Supervisory Control and Data Acquisition and DNP 3.

0 Countermeasures
Security Issues and its respective countermeasures SCADA
Security Issue Description Security Countermeasures
Threat Levels
Policy and Procedure Inadequate security Integrity  Detail documented list of the
Vulnerabilities policies, without the overall security architecture of a
security architecture system is in a security plan. Some
and design pose a areas covered in the security plan
threat. Lack of are policies and procedures for
security audits, operational security, user and data
disaster recovery authentication, backup policies etc.
plan etc. The implementation guide details
on how the above security plans
needs to be implemented, where are
all the relevant areas in the entire
architecture, where it needs to be
implemented etc. Configuration
management will include all the
configuration details listed for every
equipment and all the relevant
security policies that apply to them.
Enforcement and auditing makes
sure that security policies, plan and
implementation for each of the
equipment is done correctly and
also maintained correctly
Platform Configuration OS and application Confidentiality,  Implement The Security Features
Vulnerabilities security patches are Integrity, Provided By Device And System
not maintained. Availability Vendors
Inadequate access  Establish Strong Controls Over Any
control to systems, Medium That Is Used As A
inadequate Backdoor Into The SCADA
password policies. Network
 Implement Internal And External
Intrusion Detection Systems And
Establish 24-hour-a-day Incident
Monitoring
 Conduct Physical Security Surveys
And Assess All Remote Sites
Connected To The SCADA
Network

Platform Software Vulnerabilities Buffer Overflow. Confidentiality,  Firewalls And Intrusion Detection
Denial of Service, Integrity, System
Intrusion Availability,  Electronic Perimeter
detection/prevention Accountability  Expert Information Security
software not Architecture Design
installed, malware
protection not
provided
Network Perimeter Vulnerabilities Firewalls Confidentiality,  Firewalls And Intrusion Detection
nonexistent or Integrity, System
improperly Accountability  Electronic Perimeter
configured,  Domain-Specific IDS
Insecure  Creating Demilitarized Zones
Connections (DMZs)
Exacerbate
 Vulnerabilities,
Network Leak
Vulnerabilities
Network Communication Passive Network Integrity The Security Enhancement approaches are
Vulnerabilities Reconnaissance Accountability divided into three categories:
Baseline Response Integrity 1) Solutions that wrap the DNP3
Replay Integrity, protocols without making changes
Rogue Interloper Confidentiality to the protocols
Length Overflow Availability a. SSL/TLS Solution
and DFC Flag Availability
Attack Integrity b. IPSec (secure IP) Solution
Reset Function and Integrity
unavailable function Integrity, 2) Solutions that alter the DNP3
Attack Availability protocols fundamentally
Destination Address Availability a. Distributed Network Protocol
Alteration Version 3 Security (DNPSec)
Fragmented
Framework
Message
Interruption 3) Enhancements to the DNP3
Transport Sequence application.
Modification a. Authentication Octets
Outstation Data b. Authentication via challenge
Reset response
Outstation
Application
Termination

SCAD Countermeasures in Detail.

1) Implement The Security Features Provided By Device And System Vendors

Older SCADA networks did not have many security features to protect the system. The utility companies which own the SCADA
networks must ask the vendor to provide security patches to the existing system and also produce newer system with enhanced
security features. Also factory default security features should not be used because their intent is to provide excellent usability and
provide the minimum amount of security. When the default settings are being changed and are not set to its maximum security
limits, a thorough risk assessment must be done before those levels are fixed [4].

2) Establish Strong Controls Over Any Medium That Is Used As A Backdoor Into The SCADA Network
Strong authentication must be implemented to ensure secure communications where backdoors vendor connections exist in
SCADA system. Modems, wireless and wired networks used for communications and maintenance represent a significant
vulnerability to the SCADA network and remote sites. Sending false packets from the enterprise network can attack SCADA
system if the SCADA system does not authenticate the packet. It needs to check if the packet is from a authenticate source and
only then process the packet [4]. Authentication methods such as challenge response, hashing algorithms and digital signatures
can be used.

