Securing SCADA and critical industrial systems: From needs to security mechanisms

https://doi.org/10.1016/j.ijcip.2020.100394Get rights and content

Abstract

Supervisory control and data acquisition (SCADA) systems are used in critical infrastructure to control vital sectors such as smart grids, oil pipelines, water treatment, chemical manufacturing plants, etc. Any malicious or accidental intrusion could cause dramatic human, material and economic damages. Thus, the security of the SCADA is very important, not only to keep the continuity of services (i.e., availability) against hostile and cyber-terrorist attacks, but also to ensure the resilience and integrity of processes and actions. Dealing with this issue, this paper discusses SCADA vulnerabilities and security threats, with a focus on recent ones. Then, we define a holistic methodology to derive the suitable security mechanisms for this kind of critical systems. Our methodology starts by identifying the security needs and objectives, specifying the security policies and models, deriving the adapted architecture and, finally, implementing the security mechanisms that satisfy the needs and cover the risks. We focus on the modelling step by proposing the new CI-OrBAC model. In this paper, we focused on securing communication and protecting SCADA against both internal and external threats while satisfying the self-healing, intrusion tolerance, integrity, scalability and collaboration needs.

Introduction

Supervisory Control and Data Acquisition systems (SCADA) provide an automated process for gathering real-time data, controlling industrial processes, and monitoring physically dispersed industrial equipment. Critical infrastructures (CI) such as utility companies and various industries use SCADA systems to automate industrial processes (e.g., natural gas, water, nuclear, manufacturing facilities) while providing real-time data to human operators. However, despite their importance, SCADA are not protected enough, and face several attack vectors that may cause economic, or even, human damages. Attack surfaces are disparate and include sensors, actuators, software, network, application servers, control and transmission buses and protocols, HMI, etc. Protecting these systems actually requires securing their three levels (field, control and supervision levels (Fig. 1)) as well as the communications between these levels.

Moreover, despite the increasing complexity of SCADA and their growing openness to the Internet, securing such systems generally does not follow a systematic methodology, offering the protection measure of one or two levels with classical mechanisms while leaving the whole system vulnerable. Therefore, an in-depth protection based on a well-defined policy seems necessary for securing the whole critical infrastructure (CI). Subsequently, our work aims to provide a new approach for protecting CI by:

  • 1.

    Analyzing the “high level” needs and objectives that obviously could be different form a SCADA system to another, expressed in terms of confidentiality, availability, integrity and traceability;

  • 2.

    Designing the security policies and models that formalize, capture and meet the needs identified in the previous step;

  • 3.

    Deriving the appropriate security architecture and protocols, within a global framework that integrates the different components already identified by the security policy and model; and finally

  • 4.

    Deploying the suitable security mechanisms and measures that can be preventative, protective, palliative, dissuasive, for replication, recovery and intrusion tolerance.

We call this 4-step analysis an OM-AM holistic security approach for satisfying the needs and protecting the SCADA systems against internal as well as external intrusions. Of course, this approach must be cyclical and thus, a part of a continual improvement process including test, correction and adaptation stages.

In the next Section, we present the most relevant threats that face the SCADA networks as well as the attack processes. Then, in Section 3, we present our holistic methodology for specifying the needs and deriving the suitable security mechanisms that satisfy these needs and cover the risks. Afterwards, Sections 4 applies our OM-AM approach to SCADA systems. In Section 5, we discuss existing solutions and related works. Section 6 presents our implementation and performance analysis; and finally, conclusions and perspectives are listed in Section 7.

Section snippets

SCADA systems vulnerabilities, threats and attack processes

Exploiting security vulnerabilities in SCADA networks could cause serious damages such as shut down services (e.g. electricity, power, transportation, telecommunications) for thousands or millions of people or even negatively impacts the nation's economy or even, the citizen’ life. To tackle this issue, it seems necessary to first know the specificities of our SCADA system as well as the adversary's approaches. Numerous attack vectors exist within this environment; some are similar to

OM-AM: a proposed reference model for authorization process applied to SCADA

Basically, authorization involves the following phases: (1) defining a security policy (set of rules) on the bases of a risk analysis confronting the needs to the identified threats; (2) selecting an access control model to encapsulate, abstract and “mathematically” reasoning (and querying) on the defined policy; (3) implementing the model and enforcing the access rules with suitable security mechanisms. Each phase requires specific methods, technics and tools to be deployed. We cite as

