Securing SCADA Networks
By Dato’ Seri George Chang
SCADA environments consist of industrial control and management systems – usually deployed on a large scale – that monitor, manage and administer critical infrastructures in various fields such as transport, nuclear, electricity, gas and water. Unlike a company’s conventional IT network, a SCADA environment provides interconnection between proprietary industrial systems, such as robots, valves, thermal or chemical sensors, command and control system, and HMI (Human Machine Interface) systems, rather than desktops. While SCADA is mainly deployed in enterprises, it is increasingly being found in private households as well.
SCADA control systems use a dedicated set of communication protocols, such as MODBUS, DNP3 and IEC 60870-5-101 for communication between system elements. These protocols allow control over physical PLC controllers for example, resulting in physical actions such as motor speed increases, temperature reduction etc. For this reason the integrity of these SCADA control messages is paramount and the communication protocols should be fully validated.
Designed for longevity and at a time when cybercrime specifically targeting the industrial sector was not widespread, SCADA systems have not been taken into account within the network security scheme. Because of the isolated nature of industrial systems and the non-existence of interconnection to an IP network, security was not initially considered to be necessary.
However, SCADA architectures have evolved and now robots, measurements systems, command and control tools and remote maintenance systems are all interconnected via a conventional IP network. The problem is not the use of IP itself but rather that they are administered by potentially vulnerable environments, such as the HMI interface platform, which is typically equipped with an unpatched Windows operating system. Considered highly sensitive, these environments generally do not have operating system patches or updates applied for fear of disrupting the industrial system. Often, this fear prevails over the fear of potential IT attacks. Identified as critical, SCADA environments are thus paradoxically less secure and become a potential target for cybercriminals. Once compromised, a hacker would then have full control over the system, as we have seen with Stuxnet, the first discovered worm that spies on and reprograms industrial systems. This worm exploited Windows Zero Day vulnerabilities – vulnerabilities for which a patch had not yet be developed – and went on to affect tens of thousands of IT systems and one uranium enrichment plant.
Unfortunately, it took a case of an attack the scale of Stuxnet to raise awareness of the potential damage from cyber threats to the industry sector. While traditional computer attacks usually cause non-material damage, Stuxnet brought home the destructive and real capacity of advanced worms and viruses to affect not only corporate data but also water management systems, chemical product production and energy infrastructures.
As a result, industrial companies are starting to integrate security measures into their systems. However, much more is needed before SCADA systems can be considered secure. As a first step, companies deploying SCADA must consider them as part of their overall IT infrastructure, apply the same security measures and techniques that they do for their internal IT infrastructure and get the support from their senior executives for the related additional IT budgets and resources.
Where standards do not exist, industrial companies should follow good practices as defined by the North American Electric Reliability (NERC) or national organizations, such as Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) in France. Aside from these, there are other important steps that should be taken to ensure the security of your SCADA environment, considered as sensitive:
1. Regular updates
Applying software patches on a regular basis to the SCADA operation system, applications and components is an essential step to avoid security breaches due to vulnerabilities already known by security vendors.
In addition, the implementation of a tool for detection and analysis of vulnerabilities that allows to intercept malicious Internet threats before they impact the network or the target server will enable proactive measures to prevent attacks, avoid service interruptions, and respond quickly and in real-time against emerging threats.
2. Partition and isolate the SCADA network
It is essential to isolate the SCADA network from any other corporate network. To that end, the use of DMZ’s or bastions will allow you to segment the SCADA architecture. Thus, the HMI network will be separated from robots and measuring devices, supervisory systems, remote control units and communications infrastructures, allowing each environment to be confined and protected from bouncing attacks.
In short, SCADA networks need to be secured in the same way as enterprise networks from malware and intrusion, using Intrusion Prevention Systems (IPS) and anti-malware solutions, which are not just SCADA specific.
3. Protocol Validation
After having partitioned and segregated the different elements of a SCADA architecture, the next logical step is to apply protocol validation and control related to its various components. In other words, it is necessary to inspect the MODBUS protocol to be sure it is neither misused nor an attack vector. Also, it is important to make sure that the application that generates MODBUS requests is a legitimate application, which is generated from the right workstation. Thus, application recognition makes sense.
4. Segregate administrators from users
In addition to the segmentation of the network, it is crucial to segregate users from administrators and provide different access levels between the two groups. For example, an administrator could have full access, including configuration changes via the HMI, whereas the user may have read-only access.
5. Get an overall view of the network
The need for a correlation and event management tool is essential. It is critical that the network administrator has the ability to fully understand the security state of the entire network and for instance know at the same time the robot state, the HMI patch level and its relation to a specific user or component of the architecture.
The generation of security alerts is equally important. By understanding what is happening in the network, the administrator gets the ability to correctly react to network events and take appropriate actions.
The implementation of these steps, although sometimes cumbersome, will ensure that there is a comprehensive security strategy throughout the network and provide an in-depth defense with a security layer at all levels, even at PLC units, for a precise control of exchanges and communications between the SCADA environment and the network infrastructure.
With attacks becoming more sophisticated, like Advanced Persistent Threats (APT), it is critical that industrial organizations realize that integrated security in their SCADA environments is essential if these networks are to continue to function as they were designed to do. By doing so, they should have the ability to control the networks, users and applications, proactively avoiding potential risks. They should also equip themselves with tools designed by specialized teams to identify potential issues in real-time and be able to respond quickly when a threat is confirmed.
Dato’ Seri George Chang is Fortinet’s Regional Vice President for Southeast Asia & Hong Kong
Fortinet is a worldwide provider of network security appliances and a market leader in unified threat management (UTM). Our products and subscription services provide broad, integrated and high-performance protection against dynamic security threats while simplifying the IT security infrastructure.