit conductors can potentially provide “back-door” entry to controllers for damaging over-voltages or transients.
Outside raceways should consist of rigid steel conduits with threaded and welded joints and cast junction boxes with threaded hubs and tamper proof covers.
– 3.d –
Conduits exiting the secured area should also be sealed to prevent them from being used to introduce hazardous or damaging gases or fluids into enclosures within the secured area.
Connections from SCADA systems to networks extending beyond the C4ISR facility or between facilities on a common site introduce the threat of attacks.
– 4.a –
These attacks are of several types:
- Unauthorized user access (hacking).
- Eavesdropping; recording of transmitted data.
- Data interception, alteration, re-transmission.
- Replay of intercepted and recorded data.
- Denial of Service; flooding the network with traffic.
– 4.b –
If they must be used, data encryption techniques should be applied to all network traffic.
The following additional means of enhancing security should also be considered:
- Physically disconnect when not in use; applicable to dial-up connections for vendor service.
- Use fiber optic media which cannot be tapped or intercepted without loss of signal at the receiving end.
- One-way traffic; alarm and status transmission only with no control permitted.
With the modern complexity and exposure to intentional software damage that can occur in modern industrial controls systems, it is a good practice to implement a Software Management and Documentation System (SMDS).
– 5.a –
A SMDS system is software which resides on a dedicated computer on the plant network that monitors all activities of the control system. Such a system should be required for the control system in an important and complex military facility.
It allows the facility administrator to do the following:
- Control who may use any SCADA application software and what actions can be performed
- Maintain a system-wide repository for historical storage of the application configuration files
- Identify exactly who has modified a control system configuration or application parameter, what they changed, where they changed it from, and when the change was made
- Assure that the control system configuration thought to be running the facility actually is
- Support application restoration following a catastrophic event
- Generate views into the Software Management System for more detailed analysis of configuration changes
– 5.b –
Software Management and Documentation systems are available now from the major suppliers of industrial control systems.
Having such a system provides the following additional benefits:
- Avoids maintaining incorrect or incompatible software versions
- Assures that there are not multiple versions of software on file
- Prevents multiple users from causing a conflict somewhere on the system
- Prevents legitimate changes from being reversed or overwritten
- Supports the availability of the system at its maximum
Among the specific software that such a system would secure are:
- PLC programs
- HMI screens
- SCADA configurations
- CAD drawings
- Standard Operating Procedures (SOP’s) (6) Network Configurations