Objectives

First, it is important to distinguish which types of ICS are considered in the current study: either Programmable logic controllers (PLCs), which are widely used for manufacturing process automation and control of subsystems; Supervisory control and data acquisition (SCADA) systems, which monitor and control geographically distributed, critical infrastructures such as water distribution or electrical power distribution systems; or Distributed control systems (DCSs), which control industrial

Related work

Up to our knowledge, there is no recent work proposing and applying a systematic methodology starting from the needs and progressively deriving the policies, models, architectures and mechanisms for critical infrastructures.

In 2015, the NIST edited the special publication 800-82 that presents a guide to Industrial Control Systems (ICS) Security [30]. This work perfectly fits into our OMAM methodology. In fact, it first provides an ICS risk management and assessment process while addressing

Implementation and performance analysis

As a “proof of concept”, we have established an initial implementation and execution to the presented framework. Actually, it can be used for a variety of critical systems and applications such as transportation, healthcare, etc. To demonstrate the usefulness of the proposed framework and to illustrate the user experience, we consider as a typical use case in a smart home scenario. We feel that there are critical factors and systems in the Smart Homes environments while the used technology

Conclusions and future works

In this paper we identified the SCADA systems vulnerabilities and we analyzed the possible attacks. Then, we defined and applied a systematic methodology that helped us to progressively identify the security objectives, policy, model, architecture and suitable mechanisms for a SCADA system. The most important objectives are: scalability, usability, interdependencies, enforcement of permission, explicit prohibition as well as obligation rules, collaboration and interoperability, autonomy and

Declaration of Competing Interest

The authors whose names are listed immediately below report the following details of affiliation or involvement in an organization or entity with a financial or non-financial interest in the subject matter or materials discussed in this manuscript. Please specify the nature of the conflict on a separate sheet of paper if the space below is inadequate.

References (42)

  • D. Ghosh et al.

    Self-healing systems—survey and synthesis

    Decis Support Syst

    (2007)
  • D. Li et al.

    SCADAWall: a CPI-enabled firewall model for SCADA security

    Comput. Secur.

    (2019)
  • D. Ghosh et al.

    Self-healing systems – survey and synthesis

    Decis. Support Syst.

    (2007)
  • M. Holloway

    Slammer Worm and David-Besse Nuclear Plant”, Coursework for PH241

    (2015)
  • F. Streefland

    The critical infrastructure: to be or not to be secure

    Eur. Netw. Cyber Secur.

    (2013)
  • D. Adams

    Common SCADA System Threats and Vulnerabilities

    (2015)
  • P.F. Roberts

    Zotob, PnP Worms Slam 13 DaimlerChrysler Plants

    (2005)
  • BlackEnergy - Malware for Cyber-Physical Attacks

    (2016)
  • SANS ICS / E-ISAC, “Analysis of the cyber attack on the ukrainian power grid defense use case”, March 18,...
  • D. Goodin, “Stuxnet-derived malware found infecting SCADA makers: duqu trojan in the wild since December”,18 October...
  • B.C. Ervural et al.

    Overview of cyber security in the industry 4.0 era

  • S. Gordeychik et al.

    SCADA Strangle love or: how I learned to start worrying and love nuclear plants

    Technologie

    (2012)
  • T.H. Morris et al.

    Industrial control system cyber attacks

  • C. Alberts et al.

    Introduction to the OCTAVE Approach.

    (2003)
  • R.S. Sandhu et al.

    Role-based access control

    J. Comput.

    (1996)
  • XACML 3.0 enhancements

    Nanoscale Res. Lett.

    (2011)
  • D. Hardt, The OAuth 2.0 authorization framework,...
  • V. Goyal

    Attribute-based encryption for fine-grained access control of encrypted data

  • A. Abou El Kalam et al.

    Organization based access control

  • G. Zhang et al.

    The research of access control based on UCON in the Internet of Things

    J. Softw.

    (2011)
  • P. Calhoun, M. Holdrege, D. Spence, IETF RFC 2904 - AAA authorization framework, 2000, Available at:...
  • Cited by (0)

    View full text