By Daniel Ehrenreich
Introduction
Consistent supply of quality water and stable pressure is the main task of water utilities worldwide, because people cannot survive for a long time without water. This operation is traditionally handled by Supervisory Control and Data Acquisition (SCADA) systems, however nowadays utilities must consider cyber security solutions in order to assure their safe and reliable operation. These SCADA installations, mostly utilize wireless communications (licensed, unlicensed, analog, digital, cellular, etc. media) allowing continuous supervision of the and the water infrastructure.
The growing use of Industrial Internet of things (IIoT) Ecosystems during recent years integrated into the SCADA system, enhance the control capability, but on the other hand they increase the “cyber-attack surface” thus increasing the overall risk.
The risk of cyber-attacks, technology faults or mistaken actions by authorized personnel have made cyber protection of the water infrastructures a growing concern for utilities worldwide. SCADA cyber security experts are well aware that there is no single measure (no matter how expensive or advanced) that provides absolute protection for the water infrastructure. However, all agree that incremental implementation of cyber defense measures to the existing SCADA systems by deploying technology upgrades helps achieving the goals.
It doesn’t matter how much you spend on the latest SCADA hardware, software, and communication network; your SCADA can not be cyber secured if you allow even indirect exposure to the internet.
This paper highlights the most typical cyber defense challenges, and best practice guidelines for the deployment of effective and cost-aware cyber defense for water SCADA operations.
Resilient SCADA Architecture
SCADA architectures serving water utilities may consist one or more computers, a variety of radio or other media-based Remote Terminal Units (RTUs), Programmable Logic Controllers (PLCs) and field installed sensors and actuators. All these components comprise the “attack surface” and represent a potential risk to the Safety, Reliability and Productivity (SRP) of the water infrastructure.
SCADA system components; Computers, PLCs/RTUs, communication networks, field devices must be installed in a secured place, protected from access by unauthorized people. When designing a SCADA architecture, the selection of components and communication solutions must be done according to guidelines saying that the SCADA system must remain in safe condition or may safely shut down even if:
- A single technology failure (sensor, control device, communications, etc.) occurs. The meaning is that any part of the water infrastructure shall not turn to a condition which might hurt people.
- A mistaken command (unintentionally done by an authorized person) is issued to the system. The meaning of this requirement is, that the design architecture must inherently protect itself.
- An internally generated malfunction or an attack done through remote access. The system shall utilize Safety Instruments System (SIS), which prevent machinery from turning to and unsafe mode.
SCADA System Risks
Your SCADA architectures consist; SCADA computers, RTUs, PLCs field devices. All these comprise the “attack surface”, which represent the risk to the water utility operation. The path from the point where the attacker enters to your system to the device which might cause the damage is called “attack vector”.
Vulnerability assessment for SCADA systems always requires careful evaluation of the computer hardware and the operating system, communication network and application software installed in computers and RTUs/PLC. Therefore, first you must analyze the cyber-attack surface and the identifiable attack vectors and analyze the expected threats and associated risks to your system.
When evaluating the attack surface and the attack vectors, you must realize that your system might use outdated hardware and software, lacking authentication and encryption, lacking Intrusion Detection System (IDS) and anomaly condition detection and utilize low tier physical perimeter protection.
SCADA Cyber security experts shall start their cyber security assessment with visibility analysis, identifying all connected control and communication devices connected to the network, listing of all “live” communication paths among SCADA devices and detecting unauthorized connections and links. Furthermore, it is necessary to study all publications related to the installed devices and list all applicable Common Vulnerabilities and Exposures (CVE). Based on this information, it will be possible listing the potential risks and damages related to your SCADA network that might result from hostile exploitation of these vulnerabilities.
Among the most critical threats and cyber risks you may find the following (partial list):
- Uauthorized access connection to your SCADA system by attackers, who aim causing supply outage, damage to equipment and in worst case even contamination of the potable water.
- Unathorized connection to your SCADA network in order to allow remote access through wireless connection and manipulating the PLCs/RTUs operating program and/or the parameters.
- Intentional jamming of the wireless network or Denial of Service (DoS) type atack on your communication network in order to block the information flow between the SCADA center and remote sites.
- Upon penetrating to your network, the attacker might activate a ransomware attack on your system, which might lead to operation outage and financial and reputation damages.
- Access by external service personnel who carry his laptop PC along the day and connect it to multiple networks. That PC might be previously infected and carry a malware to your system.
- Negligent supervision on vendors/the supply chain: Purchase of components, software, remote access service, etc. All these represent a real threat and a severe risk.
Securing the Water Infrastructure Control
Cyber security experts are well aware of the fact, that there isn’t a single defense mechanism (“no silver bullet”) that provides complete defense to the entire SCADA system. Deployment of a layered defense is the right direction towards achieving stronger, (even if not absolute) protection.
The following cyber defense measures may be applicable for water utilities (partial list):
- Segmentation to zones according to hierarchical level and according to needed communication among sections of your SCADA system, by using Virtual Private networks (VPN) and firewalls.
- Deployment of physical security measures (camera, access control, fence) at the field sites and SCADA control room to is absolutely a “must” for preventing unauthorized access.
- Effective hardening (blocking/disabling) of all unused communication ports and features on SCADA computers, communication devices and field control units (RTU, PLC).
- Strict adherence to the corporate security policy as related to maintaining passwords, exclusive use of computers for the control network, preventing connection of 3rd party service computers, etc.
- Use of encryption and managing the access to RTUs and PLCs trough authentication. These cyber defense measures prevent unauthorized access to the remote sites.
- Use of SCADA-aware firewalls which perform inspection of incoming and outgoing data, inspection of the process data and protocol, ensuring that the control process is not impacted.
- Deployment of “White Listing” procedures to assure that no unauthorized application of software code can be installed on any of the SCADA related components.
- Use of Industrial Intrusion Detection Systems (IIDS) for detecting anomalous traffic and other irregular processes monitored in multiple locations in the SCADA architecture.
- Deployment of modern measures for detecting and blocking Denial of Service (DoS) type attacks is effective. These measures help to assure business continuity.
- Use of Unidirectional security gateways (diode) for exporting SCADA related data and management report without exposing the SCADA to lower security zones and risking the process.
- Utilizing secured wireless and physical communication is important. When dealing with a wide-area network, these measures minimize the risk of Man in the Middle (MitM) attacks.
- Collecting event logs which are managed by Security Information and Event Management (SIEM) and the Security Operation Center (SOC), and for analyzing security alerts.
Summary and Conclusions
Water utilities operating worldwide are considered critical infrastructures, as they directly affect the wellbeing and the health of the population. With the growth of sophisticated cyber-attack capabilities by attackers worldwide which are directed by countries and hostile organizations, the challenges of protecting SCADA systems (often using legacy hardware, software and communication), have become a complex task.
Cyber defense for SCADA systems can be significantly enhanced through the PPT Triad. P-People must be trained for cyber security and pass through periodic drills, P-Policy set by the organization must assure cyber-secured behavior of people and T-Technology must be deployed according to the level of risk and possible impact. Among these measures, the training of water utility personnel shall be on top of priority list.
Important emphasizing that the allocated resources for defending the cyber-secured operation of the water utility might not assure absolute protection’ but will position you a step ahead of the attackers.
About the Author: Daniel Ehrenreich, BSc. is a consultant and lecturer acting at Secure Communications and Control Experts, and periodically teaches in colleges and present at industry conferences on integration of cyber defense with industrial control systems; Daniel has over 27 years of engineering experience with ICS for: electricity, water, gas and power plants as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security.
FURTHER READING: The economic impact of ICS vulnerabilities
SCADA & ICS CYBER SECURITY WORKSHOPS
The course is suitable for people working in or interested in entering typical SCADA industries. The two days are suitable to a broad range of technical and C-level positions in the OT & IT domains and includes provision of training material and Certificate of Attendance. Perth – 24/25 June; Sydney 27/28 June: TO REGISTER CLICK HERE