Table Of ContentSMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM
SECURITY ISSUES AND COUNTER MEASURES
Raksha Sunku Ravindranath
B.E., Visveswaraiah Technological University, Karnataka, India, 2006
PROJECT
Submitted in partial satisfaction of
the requirements for the degree of
MASTER OF SCIENCE
in
COMPUTER ENGINEERING[use all caps]
at
CALIFORNIA STATE UNIVERSITY, SACRAMENTO
FALL[all caps]
2009
[Project Approval Page]
SMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM
SECURITY ISSUES AND COUNTER MEASURES
A Project
by
Raksha Sunku Ravindranath
Approved by:
__________________________________, Committee Chair
Dr Isaac Ghansah
__________________________________, Second Reader
Dr. Jing Pang
____________________________
Date
ii
Student: Raksha Sunku Ravindranath
I certify that this student has met the requirements for format contained in the University format
manual, and that this project is suitable for shelving in the Library and credit is to be awarded for
the Project.
__________________________, Graduate Coordinator ________________
Dr. Suresh Vadhva Date
Department of Computer Engineering
iii
abstracts for some creative works such as in art or creative writing may vary somewhat, check
with your Dept. Advisor.]
Abstract
of
SMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM
SECURITY ISSUES AND COUNTER MEASURES
by
Raksha Sunku Ravindranath
This project discusses security issues, countermeasures and research issues in the Supervisory
Control And Data Acquisition (SCADA) system. SCADA system is used in power sector for
controlling and monitoring industrial processes. The major components in the SCADA system are
master terminal unit, remote terminal unit and the communication link connecting them.
Protocols used in this communication link are DNP3 (Distributed Network Protocol version 3.0)
and Modbus. Vulnerabilities in these components lie in policy, procedure, platform and protocols
used. Countermeasures for these vulnerabilities are deployment of firewalls, intrusion detection
system, wrapping protocols in secure layers, enhancing protocol structure etc. Some of these
countermeasures do not provide complete security and hence requires more research. A number
of issues that require more research are also recommended.
_______________________, Committee Chair
Dr Isaac Ghansah
_______________________
Date
iv
DEDICATION
¤ Om Sai Ram¤
This project is dedicated to my lovely parents S.K Ravindranath, Asha Ravindranath, my dearly
brother Raghav Kishan S.R., and my inspirational grandparents Adinarayana Gupta and Latha
Gupta.
v
ACKNOWLEDGMENTS
It is a pleasure to thank everybody who helped me in successfully completing my Masters’
Project.
First, my sincere thanks to my project supervisors, Dr. Isaac Ghansah, Professor, Computer
Science and Engineering, and Dr. Jing Pang, Associate Professor, Department of Electrical and
Electronic Engineering and Computer engineering, for giving me an opportunity to work under
their guidance, and for providing me constant support throughout the project.
I am also very grateful to Dr. Suresh Vadhva, Graduate Coordinator, Department of Computer
Engineering, for his invaluable feedbacks and suggestions.
My special thanks to my friend Vinod Thirumurthy who helped me in reviewing this report.
I would like to take this opportunity to acknowledge and appreciate the efforts of California State
University, Sacramento for its facilities and providing a good environment for the students to
prosper in their academic life.
Last but not least, I would like to thank my parents, S.K Ravindranath and Asha Ravindranath,
and my brother Raghav Kishan S.R. for their moral and financial support. I am very grateful for
their continuous support and never ending encouragement that they have provided throughout my
life.
vi
[This Table of Contents covers many possible headings. Use only the headings that apply to
your thesis/project.]
TABLE OF CONTENTS
Page
Dedication…………………………………………………………………………………………v
Acknowledgments........................................................................................................................... vi
List of Tables ................................................................................................................................. xii
List of Figures ............................................................................................................................... xiii
List of Abbreviations ..................................................................................................................... xv
Chapter
1 INTRODUCTION ..................................................................................................................... 1
1.1 Introduction To SCADA .................................................................................................... 2
1.2 SCADA System Components And Functions .................................................................... 4
1.3 Literature Review ................................................................................................................ 7
1.4 Conclusion .......................................................................................................................... 9
2 SCADA SYSTEM REQUIREMENTS AND THREATS ....................................................... 10
2.1 Requirements In A SCADA System ................................................................................. 10
2.2 Threats To SCADA Network ............................................................................................ 13
3 MASTER TERMINAL UNIT AND REMOTE TERMINAL UNIT VULNERABILITIES
AND COUNTERMEASURES ................................................................................................ 16
3.1 Introduction ....................................................................................................................... 16
3.2 Vulnerabilities In The SCADA System ............................................................................ 17
3.2.1 Public Information Availability ............................................................................... 21
3.2.2 Policy And Procedure Vulnerabilities ...................................................................... 22
3.2.3 Platform Vulnerabilities ........................................................................................... 24
vii
3.2.3.1 Platform Configuration Vulnerabilities......................................................... 24
3.2.3.1.1 Operating System Related Vulnerabilities ..................................... 25
3.2.3.1.2 Password Related Vulnerabilities ................................................. 25
3.2.3.1.3 Access Control Related Vulnerabilities ......................................... 26
3.2.3.2 Platform Software Vulnerabilities ................................................................ 26
3.2.3.2.1 Denial Of Service ............................................................................ 26
3.2.3.2.2 Malware Protection Definitions Not Current And Implemented
Without Exhausting Testing ........................................................... 27
3.3 Countermeasures For MTU And RTU Security Issues .................................................... 27
