SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from oil and gas pipelines to nuclear facilities to water treatment plants. Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens and the efficient functioning of a country’s government.

1. ABHISHEK GOEL
Challenges and Solution to Mitigate the cyber-attack
on Critical Infrastructure and Infrastructure Securities

2. What is Cyber Security
ICS/SCADA and Critical Infrastructure
Challenges & Attack Vectors
Solution => DiD
DiD in Brief
ISA Standard
Conclusion
References
Agenda

3. Cyber => word from cybernetic , generally refers for internet now a days.
Cyber space
Cyber Risks
Cyber Threats
Cyber Crime
Cyber War
Cyber Terror
Cyber Security
What is Cyber Security

4. SCADA systems control some of the most vital infrastructure in industrial and energy sectors, from
oil and gas pipelines to nuclear facilities to water treatment plants.
Critical infrastructure is defined as the physical and IT assets, networks and services that if disrupted
or destroyed would have a serious impact on the health, security, or economic wellbeing of citizens
and the efficient functioning of a country’s government.
Ex:
1. Oil and Gas
2. WWW
3. Nuclear
4. Tele Communications etc.
SCADA System & Critical Infrastructure

5. Industry Revolution
The increased connectivity of smart machinery, a shift known as
industry 4.0, exposed the operational Risk for ICS/SCADA. While
this gradual shift i.e. IT- based solutions in the industrial space was
made for commercial benefits, ease-of-operability and integration, it
also exposed the control system to more cyber-attacks like Stuxnet.
This increases the risk to control system availability.
Expert Say better visibility is essential to improving
the cybersecurity of industrial control systems and
critical infrastructure, but InfoSec teams will never
gain that visibility until they stop trying to observe
ICS environments through the eyes of IT professionals.
Because of IT-OT convergence, it is very important to
understand the whole plant as asset not as an
individual component. Always look for ‘big picture’.

6. The impact of attacks targeting SCADA systems depends on
the threat actor’s intent and the level of knowledge and access
they have about the target. Like we have seen in the past for
Stuxnet and Ukrainian Power grid attacks.
“That furnace meltdown at a German steel mill purportedly
started when someone clicked on a phishing email infected
with malware, which allowed hackers to make their way down
the network to attack the blast furnace.”
On 23 Dec 2015, Ukrainian Power grid attack occurred, which
in result created a unscheduled power outages to a large
number of company customers. There were also reports of
malware infections affecting the Ukrainian companies in a
variety of critical infrastructure sectors. Approx. 230,000
customers were affected and attackers turned off light with a
few mouse clicks.

7. Main differences between requirements on security for general information systems and IACS

8. Attack vectors:
While the intention behind the attack vary, the key attack vectors for any
cyber threat are typically as given:

9. Attack vectors:
Left side chart shows the common SCADA vulnerability types

10. Legacy Software
Default Configuration
Lack Of Encryption
Remote Access Policies
Policies and Procedures
Lack of Network Segmentation
DDoS Attacks
Web Application Attacks
Malware
Command injection and parameter Manipulation
2016 Top 10 Critical Infrastructures and SCADA/ICS Cyber Security Vulnerabilities & Threats
Operational Technology (OT) Systems Lack Basic Security Controls

11. The Plant Security , Network Security and System Integrity
form the foundation for the Industrial Security concept.
Steps Towards Solutions:
There are many strategies are in place to prevent and detect the ICS
vulnerability. Defense in Depth (DiD) is one of them which is also
recommended by Schneider-electric.
PlantStuxure Network Defense-in-Depth components

13. Steps Towards Solutions:
PlantStuxure Network Defense-in-Depth components
DMZ in PlantStruxure Architecture
Sample PlantStruxure Architecture

14. • ISA/IEC-62443 is a series of standards, technical reports, and related information that define procedures for implementing
electronically secure Industrial Automation and Control Systems (IACS). This policies and procedures applies to end-users (i.e.
asset owner), system integrators, security practitioners, and control systems manufacturers who are responsible for manufacturing,
designing, implementing, or managing IACS.
• There are two open standards for SCADA communications that provide Encryption and Authentication.
IEEE6189 suite => secure SCADA equipment communication
IEC 62351 suite => secure Authentication for DNP3communication
• There are many protocols involved in this space, and therefore there is a lot of potential for action against the protocol themselves.
• In a typical SCADA system, messages are sent using a given protocol format, such as MODBUS or DNP3. Anyone who can see the
messages being transmitted can decode them and see what information is being transferred from device to device. That’s why
encryption and Authentication is required to secure the communication.
ISA/IEC-62443 formerly known as ISA99

15. Common ICS software Vulnerability

16. • Dynamic Whitelisting –Provides the ability to deny unauthorized applications and code on servers, corporate
desktops, and fixed-function devices.
• Memory Protection – Unauthorized execution is denied and vulnerabilities are blocked and reported.
• File Integrity Monitoring – Any file change, addition, deletion, renaming, attribute changes, ACL modification, and owner modification
is reported. This includes network shares.
• Write Protection – Writing to hard disks are only authorized to the operating system, application configuration, and log files. All
others are denied.
• Read Protection – Read are only authorized for specified files, directories, volumes and scripts. All others are denied.
There are some solutions techniques for preventing vulnerability exploitation:

17. Conclusion
SCADA systems are increasing in complexity, due to the integration of different components, in many cases produced by different manufacturers. It’s
necessary to address the security level of each device and the overall environment. That’s done by considering their surface of attack and exposure to
cyber threats that could arm the systems.
There are many challenges to protect or prevent ICS/SCADA systems from cyber-attacks and I feel right knowledge and On Time Awareness can play
a significant role in future.
The security component must become part of the project of an industrial system. It must be considered a specific requirement. The overall security of
critical infrastructures must be audited during the entire lifecycle of its components.
To prepare to defend against future attacks against critical infrastructure, it is also necessary to understand how these attacks have been carried out in
past.
There’s no silver bullet for cybersecurity=> “Security requires a multi-layered approach
that combines technology, practices and people,”
We must save our HMI (Human Machine Interface) to become Hacker Machine Interface (HMI)
“Achieving security by design is essential in securing critical infrastructure. Cybersecurity must
be embedded in the systems and networks at the very beginning of the design process so that
it becomes an integral part of the systems functioning.”

18. 1. Cyber Security for Industrial Automation Control Systems
2. Mitigation for security Vulnerabilities found in Control system networks-2004
3. www.darkreading.com/vulnerabilities---threats/look-but-dont-touch-one-key-to-better-ics-
security
4. SCADA Security-Schneider-Electric
5. http://www.sans.org/reading-room/analysts-program/sans-survey-scada-2013
6. http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/21_Steps_-_SCADA.pdf
References: