Framework for SCADA Cybersecurity
By Richard Clark and Stephen Miller
5/5
()
About this ebook
Purpose: Provide Critical Infrastructure customers and academic students an understanding of the NIST Cybersecurity Critical Infrastructure Framework and how to apply the framework to new and existing SCADA applications and implementations.
The objectives of this book are as follows:
1. Establish an overview and introduction of the EO13636 Improving Critical Infrastructure Cybersecurity.
2. Provide knowledge, understanding, and application of the five functions of the framework.
3. Apply tools and standards to enable the framework implementation.
4. Apply industry security recommendations to meet the framework categories.
This eBook is being used as a class textbook in the Cybersecurity Curriculum at Eastern New Mexico University - Ruidoso taught by Professor Stephen Miller
Richard Clark
Technical Specialist and Controls Engineer at InduSoft concentrating on cybersecurity, 3rd party product integration, specialized application development, and product marketing. Mr. Clark has been in Automation, Process System, and Control System design and implementation for more than 25 years and was employed by Wonderware where he developed a non-proprietary means of using IP-Sec for securing current and legacy Automation, SCADA, and Process Control Systems, and developed non-proprietary IT security techniques. Industry expert by peer review and spokesperson on IT security; consultant, analyst and voting member of ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST and other government labs and NSA during the development of NIST Special Publication 800-82. Published engineering white papers, manuals, and instruction documents, developed and given classes and lectures on the topic of ICS/SCADA Security.
Related to Framework for SCADA Cybersecurity
Related ebooks
Industrial Network Security, Second Edition Rating: 3 out of 5 stars3/5Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT Rating: 0 out of 5 stars0 ratingsIndustrial Automation and Control System Security Principles Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Communication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsOperationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsInduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security Rating: 0 out of 5 stars0 ratingsSecurity+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsPractical Internet of Things Security Rating: 0 out of 5 stars0 ratingsThe Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Comptia Network+ V6 Study Guide - Indie Copy Rating: 0 out of 5 stars0 ratingsWireless Networks for Industrial Automation, Fourth Edition Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices Rating: 4 out of 5 stars4/5Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsPractical Modern SCADA Protocols: DNP3, 60870.5 and Related Systems Rating: 5 out of 5 stars5/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Design Principles: Building Secure Resilient Architecture Rating: 0 out of 5 stars0 ratingsTechno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure Rating: 0 out of 5 stars0 ratingsThe Language of Cybersecurity Rating: 5 out of 5 stars5/5Securing Critical Infrastructures Rating: 0 out of 5 stars0 ratings
Certification Guides For You
Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA A+ Certification Passport, Seventh Edition (Exams 220-1001 & 220-1002) Rating: 2 out of 5 stars2/5CompTIA A+ Complete Study Guide: Exam Core 1 220-1001 and Exam Core 2 220-1002 Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Coding For Dummies Rating: 5 out of 5 stars5/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5PHR and SPHR Professional in Human Resources Certification Complete Practice Tests: 2018 Exams Rating: 4 out of 5 stars4/5PHR and SPHR Professional in Human Resources Certification Complete Study Guide: 2018 Exams Rating: 0 out of 5 stars0 ratingsCompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Microsoft Office 365 for Business Rating: 4 out of 5 stars4/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner All-in-One Exam Guide (Exam CLF-C01) Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Network+ Certification Passport, Sixth Edition (Exam N10-007) Rating: 1 out of 5 stars1/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMC Microsoft Certified Azure Data Fundamentals Study Guide: Exam DP-900 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Understanding Cisco Networking Technologies, Volume 1: Exam 200-301 Rating: 0 out of 5 stars0 ratingsHow to Get Started as a Technical Writer Rating: 4 out of 5 stars4/5
Reviews for Framework for SCADA Cybersecurity
1 rating0 reviews
Book preview
Framework for SCADA Cybersecurity - Richard Clark
FRAMEWORK FOR SCADA CYBERSECURITY
By Professor Stephen Miller and Richard H. Clark
Revision A-01.19.2015
Abstract
Purpose: Provide Critical Infrastructure customers and academic students an understanding of the NIST Cybersecurity Critical Infrastructure Framework and how to apply the framework to new and existing SCADA applications and implementations.
The objectives of this book are as follows:
1) Establish an overview and introduction of the EO13636 Improving Critical Infrastructure Cybersecurity.
2) Provide knowledge, understanding, and application of the five functions of the framework.
3) Apply tools and standards to enable the framework implementation.
4) Apply industry security recommendations to meet the framework categories.
FRAMEWORK FOR SCADA CYBERSECURITY
By Professor Stephen Miller and Richard H. Clark
Revision A-01.19.2015
Smashwords Edition
License Notes:
This ebook is available free of charge or for a minimal cost, depending on the requirements of the local ebook distributor or publisher.