3.3.1 Counter measures For Policy And Procedure Vulnerabilities ................................ 28
3.3.2 Regular Vulnerability Assessments ........................................................................ 28
3.3.3 Expert Information Security Architecture Design .................................................. 29
3.3.4 Implement The Security Features Provided By Device And System Vendors ....... 29
3.3.5 Establish Strong Controls Over Any Medium That Is Used As A Backdoor Into
The SCADA Network ............................................................................................. 30
3.3.6 Implement Internal And External Intrusion Detection Systems And Establish
24-hour-a-day Incident Monitoring ........................................................................ 30
3.3.7 Conduct Physical Security Surveys And Assess All Remote Sites Connected
To The SCADA Network ....................................................................................... 31
3.3.8 Firewalls And Intrusion Detection System ............................................................. 31
3.3.9 Electronic Perimeter ................................................................................................ 32
3.3.10 Domain-Specific IDS ............................................................................................ 33
3.3.11 Creating Demilitarized Zones (DMZs) ................................................................ 34
3.3.12 Low Latency And High Integrity Security Solution Using Bump In The Wire
Technology For Legacy SCADA Systems .......................................................... 35
viii
4 DISTRIBUTED NETWORK PROTOCOL 3 VULNERABILTIES AND
COUNTERMEASURES .......................................................................................................... 39
4.1 Introduction To SCADA Communication Network ........................................................ 39
4.2 Some General Vulnerabilities In SCADA Network ........................................................ 41
4.3 SCADA Communication Protocols ................................................................................. 42
4.4 DNP3 Protocol ................................................................................................................. 42
4.4.1 Introduction To DNP3 Protocol ............................................................................. 42
4.4.2 DNP3 Communication Modes ................................................................................ 44
4.4.3 DNP3 Network Configurations ............................................................................... 44
4.4.4 DNP3 Data Link Layer ........................................................................................... 46
4.4.5 DNP3 Protocol Layer – Pseudo Transport Layer ................................................... 48
4.4.6 DNP3 Protocol Layer – Application Layer ............................................................. 48
4.5 DNP3 Protocol Vulnerabilities And Attacks .................................................................. 50
4.6 Countermeasures For Enhancing DNP3 Security ........................................................... 55
4.6.1 Solutions That Wrap The DNP3 Protocols Without Making Changes
To The Protocols .................................................................................................... 55
4.6.1.1 SSL/TLS Solution .................................................................................... 56
4.6.1.2 IPSec (secure IP) Solution ....................................................................... 57
4.6.2 Enhancements To DNP3 Applications................................................................... 57
4.6.3 Secure DNP3 .......................................................................................................... 60
4.6.4 Distributed Network Protocol Version 3 Security (DNPSec) Framework............. 62
4.7 Comparison Of DNP3 Countermeasures ......................................................................... 65
5 MODBUS PROTOCOL VULNERABILITIES AND COUNTERMEASURES ................... 67
5.1 Introduction To Modbus Protocol .................................................................................... 67
ix
5.2 Protocol Specifics ............................................................................................................ 69
5.3 Modbus Serial Protocol ................................................................................................... 71
5.4 Modbus TCP protocol ...................................................................................................... 72
5.5 Vulnerabilities And Attacks In Modbus Protocol ............................................................ 73
5.5.1 Serial Only Attacks .............................................................................................. 73
5.5.2 Serial And TCP Attacks ........................................................................................ 74
5.5.3 TCP Only Attacks ................................................................................................. 75
5.6 Countermeasures For Enhancing Modbus Security ......................................................... 76
5.6.1 Secure Modbus Protocol ........................................................................................ 76
6 RESEARCH ISSUES .............................................................................................................. 89
6.1 Performance Requirements Of SCADA Systems ............................................................ 89
6.2 Authentication And Authorization Of Users At The Field Substations ........................... 89
6.3 Enhancing The Security Of Serial Communication ......................................................... 90
6.4 Access Logs For The IED’s In Substations ..................................................................... 90
6.5 Attacks From Which Side Channel Information Can Be Obtained ................................. 90
6.6 Timing Information Dependency ..................................................................................... 91
6.7 Software Patches Update ................................................................................................. 91
6.8 Intrusion Detection Equipment For The Field Devices And The Control Systems ......... 92
6.9 Authentication Of The Users To Control System Equipment ......................................... 92
6.10 Legacy Systems With Limited Processing Power And Resources ................................ 92
6.11 Roles To Be Defined In The Control Center ................................................................. 93
7 CONCLUSION ........................................................................................................................ 94
7.1 Summary .......................................................................................................................... 94
x
Description:SMARTGRID SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) SYSTEM countermeasures and research issues in the Supervisory Control And Data Acquisition
