SMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM SECURITY ISSUES AND COUNTER MEASURES Raksha Sunku Ravindranath B.E., Visveswaraiah Technological University, Karnataka, India, 2006 PROJECT Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in COMPUTER ENGINEERING[use all caps] at CALIFORNIA STATE UNIVERSITY, SACRAMENTO FALL[all caps] 2009 [Project Approval Page] SMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM SECURITY ISSUES AND COUNTER MEASURES A Project by Raksha Sunku Ravindranath Approved by: __________________________________, Committee Chair Dr Isaac Ghansah __________________________________, Second Reader Dr. Jing Pang ____________________________ Date ii Student: Raksha Sunku Ravindranath I certify that this student has met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the Project. __________________________, Graduate Coordinator ________________ Dr. Suresh Vadhva Date Department of Computer Engineering iii abstracts for some creative works such as in art or creative writing may vary somewhat, check with your Dept. Advisor.] Abstract of SMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM SECURITY ISSUES AND COUNTER MEASURES by Raksha Sunku Ravindranath This project discusses security issues, countermeasures and research issues in the Supervisory Control And Data Acquisition (SCADA) system. SCADA system is used in power sector for controlling and monitoring industrial processes. The major components in the SCADA system are master terminal unit, remote terminal unit and the communication link connecting them. Protocols used in this communication link are DNP3 (Distributed Network Protocol version 3.0) and Modbus. Vulnerabilities in these components lie in policy, procedure, platform and protocols used. Countermeasures for these vulnerabilities are deployment of firewalls, intrusion detection system, wrapping protocols in secure layers, enhancing protocol structure etc. Some of these countermeasures do not provide complete security and hence requires more research. A number of issues that require more research are also recommended. _______________________, Committee Chair Dr Isaac Ghansah _______________________ Date iv DEDICATION ¤ Om Sai Ram¤ This project is dedicated to my lovely parents S.K Ravindranath, Asha Ravindranath, my dearly brother Raghav Kishan S.R., and my inspirational grandparents Adinarayana Gupta and Latha Gupta. v ACKNOWLEDGMENTS It is a pleasure to thank everybody who helped me in successfully completing my Masters’ Project. First, my sincere thanks to my project supervisors, Dr. Isaac Ghansah, Professor, Computer Science and Engineering, and Dr. Jing Pang, Associate Professor, Department of Electrical and Electronic Engineering and Computer engineering, for giving me an opportunity to work under their guidance, and for providing me constant support throughout the project. I am also very grateful to Dr. Suresh Vadhva, Graduate Coordinator, Department of Computer Engineering, for his invaluable feedbacks and suggestions. My special thanks to my friend Vinod Thirumurthy who helped me in reviewing this report. I would like to take this opportunity to acknowledge and appreciate the efforts of California State University, Sacramento for its facilities and providing a good environment for the students to prosper in their academic life. Last but not least, I would like to thank my parents, S.K Ravindranath and Asha Ravindranath, and my brother Raghav Kishan S.R. for their moral and financial support. I am very grateful for their continuous support and never ending encouragement that they have provided throughout my life. vi [This Table of Contents covers many possible headings. Use only the headings that apply to your thesis/project.] TABLE OF CONTENTS Page Dedication…………………………………………………………………………………………v Acknowledgments........................................................................................................................... vi List of Tables ................................................................................................................................. xii List of Figures ............................................................................................................................... xiii List of Abbreviations ..................................................................................................................... xv Chapter 1 INTRODUCTION ..................................................................................................................... 1 1.1 Introduction To SCADA .................................................................................................... 2 1.2 SCADA System Components And Functions .................................................................... 4 1.3 Literature Review ................................................................................................................ 7 1.4 Conclusion .......................................................................................................................... 9 2 SCADA SYSTEM REQUIREMENTS AND THREATS ....................................................... 10 2.1 Requirements In A SCADA System ................................................................................. 10 2.2 Threats To SCADA Network ............................................................................................ 13 3 MASTER TERMINAL UNIT AND REMOTE TERMINAL UNIT VULNERABILITIES AND COUNTERMEASURES ................................................................................................ 16 3.1 Introduction ....................................................................................................................... 16 3.2 Vulnerabilities In The SCADA System ............................................................................ 17 3.2.1 Public Information Availability ............................................................................... 21 3.2.2 Policy And Procedure Vulnerabilities ...................................................................... 22 3.2.3 Platform Vulnerabilities ........................................................................................... 24 vii 3.2.3.1 Platform Configuration Vulnerabilities......................................................... 24 3.2.3.1.1 Operating System Related Vulnerabilities ..................................... 25 3.2.3.1.2 Password Related Vulnerabilities ................................................. 25 3.2.3.1.3 Access Control Related Vulnerabilities ......................................... 26 3.2.3.2 Platform Software Vulnerabilities ................................................................ 26 3.2.3.2.1 Denial Of Service ............................................................................ 26 3.2.3.2.2 Malware Protection Definitions Not Current And Implemented Without Exhausting Testing ........................................................... 27 3.3 Countermeasures For MTU And RTU Security Issues .................................................... 