Jack McIntyre 2

SCADA – Are we self-sufficient?Presented by Jack McIntyre

15/05/2015

Jack McIntyre 3

SCADA – Are we self-sufficient?

• What is SCADA?

• Where is SCADA implemented?

• Is SCADA secure?

• How can SCADA be attacked?

• Has SCADA already been attacked?

• What can be done to prevent attacks?

• Is the UK self-sufficient in preventing attacks?

15/05/2015

Jack McIntyre 4

What does it stand for?

• Supervisory

• Control

• And

• Data

• Acquisition

• What does that mean?

15/05/2015

Jack McIntyre 5

Where is SCADA?

• Waking up

• Getting ready

• Going to work

• Being at work

15/05/2015

Jack McIntyre 6

Where is SCADA?

• Residential / Commercial Properties

• National Grid

• Water & Gas Networks

• Manufacturing

15/05/2015

Jack McIntyre 7

What is SCADA?

• Monitors and connects logical processes

• Physical Devices• PLC• RTU• HMI

15/05/2015

Jack McIntyre 8

SCADA system requirements

• Windows 2000

• Windows XP

• Windows Vista

• 300 Mhz processor

• 128mb RAM

• 1.5gb storage

• 800x600 resolution display

• CD-ROM/DVD drive

• USB port

• Ethernet port

• Not very “State-of-the-art”

15/05/2015

“State-of-the-art”

Jack McIntyre 9

SCADA communications

• Satellite

• Telephone Wire

• Radio Wave

• Microwave

• Power-line

15/05/2015

Jack McIntyre 10

SCADA connectivity

15/05/2015

Jack McIntyre 11

Is SCADA protected?

• Insecure devices

• Design based around speed, reliability, connectivity

• Little or no security concerns

15/05/2015

Jack McIntyre 12

How is SCADA protected?

• Strong perimeter defence

• IDS

• IPS

• Firewalls

15/05/2015

Jack McIntyre 13

How can SCADA be attacked?

• Denial of Service

• Man-in-the-middle (MITM)

• Web Application Weaknesses

• Vulnerability exploitation

• Poor configuration

15/05/2015

Jack McIntyre 14

Denial of Service

• Extremely effective

• Time critical systems

• Target enumeration is difficult

15/05/2015

Jack McIntyre 15

Man-in-the-Middle

• Radio wave interception

• Power-line modulation detection

• Satellite interception

• Expensive and often dangerous

15/05/2015

Jack McIntyre 16

Web application weaknesses

• SQL Injection

• XSS

• Authentication bypass

• Brute force attacks

• Rare, relatively easy to protect against

15/05/2015

Jack McIntyre 17

Poor configuration

• Default passwords

• Open ports

• No authentication

15/05/2015

Jack McIntyre 18

Vulnerability exploitation

• Zero-day threats

• Specialist equipment needed

• Requires in-depth engineering knowledge

• Targeted attacks requiring key intelligence

• Stuxnet

15/05/2015

Jack McIntyre 19

Stuxnet

• Targeted Iranian nuclear centrifuges

• Introduced physically

• Designed to spread

• Only targets specific controllers

15/05/2015

Jack McIntyre 20

Stuxnet

• Manipulated system operation over time

• Sophisticated

• Stealthy

• Wasn’t detected until it was too late

15/05/2015

Jack McIntyre 21

What can be done?

• New systems

• New standards

• Secure by design

• OR

• Continue to add perimeter defence

15/05/2015

Jack McIntyre 22

Issues with upgrading equipment

• Cost

• Downtime

• Backwards-compatibility

15/05/2015

Jack McIntyre 23

When will it happen?

• When a major incident occurs

15/05/2015

Jack McIntyre 24

Are we self-sufficient?

• The UK Shares• One power connection• Two gas connections

• So far we have survived

• But for how long?

15/05/2015

Jack McIntyre 2515/05/2015

Questions?

Contact: email@jmcdf.co.uk