Portions or sections of this book may be copied, distributed, reposted, reprinted, or shared as required or needed; simply by including the acknowledgement of the origins of those used or redistributed materials.
eBook ISBN: 978-1310-30996-0
All profits from this ebook are to be directed and donated to the Eastern New Mexico University-Riudoso Foundation, as noted below.
If you find this ebook useful in your business, tax deductible donations to the university 501 (c) (3) foundation are encouraged by contacting:
Copyright 2014 InduSoft, Inc., a Schneider Electric company. All rights reserved. All trademarks are owned by Schneider Electric Industries SAS or its affiliated companies or their respective owners.
Permission is hereby given to Eastern New Mexico University by InduSoft, Inc. to incorporate and reprint copyrighted materials contained in this eBook, including Chapter 5: InduSoft Security Guide
.
This ebook contains original content and materials created by the authors, as well as some materials designated as public domain
or freely distributable
as described within the associated footnotes. The ebook does not contain any known copyrighted information. Copyright violations should be reported to:
InduSoft, Inc., 11044 Research Blvd., Suite A100, Austin, TX 78759 U.S.A, or by email at info@indusoft.com, and every effort will be made to make corrections in subsequent revisions and editions.
Further information about selected subjects within this ebook is available from the website at http://www.indusoft.com and the designated references in Appendix C.
Foreword
InduSoft is proud to be able to participate and provide this Security Guide to the NIST Cybersecurity Framework and to be a part of the Eastern New Mexico University (ENMU) - Ruidoso curriculum. InduSoft strives to maintain customer awareness and education regarding Industrial Control System and Critical Infrastructure Security and in the use of our products. To this end, we continually conduct ongoing product and informational security webinars, publish Technical Notes and White Papers on application construction and security related topics, and publish corporate blogs on security and a number of other useful topics by a variety of different authors. Topics from various InduSoft publications and other media are presented here to help you with your security issues. Feel free to explore any of the topics and subjects in more depth by clicking on the links provided within the sections and in the footnotes, in order to get more information about the subject. We always welcome any new ideas and product suggestions that you may have at info@indusoft.com.
Table of Contents
Abstract
Foreword
Chapter 1: SCADA Cybersecurity Introduction and Review
Section 1: What is SCADA?
Overview
History and Installed Base
How SCADA Systems Work
A More In-Depth Look at a SCADA System
Field Devices Measure the Process for Flow Rate, Pressure, Temperature, Level, Density, Etc.
Field Control Uses Two Types of Controllers
Examples of HMI Screens and Displays Used Within SCADA Systems
Section 2: Overview of Cyber Vulnerabilities
In this section the key objectives are:
Challenges of Securing Information
Understanding and Defining Information Security
Cyber Threat Source to Control/SCADA Systems Descriptions
GAO Threat Table
Cyber-Attacks and Defenses
Vulnerability Assessment and Mitigating Attacks
Section 3: Understanding Control System Cyber Vulnerabilities
Gaining Control of the SCADA System
Three Categories of SCADA Systems
Chapter 2: Cybersecurity Framework Introduction
Section 1: Framework Introduction
Overview of the Framework
Framework Core
Framework Implementation Tiers
Framework Profile
Section 2: Risk Management and the Cybersecurity Framework
Risk Management Redefined
Chapter 3: Cybersecurity Framework Basics
Section 1: Framework Basics
Section 2: Framework Core
Functions
Categories
Subcategories
Framework Implementation Tiers
Section 3: How Does it All Come Together?
Coordination of Framework Implementation
Business Process Management (BPM) Approach to the Framework
Cybersecurity Framework Assessment Process Model Breakdown and Component Parts
Chapter 4: How to Use the Framework
Section 1: Basic Review of Cybersecurity Practices
Section 2: Establishing or Improving a Cybersecurity Program
Step 1: Prioritize and Scope
Step 2: Orient
Step 3: Create a Current Profile
Step 4: Conduct a Risk Assessment
Step 5: Create a Target Profile
Step 6: Determine, Analyze, and Prioritize Gaps
Step 7: Implement Action Plan
Section 3: Communicating Cybersecurity Requirements with Stakeholders
Identifying Gaps
Chapter 5: InduSoft Security Guide
Section 1: New Projects and Security as a Design Consideration
The following is an extract from the InduSoft Technical Note: Application Guidelines
Section 2: Existing Projects
Section 3: Cloud Based Applications
The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA
Section 4: InduSoft Application Security
The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar
Section 5: InduSoft Security Discussion for Web Based Applications
Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications
Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications
Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices
Section 6: InduSoft Recommendations for IT Security
Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational
Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management
Appendix A: Framework Core
Information regarding Informative References described in Appendix A may be found at the following locations:
Appendix B: Cyber Security Evaluation Tool (CSET) Information
Appendix C: References
Recommended Publications for Purchase
Further Reading and Links to Organizations
Appendix D: Glossary
Terms Used in this Publication
Acronyms Used in this Publication
Endnotes
About the Authors and More Information
Chapter 1: SCADA Cybersecurity Introduction and Review
This chapter will provide an introduction to Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Process Control Systems (PCS). What they are and how they are used. Then we will look at cybersecurity vulnerabilities in general and those that are of a higher concern for SCADA and PCS systems.