27 3.3.1 Counter measures For Policy And Procedure Vulnerabilities ................................ 28 3.3.2 Regular Vulnerability Assessments ........................................................................ 28 3.3.3 Expert Information Security Architecture Design .................................................. 29 3.3.4 Implement The Security Features Provided By Device And System Vendors ....... 29 3.3.5 Establish Strong Controls Over Any Medium That Is Used As A Backdoor Into The SCADA Network ............................................................................................. 30 3.3.6 Implement Internal And External Intrusion Detection Systems And Establish 24-hour-a-day Incident Monitoring ........................................................................ 30 3.3.7 Conduct Physical Security Surveys And Assess All Remote Sites Connected To The SCADA Network ....................................................................................... 31 3.3.8 Firewalls And Intrusion Detection System ............................................................. 31 3.3.9 Electronic Perimeter ................................................................................................ 32 3.3.10 Domain-Specific IDS ............................................................................................ 33 3.3.11 Creating Demilitarized Zones (DMZs) ................................................................ 34 3.3.12 Low Latency And High Integrity Security Solution Using Bump In The Wire Technology For Legacy SCADA Systems .......................................................... 35 viii 4 DISTRIBUTED NETWORK PROTOCOL 3 VULNERABILTIES AND COUNTERMEASURES .......................................................................................................... 39 4.1 Introduction To SCADA Communication Network ........................................................ 39 4.2 Some General Vulnerabilities In SCADA Network ........................................................ 41 4.3 SCADA Communication Protocols ................................................................................. 42 4.4 DNP3 Protocol ................................................................................................................. 42 4.4.1 Introduction To DNP3 Protocol ............................................................................. 42 4.4.2 DNP3 Communication Modes ................................................................................ 44 4.4.3 DNP3 Network Configurations ............................................................................... 44 4.4.4 DNP3 Data Link Layer ........................................................................................... 46 4.4.5 DNP3 Protocol Layer – Pseudo Transport Layer ................................................... 48 4.4.6 DNP3 Protocol Layer – Application Layer ............................................................. 48 4.5 DNP3 Protocol Vulnerabilities And Attacks .................................................................. 50 4.6 Countermeasures For Enhancing DNP3 Security ........................................................... 55 4.6.1 Solutions That Wrap The DNP3 Protocols Without Making Changes To The Protocols .................................................................................................... 55 4.6.1.1 SSL/TLS Solution .................................................................................... 56 4.6.1.2 IPSec (secure IP) Solution ....................................................................... 57 4.6.2 Enhancements To DNP3 Applications................................................................... 57 4.6.3 Secure DNP3 .......................................................................................................... 60 4.6.4 Distributed Network Protocol Version 3 Security (DNPSec) Framework............. 62 4.7 Comparison Of DNP3 Countermeasures ......................................................................... 65 5 MODBUS PROTOCOL VULNERABILITIES AND COUNTERMEASURES ................... 67 5.1 Introduction To Modbus Protocol .................................................................................... 67 ix 5.2 Protocol Specifics ............................................................................................................ 69 5.3 Modbus Serial Protocol ................................................................................................... 71 5.4 Modbus TCP protocol ...................................................................................................... 72 5.5 Vulnerabilities And Attacks In Modbus Protocol ............................................................ 73 5.5.1 Serial Only Attacks .............................................................................................. 73 5.5.2 Serial And TCP Attacks ........................................................................................ 74 5.5.3 TCP Only Attacks ................................................................................................. 75 5.6 Countermeasures For Enhancing Modbus Security ......................................................... 76 5.6.1 Secure Modbus Protocol ........................................................................................ 76 6 RESEARCH ISSUES .............................................................................................................. 89 6.1 Performance Requirements Of SCADA Systems ............................................................ 89 6.2 Authentication And Authorization Of Users At The Field Substations ........................... 89 6.3 Enhancing The Security Of Serial Communication ......................................................... 90 6.4 Access Logs For The IED’s In Substations ..................................................................... 90 6.5 Attacks From Which Side Channel Information Can Be Obtained ................................. 90 6.6 Timing Information Dependency ..................................................................................... 91 6.7 Software Patches Update ................................................................................................. 91 6.8 Intrusion Detection Equipment For The Field Devices And The Control Systems ......... 92 6.9 Authentication Of The Users To Control System Equipment ......................................... 92 6.10 Legacy Systems With Limited Processing Power And Resources ................................ 92 6.11 Roles To Be Defined In The Control Center ................................................................. 93 7 CONCLUSION ........................................................................................................................ 94 7.1 Summary .......................................................................................................................... 94 x
Description: