Upload
duongthien
View
225
Download
0
Embed Size (px)
Citation preview
Irfan AhmedVassil Roussev
William Johnson Saranyan SenthivelSneha Sudhakaran
Greater New Orleans Center for Information Assurancegnocia.cs.uno.edu
1
A SCADA Testbed On-going Research Efforts Course on Industrial Control System (ICS)
Security
Historian
Power
Distribution
EtherNet/IP
HMI
Modbus
Ethernet
Switch
Field Site 1
Control Center
Gas Pipeline
Field Site 2
Wastewater
Treatment
Field Site 3
PROFINET
PLCPLCPLC
Cyber attacks and Vulnerabilities Cyber attacks on the testbed vs. similar SCADA
systems in industry Small scale physical model put limitations
does not offer a large set of parameters and variables from physical process
Limited data for network traffic analysis
Limited number of PLCs and ICS protocol support
Research Prototype Evaluation Testing on testbed enforces the constraints of a
typical SCADA system 24/7 availability requirement of SCADA services
Resource-constrained embedded devices
Interaction of cyber and physical worlds
ICS communication protocols Difficult to add security functionalities in PLCs proprietary firmware/OS
Limited tools/techniques to access and modify firmware/OS code in PLC
Useful for Digital Forensic research Tools and techniques to extract and analyze
digital artifacts from
HMI and other SCADA services
PLCs
ICS Network traffic
Demonstration of physical processes Varied programming software support PLCs of three vendors, each using different
programming software
Schneider Electric - SoMachine Basic
Allen-Bradley - Studio 5000
Siemens - SIMATIC STEP 7 Varied SCADA protocol support EtherNet/IP
Modbus
PROFINET
Topics Introduction to industrial control
systems (ICS)
PLC programming
ICS network protocols
ICS vulnerabilities and cyber attacks
ICS security solutions Hands-on PLC:Allen-Bradley’s Micrologix 1400 B
Program PLC to control Traffic Lights
Implement man-in the middle attack
PLC Vendors
GE, Mitsubishi, Allen Bradley, Omron, WAGO, Siemens, Automation Direct, and Schneider
PLCs
Micro820, ControlLogix, 1214 TIA, CJ1M, and Fanuc 90/30
Protocols
CC Link, PROFINET, DNP3, Modbus, EtherNet/IP, PCCC, BAC, FL-Net, MC, FINS, and CJ2,
No fieldbus I/O support No connectivity with the cloud No IoT appliances in the testbed
So called industrial internet of things