3) Implement Internal And External Intrusion Detection Systems And Establish 24-hour-a-day Incident Monitoring
When abnormal sequence of events takes place on the SCADA network there must be some way to inform the network
administrators about this activity. This can be done by using intrusion detection mechanisms where 24 hours tracing of events on
the network is recorded. When a security incident takes place either from internal or external sources then there should be
techniques and procedures to immediately overcome them based on the level of damage it can cause. To complement network
monitoring, enable logging on all systems and audit system logs daily to detect suspicious activity as soon as possible [2].
4) Conduct Physical Security Surveys And Assess All Remote Sites Connected To The SCADA Network
Automated systems in the SCADA network are most susceptible to attacks since they are unmanned and unguarded. An inventory
of all access points and carrying out physical cables that could be tapped; radio and microwave links that are exploitable;
computer terminals that could be accessed; and wireless local area network access points. Eliminate any points of failure. Prevent
unauthorized access to the websites within the enterprise intranet since they provide access to the SCADA system [4].

5)Public Information Availability: Figure 7-1 is used to implement the general security policies and procedure. The structure
encompasses all the security features that need to be covered in a security policy which can also be applied to SCADA[3].

Figure 7-1: Basic Functions of Security Policy [3]

Each block in the above chart and their functionality is described above in the table.
6) Firewalls and Intrusion Detection System
Threats to SCADA network can come from malicious attackers via the internet and hence it is important to monitor the traffic that
flows into it. It is important that firewalls and other Intrusion Detection Systems (IDS) be installed at the various ingress points
(gateways) of the SCADA network to identify malicious traffic before it is allowed to enter [14] [15]. This will filter out some of
the attacks but not all. Hence more rigorous scheme needs to be implemented to overcome the attacks that still manage to flow
through. Viruses and worms could swamp the systems with huge volumes of attack traffic. Just having only firewalls and IDS at
entry points may not suffice. This leads to the concept of the electronic perimeter.
Figure: Firewall and Intrusion detection system implementation between Enterprise and SCADA control system

7) Electronic Perimeter
Traffic flowing from outside sources reaches the gateway where a firewall restricts malicious packets and allows the rest to flow
through. The traffic that flows through might still have some malicious packets which could harm the system. Beyond this
gateway there is not much filtering that takes place and hence it is important to define and electronic perimeter broader so that it
filtering takes place once before data reaches the gateway [14]. This perimeter can be formed by multiple intrusion detection
systems installed on a wider area. Huge volumes of traffic can be handled by an extended perimeter as it would be possible to
stop the attacks further away from the SCADA network. This provides a number of advantages of providing an overlay network
in a more distributed and collaborative fashion. It also provides a barrier that always only legal traffic through.

Figure: Electronic Perimeter implementation in SCADA system

8) Domain-Specific IDS
The above mentioned methods i.e. intrusion detection systems installation and electronic perimeter make a baseline protection to
provide normal system behavior. In addition, a perspective on an intrusion can be developed by analyzing emerging
characteristics. SCADA data can be analyzed in order to look for such patterns. To identify these patterns it is important to have
some basic knowledge which is domain specific and also associated with communication devices to construct an IDS attacks
signature database. It would require intense analysis of the interconnected grid in order to identify the attack patterns and study
them and then generate signatures. However, once this is achieved, the observed behavior needs to be correlated to detect
potential intrusions and filter the attack traffic [14]. Hence IDS with these signatures and the secure electronic perimeter can be
made to work in a synchronized manner to combat the security issues posed by malware.

9) Creating Demilitarized Zones (DMZs)

Demilitarized Zones created using firewalls can protect the SCADA network [17]. Multiple DMZs can be created to separate
functionalities and access previleges such as peer to peer connections, the data historian, security servers, configurations servers
etc. The figure 7-4 below shows the creation of DMZs.

Figure 7-4: Demilitarized Zones Architecture [17]

All the connections can be routed through firewalls and administrators keep a diagram of the local area network and its
connections to protected subnets, DMZs, the corporate network, and the outside. Multiple demilitarized zones help from attacks
such as virtual LAN hopping, trust exploitation. Brings in a better security posture [17].