Section 1: What is SCADA?
Overview
Most readers will already have an in-depth understanding of SCADA System concepts. This section will provide an introduction and review of SCADA systems for students who are using this book for coursework.
SCADA is the acronym for Supervisory Control and Data Acquisition. DCS is the acronym for Distributed Control Systems. PCS is the acronym for Process Control System.
Go to TOC
History and Installed Base
SCADA and PCS systems have been in use since the 1960’s. They are used to centralize and optimize operations in various process and control industries. Those industries are Oil and Gas, Water and Waste Water, Electrical, Utilities, Transportation (Pipelines and rail), Nuclear, and Manufacturing to name a few and as depicted in Figure 1.1 below. They were justified by reducing labor costs and reduced cycle times to delivering and or manufacturing products.
Figure 1.1: SCADA is used for many varied types of processes and industries and for widely diverse purposes[1]
The Supervisory Control System configuration and environment consists of Supervisory and Control Computers for the Operator/Dispatcher Human Machine Interface (HMI) console, Data Acquisition Server, Application Server, Master Database Server, Engineering Workstations, and Firewall in the central control room. The Remote Field Controller units are made up of Remote Terminal Units (RTU), Programmable Logic Control (PLC), and Distributed Control Systems (DCS). A typical SCADA system may look similar to the layout in Figure 1.2.
Figure 1.2: Typical SCADA Configuration[2]
Go to TOC
How SCADA Systems Work
A SCADA system performs four functions:
1) Data acquisition
2) Networked data communication
3) Data presentation
4) Control
These functions are performed by four kinds of SCADA components:
1) Sensors and Control Relays that directly interface with the managed system. They can be either digital or analog in design.
2) Remote Telemetry Units (RTUs/Programmable Control Units (PLCs): These are small computerized units deployed in the field at specific sites and locations. RTUs and PLCs serve as local collection points for gathering reports from sensors and delivering commands to control relays. Legacy RTU’s can also be relay driven.
3) SCADA Master Units: These are larger computer based consoles that serve as the central processor for the SCADA system. Legacy systems were minicomputers and usually OEM products.
a. Master Units provide a human interface to the system and regulate the managed system in response to sensor inputs.
4) The Communications Network connects the control SCADA master unit to the RTUs in the field.
Example: A Simple SCADA System
The simplest SCADA system example would be a single circuit that notifies the operator of one event. Let's use an automated lube mixing manufacturing machine that produces motor oils:
· Every time the machine finishes a bottle of oil, it activates a switch.
· The switch turns on a light on a control panel, which tells the operator that a bottle of oil has been completed.
In a real SCADA system much more processing would be done than this simple example, however the principle is the same. A complete SCADA system monitors much more equipment and processes in a larger scale geographical area.
Go to TOC
A More In-Depth Look at a SCADA System
Systems that need to monitored are much more complex than the above mentioned example. Within a real world application, a SCADA system can monitor thousands of device sensors and tags. Some devices sensors measure inputs into the system (for example, oil flowing into a tank), and some sensors measure outputs (like valve pressure as oil is pumped from a tank). Some of those sensors measure simple events that can be detected by a straightforward on/off switch, called a discrete input or a digital input. For example, in a pipeline, the switch that turns on the valve open light would be a discrete input. Discrete inputs are used to measure simple states, like whether equipment is on or off, or event triggered alarms, like a power failure at a critical facility.
Some device sensors measure more complex events and/or situations where exact measurement is important. These are analog device sensors, which can detect continuous changes in a flow, wind, voltage, or current input. Analog sensors are used to track fluid levels in tanks, wind speed for wind turbines, voltage levels in batteries, temperature and other factors that can be measured in a continuous range of input. In most of the analog factors, there is a normal range defined by a high and low level. For example, you may want an oil tank level to stay within a high and low fill level E.G. High Level: 60 feet and Low Level: 10 feet. If the volume level goes above or below this range, it will trigger a threshold alarm. In more advanced systems, there are four threshold alarms for analog sensors, defining Emergency Low, Normal Low, Normal High, and Emergency High alarms.
In the example of the lube plant, the network
is just the communication wire leading from the switch to the panel light. In a full SCADA system, you want to be able to monitor multiple systems from a central location, so you need a communications network to transport all the data collected from your device sensors. Legacy SCADA networks communicated over radio, modem or dedicated serial lines. Today the trend is to put SCADA data