Securing SCADA and critical industrial systems: From needs to security mechanisms
Introduction
Supervisory Control and Data Acquisition systems (SCADA) provide an automated process for gathering real-time data, controlling industrial processes, and monitoring physically dispersed industrial equipment. Critical infrastructures (CI) such as utility companies and various industries use SCADA systems to automate industrial processes (e.g., natural gas, water, nuclear, manufacturing facilities) while providing real-time data to human operators. However, despite their importance, SCADA are not protected enough, and face several attack vectors that may cause economic, or even, human damages. Attack surfaces are disparate and include sensors, actuators, software, network, application servers, control and transmission buses and protocols, HMI, etc. Protecting these systems actually requires securing their three levels (field, control and supervision levels (Fig. 1)) as well as the communications between these levels.
Moreover, despite the increasing complexity of SCADA and their growing openness to the Internet, securing such systems generally does not follow a systematic methodology, offering the protection measure of one or two levels with classical mechanisms while leaving the whole system vulnerable. Therefore, an in-depth protection based on a well-defined policy seems necessary for securing the whole critical infrastructure (CI). Subsequently, our work aims to provide a new approach for protecting CI by:
- 1.
Analyzing the “high level” needs and objectives that obviously could be different form a SCADA system to another, expressed in terms of confidentiality, availability, integrity and traceability;
- 2.
Designing the security policies and models that formalize, capture and meet the needs identified in the previous step;
- 3.
Deriving the appropriate security architecture and protocols, within a global framework that integrates the different components already identified by the security policy and model; and finally
- 4.
Deploying the suitable security mechanisms and measures that can be preventative, protective, palliative, dissuasive, for replication, recovery and intrusion tolerance.
We call this 4-step analysis an OM-AM holistic security approach for satisfying the needs and protecting the SCADA systems against internal as well as external intrusions. Of course, this approach must be cyclical and thus, a part of a continual improvement process including test, correction and adaptation stages.
In the next Section, we present the most relevant threats that face the SCADA networks as well as the attack processes. Then, in Section 3, we present our holistic methodology for specifying the needs and deriving the suitable security mechanisms that satisfy these needs and cover the risks. Afterwards, Sections 4 applies our OM-AM approach to SCADA systems. In Section 5, we discuss existing solutions and related works. Section 6 presents our implementation and performance analysis; and finally, conclusions and perspectives are listed in Section 7.
Section snippets
SCADA systems vulnerabilities, threats and attack processes
Exploiting security vulnerabilities in SCADA networks could cause serious damages such as shut down services (e.g. electricity, power, transportation, telecommunications) for thousands or millions of people or even negatively impacts the nation's economy or even, the citizen’ life. To tackle this issue, it seems necessary to first know the specificities of our SCADA system as well as the adversary's approaches. Numerous attack vectors exist within this environment; some are similar to
OM-AM: a proposed reference model for authorization process applied to SCADA
Basically, authorization involves the following phases: (1) defining a security policy (set of rules) on the bases of a risk analysis confronting the needs to the identified threats; (2) selecting an access control model to encapsulate, abstract and “mathematically” reasoning (and querying) on the defined policy; (3) implementing the model and enforcing the access rules with suitable security mechanisms. Each phase requires specific methods, technics and tools to be deployed. We cite as
Objectives
First, it is important to distinguish which types of ICS are considered in the current study: either Programmable logic controllers (PLCs), which are widely used for manufacturing process automation and control of subsystems; Supervisory control and data acquisition (SCADA) systems, which monitor and control geographically distributed, critical infrastructures such as water distribution or electrical power distribution systems; or Distributed control systems (DCSs), which control industrial
Related work
Up to our knowledge, there is no recent work proposing and applying a systematic methodology starting from the needs and progressively deriving the policies, models, architectures and mechanisms for critical infrastructures.
In 2015, the NIST edited the special publication 800-82 that presents a guide to Industrial Control Systems (ICS) Security [30]. This work perfectly fits into our OMAM methodology. In fact, it first provides an ICS risk management and assessment process while addressing
Implementation and performance analysis
As a “proof of concept”, we have established an initial implementation and execution to the presented framework. Actually, it can be used for a variety of critical systems and applications such as transportation, healthcare, etc. To demonstrate the usefulness of the proposed framework and to illustrate the user experience, we consider as a typical use case in a smart home scenario. We feel that there are critical factors and systems in the Smart Homes environments while the used technology
Conclusions and future works
In this paper we identified the SCADA systems vulnerabilities and we analyzed the possible attacks. Then, we defined and applied a systematic methodology that helped us to progressively identify the security objectives, policy, model, architecture and suitable mechanisms for a SCADA system. The most important objectives are: scalability, usability, interdependencies, enforcement of permission, explicit prohibition as well as obligation rules, collaboration and interoperability, autonomy and
Declaration of Competing Interest
The authors whose names are listed immediately below report the following details of affiliation or involvement in an organization or entity with a financial or non-financial interest in the subject matter or materials discussed in this manuscript. Please specify the nature of the conflict on a separate sheet of paper if the space below is inadequate.
References (42)
- et al.
Self-healing systems—survey and synthesis
Decis Support Syst
(2007) - et al.
SCADAWall: a CPI-enabled firewall model for SCADA security
Comput. Secur.
(2019) - et al.
Self-healing systems – survey and synthesis
Decis. Support Syst.
(2007) Slammer Worm and David-Besse Nuclear Plant”, Coursework for PH241
(2015)The critical infrastructure: to be or not to be secure
Eur. Netw. Cyber Secur.
(2013)Common SCADA System Threats and Vulnerabilities
(2015)Zotob, PnP Worms Slam 13 DaimlerChrysler Plants
(2005)BlackEnergy - Malware for Cyber-Physical Attacks
(2016)- SANS ICS / E-ISAC, “Analysis of the cyber attack on the ukrainian power grid defense use case”, March 18,...
- D. Goodin, “Stuxnet-derived malware found infecting SCADA makers: duqu trojan in the wild since December”,18 October...