Cyber security training strategy: dealing with maritime SCADA risks

Control systems on board ships collect sensor measurements and data from various operational activities and display all the relevant information; they also facilitate relaying of control commands to local or remote equipment. Distributed control systems (DCS) are typically used within a single process or generating plant; supervisory control and data acquisition (SCADA) systems are used for larger-scale environments. The SCADA system communications infrastructure tends to be slower and less reliable, and so the remote terminal unit in a SCADA system has local control schemes to handle that eventuality. Security in general and cyber security specifically were not the major concerns of early standalone maritime SCADA systems. Security was primarily achieved by controlling physical access to system components, which were unique and used proprietary communication protocols. For years, security in SCADA systems was viewed as just an implication of safety. Over the last decade, however, the situation has changed, and numerous standards/directives dealing with the cyber security of SCADA systems have emerged. Characteristics of maritime SCADA cyber security are discussed; related training needs are identified next. The pedagogical approaches are also presented in order to train seafarers in risk assessment, prevention and mitigation strategies related with maritime SCADA cyber security risks

Comparison of the intrusion detection system rules in relation with the SCADA systems

Increased interconnectivity, interoperability and complexity of communication in Supervisory Control and Data Acquisition (further only SCADA) systems, resulted in increasing efficiency of industrial processes. However, the recently isolated SCADA systems are considered as the targets of considerable number of cyber-attacks. Because of this, the SCADA cyber-security is under constant pressure. In this article we examine suitability of current state signature based Intrusion Detection System (further only IDS) in SCADA systems. Therefore, we deeply evaluate the Snort and the Quickdraw rules based on signatures in order to specify their relations to SCADA cyber security. We report the results of the study comprising more than two hundred rules. © Springer International Publishing Switzerland 2016

Towards a Layered Architectural View for Security Analysis in SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure

The significance of the transition of Supervisory Control and Data Acquisition (SADA) Systems to TCP/IP platforms

SCADA system security is a significant United States national security issue based on the systems’ vulnerabilities and the cyber threats that seek to exploit them. Within the last fifteen years as SCADA systems have collectively transitioned to Transmission Control Protocol/ Internet Protocol (TCP/IP) networks, analysts and policy-makers have expressed increased concern over the general security and protection of SCADA systems, which are responsible for monitoring and controlling our nation’s critical infrastructure. SCADA systems are susceptible based on their ease of entry and their attractiveness as a target. In addition, there a number of cyber threats such as hackers and malware, insiders, terrorist organizations and state actors that are dangerous based on their intent and capabilities. U.S. government engagement with private sector owners and operators of critical infrastructures is essential for mitigating the abundant threats that characterize cyber-terrorism

Autonomic computing meets SCADA security

© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems

SCADA and industrial control systems have been traditionally isolated in physically protected environments. However, developments such as standardisation of data exchange protocols and increased use of IP, emerging wireless sensor networks and machine-to-machine communication mean that in the near future related threat vectors will require consideration too outside the scope of traditional SCADA security and incident response. In the light of the significance of SCADA for the resilience of critical infrastructures and the related targeted incidents against them (e.g. the development of stuxnet), cyber security and digital forensics emerge as priority areas. In this paper we focus on the latter, exploring the current capability of SCADA operators to analyse security incidents and develop situational awareness based on a robust digital evidence perspective. We look at the logging capabilities of a typical SCADA architecture and the analytical techniques and investigative tools that may help develop forensic readiness to the level of the current threat environment requirements. We also provide recommendations for data capture and retention

Wireless ICS Training Platform

Indiana University - Purdue University IndianapolisEssential public services, such as Electric, Water and Gas Utilities, are becoming increasingly reliant on network connected devices to control their processes. Wireless control systems are becoming more common in distributed systems, since they offer many advantages over hard wired alternatives. While cyber physical systems such as PLCs offer many advantages, they are also vulnerable to cyber-attacks. Military force readiness for defense of critical infrastructure against cyber-attacks requires state of the industry industrial control systems for cyber security training. A remote terminal unit using broad spectrum radio was integrated into an existing Water Treatment Plant SCADA system and provided to the US Army for training.Electrical Engineering Technolog

Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring

Supervisory control and data acquisition (SCADA) systems are industrial automation systems that remotely monitor and control critical infrastructures. SCADA systems are major targets for espionage and sabotage attackers. We describe recent SCADA attacks that have caused serious financial losses and physical infrastructure damages Current commercial off-the-shelf security solutions are insufficient in protecting SCADA systems against sophisticated cyber-attacks. SCADA systems are often not monitored to the same level as business computer systems. Furthermore, these breaches are not detected in real-time or fast enough to prevent further damages. To address this challenge we did a feasibility study to prove that monitoring power consumption of SCADA devices is an effective approach to detect cyber-attacks. We built a testbed containing a Programmable Logic Controller (PLC) that was instrumented to record its power usage.Three SCADA-specific cyber-attacks were simulated and we report the power consumption of the PLC under these normal and anomalous scenarios. We show that it is possible to distinguish the PLC power utilization between these scenarios