20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerabilities
1. Critical Infrastructure Assessment Techniques
to Prevent Threats & Vulnerabilities
MR. SHAKEEL ALI
10th International Conference on Software QA and Testing on Embedded Systems
2. Short Biography
Security Enthusiast, Evangelist, and Researcher
Founder - Cipher Storm Ltd, UK
Founder - Ethical-Hacker.Net
BackBox Linux Contributor - A next-generation penetration testing
platform
Web Application Security Consortium (WASC) Project - Threat
Classification TC v2
Book Publications:
BackTrack 4: Assuring Security by Penetration Testing (April
2011), Packt Publishing, ISBN: 1849513945
Cyber Security Standards, Practices and Industrial Applications:
Systems and Methodologies (August 2011), IGI Global
Publishing, ISBN: 1609608518
2
3. Agenda
Embedded System Applications In ICS
Historic Incidents - What we have learned?
ICS Network Architecture - Possible Attack Vectors
Vulnerabilities - Broad View
Threats - Who is targeting ICS?
Prevention Strategies and Recommendations
Risk Management Checklist
ICS Evaluation Criteria
References and Additional Reading
3
4. Embedded System Applications In ICS
Several types of Embedded Systems :
Supervisory control and data acquisition (SCADA)
Distributed control systems (DCS)
Programmable logic controllers (PLC)
Human Machine Interface (HMI)
Remote Terminal Units (RTU)
Common Use:
Electrical power generation and distribution, Chemical
plant, Water management, Manufacturing facility,
Transportation, Telecommunication, Oil and gas
production, Nuclear power plant, Pharmaceutical,
Defense systems, Wind energy, etc.
4
5. Historic Incidents - What we have learned?
January 2003, Davis-Besse Nuclear Power Plant, Ohio,
Slammer worm infected the whole network and disabled
the safety monitoring systems.
January 2005, a cyber attack knocked out power supply in
three cities in the North of Rio De Janeiro, Brazil affecting
tens of thousands of people.
September 2007, a cyber attack caused major disruptions
affecting more than 3 million people in dozens of cities in
the Brazilian state of Espírito Santo.
July 2010, a computer worm “Stuxnet” has targeted
Siemens industrial platforms (Siemens PCS7, WinCC and
STEP7) running on Windows OS. First of its kind included
with Programmable Logic Controller (PLC) rootkit.
5
7. Vulnerabilities - Broad View
Easy to carry sophisticated/multi-layered attacks
Confidence in commercial software
Interconnected, web-enabled systems on
distributed networks
Competitive energy market
High performance & reliability requirements
Control Systems are inherently insecure
Developed without security in mind
Mostly with no firewall and intrusion detection
capabilities
Improper authentication controls
7
8. Use of open protocols (ICCP / CIM / DNP3 / Modbus /
Profibus), increased use of intelligent devices, and
lack of encryption.
Insecure real-time OS at the control-processor
level
Remote access to these systems (dial-in
modems, PC-Anywhere, FTP, etc)
Default vendor passwords (sometimes hardcoded
into the firmware)
Host machines that control SCADA/DCS systems
(XWindows or ActiveX controls)
8
9. Communications systems are used to send
control signals (wired and wireless) could be
jammed or manipulated via spoofing and DoS
attacks.
Proprietary operating systems (Windows, Unix,
QNX, RTX, VxWorks)
Access through corporate networks (application
and network level attacks)
Lack of communication within an operational
organization
9
10. Threats - Who is targeting ICS?
Hackers
Hackers come in many forms
Technically cognizant hackers with detailed knowledge
of energy systems
Cyber-terrorists
No known/public example of cyber-terrorism to date
Terrorist groups are constantly developing cyber
attack capabilities
Insiders
Employee with detailed knowledge
Disgruntled employees or ex-employees
10
11. State-sponsored cyber warfare activists
Nation-states are actively developing cyber warfare
capabilities
Resources, capabilities, knowledge, and competences
of the control systems and technologies
11
12. Prevention Strategies and Recommendations
Identifying Critical Risks
Develop business strategies to address control system
vulnerabilities, threats, technology limitations, etc.
Information sharing platform for cross-sector attacks
Develop and implement strong encryption mechanism
Regular assessment through SCADA Test Bed
Legacy Systems Security
Developing security solutions
Long-term plan for legacy system development life cycle
Implement secure connection best practices
Security plan for incident response and recovery
Security Tools
Develop automated system for managing security alerts
12
13. Measurable security through metrics/standards
Identifying effective perimeter security solutions
System Architecture
An integrated intrusion detection and prevention solution
Security test harness
Secure architecture with plug-and-play compatibility
Staff Security Awareness
Decisions that may introduce vulnerabilities into
management and control system
Background Checks
Regular checks on current employees, new hires, and
contractors
Establish a security perimeter
13
14. Secure and minimize remote connections to
control networks
Secure and minimize local connections between
corporate networks and control systems
Implement strong access control
Develop control system security policies and
procedures
Encrypt communications channels (SSL VPNs,
SSH, PKI)
Use one-way connections (diode firewall)
Use dial-back modems, token-based
authentication (e.g. RSA SecurID)
14
15. Disable all the unnecessary applications,
services, and ports
Remove or change all default/vendor-supplied
passwords (e.g. SNMP community strings)
Develop security tools and technologies for real-
time OS suitable for your control systems
environment
Conduct an in-depth control systems cyber
security audit
Embedded systems quality assurance through
formal verification and validation
Develop and maintain BC/DR plan
15
16. Risk Management Checklist
Identify critical functions and assets, and the impacts
of their loss
Identify what protects and supports the critical assets
Evaluate and rank the potential threats and
vulnerabilities
Assess risk and determine priorities for asset
protection
Identify best mitigation strategies and their costs
Initiate a security enhancement program
Assist plant operators in identifying priorities for
protecting energy infrastructure
16
18. References and Additional Reading
[1] SCADA Security Research Tools
http://www.digitalbond.com/tools/
[2] Security Assessment Toolset
http://www.scadahacker.com/tools.html
[3] Getting Started on ICS and SCADA
Security
Part(1): http://www.tofinosecurity.com/blog/getting-
started-ics-and-scada-security-part-1-2
Part(2): http://www.tofinosecurity.com/blog/getting-
started-ics-and-scada-security-part-2-2
18
19. [4] Security Advisories and Exploits
http://www.digitalbond.com/scadapedia/vulnerability-
notes/
http://aluigi.altervista.org/adv.htm
http://www.scadahacker.com/vulndb/ics-vuln-ref-
list.html
[5] Jyostna, K., PADMAJA, V. (2011). Secure
Embedded System Networking: An Advanced
Security Perspective. International Journal of
Engineering Science and Technology (IJEST).
3 (5), 3854.
19