10) Comparisons of DNP3 Countermeasures [18][19][20][21]

SCADA/DNP3 Security Advantages Disadvantages

Solutions

Wrapping DNP3 frame  The IEC Technical  Run only on a reliable transport protocol
with SSL/TLS Committee has accepted (TCP and not for UDP)
SSL/TLS as part of a
security standard for  High performance cost
their communication  No non-repudiation services
protocol
 Can’t protect data before it is sent or after it
 Freely available for all arrives its destination
 common OS  Implementation of the protocol required
understanding of the application, OS, and its
 Relatively mature specific system calls.
 CA are rather expensive and not really
compatible with each other

Wrapping DNP3 frame  Protection against DOS  Very complex and hard to implement
with IPSec
 Implemented by  Higher performance cost
Operating Systems,
Routers, etc.  All devices shall support TCP and UDP
communications on port number 20000
 Transparent to
applications (below
transport layer)
 No need to upgrade
applications

DNPSec  End-to-End security at  Required some modification to the DNP3

the application level to Data Link Layer
support any
communication link  Theoretical approach, needs to proof the
concept (in going work)
 Protocol is simple
eliminating the
complexity of the key
exchange and
management issues
 Implement it once for all
communication networks

REFERENCES

[2] Edward Chikuni, Department of Electrical Engineering Polytechnic University of Namibia, Namibia, Maxwell Dondo,
Defence R&D Ottawa, 2007 “ Investigating the Security of Electrical Power Systems SCADA”. [Online]
Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4401531&tag=1

[3] Micrologic System Inc, “SCADA primer”, [Online].

Available: http://www.micrologic-systems.com/primers/scada.htm

[4] Robert F. Dacey, Director, Information Security Issues Oct 2003, “CRITICAL INFRASTRUCTURE PROTECTION,
Challenges in Securing Control Systems”. [Online]
Available: http://www.gao.gov/new.items/d04140t.pdf

[14] Chee-Wooi Ten, Student Member, IEEE, Iowa State University, Manimaran Govindarasu, Member, IEEE, Iowa State
University, and Chen-Ching Liu, Fellow, IEEE, Iowa State University 2007, “Cyber security for Electric Power Control and
Automation Systems”. [Online]
Available: http://powercyber.ece.iastate.edu/publications/SMC-conf.pdf

[15] Dale Peterson, Director, Network Security Practice Digital Bond, Inc, “Intrusion Detection and Cyber Security Monitoring of
SCADA and DCS Networks”. [Online]
Available: http://www.isa.org/filestore/Division_TechPapers/GlassCeramics/TP04AUTOW046.pdf

[17] Gordon Clarke, Deon Reynders, Edwin Wright, “Practical Modern SCADA Protocols:
DNP3, 60870.5 and Related Systems” British Library Cataloguing in Publication Data, ISBN 07506 7995. [Online]
Available: http://www.sensorsportal.com/HTML/BOOKSTORE/SCADA_Protocols.htm

[18] Samuel East, Jonathan Butts, Mauricio Papa and Sujeet Shenoi, “A Taxonomy of attacks on the DNP3 protocol”. [Online]
Available: http://www.springerlink.com/content/k48k4733v0367120

[19] James H. Graham, Sandip C. Patel, Dept. of Computer Engineering and Computer Science
University of Louisville, September 2004, “Security Considerations in SCADA Communication Protocols”. [Online]
Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.84.1152

[20] Munir Majdalawieh1, Francesco Parisi-Presicce, Duminda Wijesekera,” DNPSec: Distributed Network Protocol Version 3
(DNP3) Security Framework”. [Online]
Available: http://www.acsac.org/2005/techblitz/majdalawieh.pdf

[21] Grant Gilchrist, PE, FnerNex Corporation, Okotoks, 2008,” Secure Authentication for DNP3”. [Online]
Available: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4596147

[22] A. B. M. Omar Faruk, KTH Electrical Engineering Master Thesis, Stockholm, Sweden, June 2008, “Testing & Exploring
Vulnerabilities of the Applications Implementing DNP3 Protocol”.[Online]
Available: http://www.kth.se/ees/omskolan/organisation/centra/ekc2/publications/modules/publications_polopoly/reports/2008/
XR-EE-ICS_2008_020.pdf