Upload
melanie-stafford
View
214
Download
0
Embed Size (px)
Citation preview
Jack McIntyre 3
SCADA – Are we self-sufficient?
• What is SCADA?
• Where is SCADA implemented?
• Is SCADA secure?
• How can SCADA be attacked?
• Has SCADA already been attacked?
• What can be done to prevent attacks?
• Is the UK self-sufficient in preventing attacks?
15/05/2015
Jack McIntyre 4
What does it stand for?
• Supervisory
• Control
• And
• Data
• Acquisition
• What does that mean?
15/05/2015
Jack McIntyre 5
Where is SCADA?
• Waking up
• Getting ready
• Going to work
• Being at work
15/05/2015
Jack McIntyre 6
Where is SCADA?
• Residential / Commercial Properties
• National Grid
• Water & Gas Networks
• Manufacturing
15/05/2015
Jack McIntyre 7
What is SCADA?
• Monitors and connects logical processes
• Physical Devices• PLC• RTU• HMI
15/05/2015
Jack McIntyre 8
SCADA system requirements
• Windows 2000
• Windows XP
• Windows Vista
• 300 Mhz processor
• 128mb RAM
• 1.5gb storage
• 800x600 resolution display
• CD-ROM/DVD drive
• USB port
• Ethernet port
• Not very “State-of-the-art”
15/05/2015
“State-of-the-art”
Jack McIntyre 9
SCADA communications
• Satellite
• Telephone Wire
• Radio Wave
• Microwave
• Power-line
15/05/2015
Jack McIntyre 11
Is SCADA protected?
• Insecure devices
• Design based around speed, reliability, connectivity
• Little or no security concerns
15/05/2015
Jack McIntyre 12
How is SCADA protected?
• Strong perimeter defence
• IDS
• IPS
• Firewalls
15/05/2015
Jack McIntyre 13
How can SCADA be attacked?
• Denial of Service
• Man-in-the-middle (MITM)
• Web Application Weaknesses
• Vulnerability exploitation
• Poor configuration
15/05/2015
Jack McIntyre 14
Denial of Service
• Extremely effective
• Time critical systems
• Target enumeration is difficult
15/05/2015
Jack McIntyre 15
Man-in-the-Middle
• Radio wave interception
• Power-line modulation detection
• Satellite interception
• Expensive and often dangerous
15/05/2015
Jack McIntyre 16
Web application weaknesses
• SQL Injection
• XSS
• Authentication bypass
• Brute force attacks
• Rare, relatively easy to protect against
15/05/2015
Jack McIntyre 18
Vulnerability exploitation
• Zero-day threats
• Specialist equipment needed
• Requires in-depth engineering knowledge
• Targeted attacks requiring key intelligence
• Stuxnet
15/05/2015
Jack McIntyre 19
Stuxnet
• Targeted Iranian nuclear centrifuges
• Introduced physically
• Designed to spread
• Only targets specific controllers
15/05/2015
Jack McIntyre 20
Stuxnet
• Manipulated system operation over time
• Sophisticated
• Stealthy
• Wasn’t detected until it was too late
15/05/2015
Jack McIntyre 21
What can be done?
• New systems
• New standards
• Secure by design
• OR
• Continue to add perimeter defence
15/05/2015
Jack McIntyre 22
Issues with upgrading equipment
• Cost
• Downtime
• Backwards-compatibility
15/05/2015
Jack McIntyre 24
Are we self-sufficient?
• The UK Shares• One power connection• Two gas connections
• So far we have survived
• But for how long?
15/05/2015