Techno Security's Guide to Securing SCADA - A Comprehensive Handbook On Protecting The Critical Infrastructure

Front Cover

Techno Security's Guide to Securing SCADA

Copyright Page

Lead Author

Contributors

Foreword Contributor

Contents

Foreword

Chapter 1: Physical Security: SCADA and the Critical Infrastructure’s Biggest Vulnerability

Introduction

Key Control

Check All Locks for Proper Operation

A Little More about Locks and Lock Picking

The Elephant Burial Ground

Dumpster Diving Still Works

Employee Badges

Shredder Technology Has Changed

Keep an Eye on Corporate or Agency Phonebooks

Tailgating

Building Operations-Cleaning Crew Awareness

Spot-Checking Those Drop Ceilings

Checking for Key Stroke Readers

Checking Those Phone Closets

Removing a Few Door Signs

Review Video Security Logs

Motion-Sensing Lights

Let’s Go to Lunch

Fun in Manholes

Internal Auditors Are Your Friends

Always Be Slightly Suspicious

Getting Every Employee Involved

Summary

Solutions Fast Track

Frequently Asked Questions (and Special Interviews)

Chapter 2: Supervisory Control and Data Acquisition

Introduction

Just What Is SCADA?

SCADA Systems and Components

Remote Terminal Units (RTUs)

Programmable Logic Controllers (PLC)

Discrete Control

Continuous Control

Human Machine Interface (HMI)

Distributed Control Systems (DCS)

Hybrid Controllers

Event Loggers

Common SCADA Architectures

SCADA Communications Protocols

How Serious Are the Security Issues of SCADA?

Determining the Risks in Your SCADA System

Risk Mitigation for SCADA

Firewall Considerations for SCADA

Negative and Positive Security Models in Firewalls

Multi-Network Connectivity

Reactive and Proactive Solutions

Firewall Inspection Methods

Static Packet Filter

The Stateful Packet Filter

The Circuit-Level Gateway

Application-Level Gateway (Proxy)

Intrusion Prevention Gateway

Deep Packet Inspection

Unified Threat Management (UTM)

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 3: SCADA Security Assessment Methodology

Introduction

Why Do Assessments on SCADA Systems?

Assessments Are the Right Thing to Do

Assessments Are Required

Information Protection Requirements

National Institute of Standards and Technology (NIST) Guidance

North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Standards

Water Infrastructure Security Enhancement (WISE)

The Critical Infrastructure Information Act of 2002

An Approach to SCADA Information Security Assessments

Pre-Project Activities

Vetting the Assessment Request

Gaining Buy-In from Management and Technical Personnel

Management Buy-In

Technical Staff Buy-In

Researching the Organization

Researching Regulatory and Policy Requirements

Determining if this Is a Baseline Assessment or a Repeat Assessment

Making a Go/No-Go Decision

Pre-Assessment Activities

Determining the Organizational Mission

Identifying Critical Information

Example: Information Criticality

Business Description

Mission Statement

Critical Information for OOPS

Identifying Impacts

Example Continued: OOPS Impact

The Information Criticality Matrix

Using the Impact Definitions

Organizational Criticality

Example Continued: OOPS OICM

Identifying Critical Systems/Networks

OOPS Example Continued

Defining Security Objectives

Determining Logical and Physical Boundaries

Physical Boundaries

Logical Boundaries

Determining the Rules of Engagement, Customer Concerns, and Customer Constraints

The Rules of Engagement

Levels of Invasiveness

Testing Machine Addressing

Time Frames for Scanning and Interviews

Notification Procedures

Scanning Tools and Exclusions

Customer Concerns

Customer Constraints

Legal Authorization

Writing the Assessment Plan

Components of the Assessment Plan

On-Site Assessment Activities

Conducting the Organizational Assessment

Documentation Review

Interviews

System Demonstrations

Observation

Conducting the Technical Assessment

Enumeration Activities

Vulnerability Identification Activities

Tools

Communication

Post Assessment Activities

Conducting Analysis

Final Report Creation

Resources

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 4: Developing an Effective Security Awareness Program

Introduction

Why an Information Security Awareness Program Is Important

We Fail to Recruit Our Employees into the Company’s Security Program

We Need to Take the Issue Seriously

How to Design an Effective Information Security Awareness Program

Seven Times, Seven Different Ways

Show Me the Money!

Two Important Keys to Implementing an Effective Program

To Print or Not to Print

Online Training Programs

Your In-House Web Site

How to Implement an Information Security Awareness Program

What We Have Here Is a Failure to Communicate

Communicate, Communicate, Communicate!

Other Touch Points

Manager’s Quick Reference Guide

Let’s Talk about Alliances

Audit

Legal

Privacy

Compliance

Training and Communications

Personnel

Information Security Consultants

How Do You Keep Your Program a Successful Component of Your Company’s Mindset?

How to Measure Your Program

Summary

Solutions Fast Track

Chapter 5: Working with Law Enforcement on SCADA Incidents

Introduction

SCADA System Overview

Secure Network Management

Securing Wide Area Network Perimeter

Controlling Access

Performing Network Backup and Recovery

Transmitting Legacy Non-Routable Protocol Securely

Dial-Up Access to the Remote Terminal Units (RTU)

Vendor Support: Dial-Up Modem/VPN Access

IT Controlled Communication Gear

Corporate VPNs

Database Links

Poorly Configured Firewalls

Business Partner Links

Managing Security Events

Conduct Routine Assessments

Examples of Common Attack Techniques

Man-In-The-Middle Attacks (MITM)

Key-Logger Software

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 6: Locked but Not Secure: An Overview of Conventional and High Security Locks

Introduction

Conventional Pin Tumbler Locks

The Origins of the Modern Pin Tumbler Lock

Review: The Essentials of Pin Tumbler Lock Design

Security Enhancements for Conventional Locks

Anti-Bumping Pins

Security Pins

Keyways and Related Designs

Bitting Design

Design of the Key

Standards for Conventional and High Security Locks

Transforming a Conventional Cylinder to High Security

Deficiencies in the UL 437 Standard

Failure to Specify Real World Testing

Pick and Impressioning Resistance

Complex Forms of Picking

Forced Entry Resistance

Issues Not Addressed by UL 437

Bump Keys

Decoding Attacks

Key Control

Mechanical Bypass of Locking Mechanisms

BHMA/ANSI Standards: 156.50 and 156.30

BHMA/ANSI 156.50

High Security Locks and the BHMA/ANSI Standard

The Concept of Security

BHMA/ANSI 156.30 High Security Standard

Key Control

Destructive Testing

Surreptitious Entry Resistance

Deficiencies in the 156.30 Standard

Security Vulnerabilities of Conventional Locks: Why High Security Locks Are Supposed to Offer More Protection Against Methods of Entry

Conventional Pin Tumbler Locks: Security Vulnerabilities and Their Compromise

Lock Control Procedures

Key Control and Key Security

Key Security

The Concept of Key Control As It Applies to Security

The Importance of Key Control and Key Security

Rights Amplification

Replication, Duplication, and Simulation of Keys and Key Blanks

Gathering Intelligence About a System from Its Keys

Covert Entry Techniques: Manipulation

247

Bumping

Picking

Impressioning

Extrapolation of the TMK

Mechanical Bypass

High Security to High Insecurity: Real World Attacks

Summary

Solutions Fast Track

Frequently Asked Questions

Chapter 7: Bomb Threat Planning: Things Have Changed

Introduction

The Day Our World Changed

Insider Information: Where Do These Guys Get This Stuff?

The Terrorist Profile

Potential Terror Targets

Statement Targets

Infrastructure Targets

Commercial Targets

Transportation Targets

What Should I Be Looking For?

The Container

The Power Source

Switches

Initiators

Main Charge

Searching: What Am I Looking For and Where?

Recommendations for Target Hardening

Outside

Employee Identification

Cameras

Deliveries

Interior

Mail rooms

Evacuation Plans

Summary

Chapter 8: Biometric Authentication for SCADA Security

Introduction

Understanding Biometric Systems and How They Are Best Used for SCADA Security

Footprints to DNA Readings

Human Measurements Can Slow Machines

Biometric System Imperfections Are at Odds with Perception

What is Biometric Authentication?

Multiple Factor Authentication

What Parts of You Can Be Measured for Security Purposes?

Common Measurements for Current Biometric Authentication

How Does Biometric Comparison Work?

Where Are Biometrics Used in SCADA Systems?

Choosing the Best Form of Measurement for Your System

Biometric Measurements Trigger Recognition

Biometric Measurements Useful in SCADA Security Processes

Identify Your System Priorities Before Choosing a Biometric Application

Where are Biometric Authentication Regimes Vulnerable?

Tricking the Biometric Capture Device

Electronic Manipulation of the Authentication Process

Identity Theft with Biometric Files: Capturing Your Essence

Presumptions of Accuracy

How Can We Replace That Finger?

Measuring Minutia Can Be Safer Than Storing a Whole Biometric Photograph

Anticipating Legal and Policy Changes That Will Affect Biometrics

Summary

Solutions Fast Track

Frequently Asked Questions

Appendix: Personal, Workforce, and Family Preparedness

Introduction

Threats

Your Personal Preparedness Plan

The Escape Pack

Description of Kit Contents

Workforce Preparedness

Steps for Successful Workforce Preparedness

Get Out, Get Away, and Get in Touch

Family Preparedness Plan

Possible Meeting Points

Community Shelter

The Personal Evacuation Bag

Preparedness Pantry

Water

Cooking

Testing Your Home Preparedness Plan

Family Ready Kit

Family Ready Kit Contents

No Lights? No Problem!

Emergency Lighting

Handheld Lights

Headlamps

General Illumination Lamps

Spots and Floodlights

Emergency Power

UPS and Battery Backup

Portable 12-Volt Inverters

Alternative Power Sources

Staying in Touch

Dynamo Radios

FRS Radios

Ham Radio

The “POTS” Line

Summary

Index