Electrical SCADA | Oil-Gas SCADA | Transportation SCADA | Water SCADA | Chemical SCADA
Supervisory Control and Data Acquisition (SCADA) systems are used for remote monitoring and control in the delivery of essential services/products such as electricity, natural gas, water, waste treatment and transportation. This makes SCADA systems an integral part of a nation’s critical infrastructure. They are also crucial to the continuity of business.
Issues that you need to be aware of when considering SCADA security:
• Recent changes in SCADA systems have exposed them to vulnerabilities that may not have existed before. For example, the switch from using leased telecommunications lines to public infrastructure ie. public CDMA and GSM networks, the use of commodity computers running commodity software and the change from proprietary to open standards have meant that vulnerabilities have been introduced into SCADA systems.
• Effective network design which provides the appropriate amount of segmentation between the Internet, the company’s corporate network, and the SCADA network is critical to risk management in modern SCADA systems. Network architecture weaknesses can increase the risk from Internet and other sources of intrusion.
• There are no mechanisms in SCADA to provide confidentiality of communications. If lower level protocols do not provide this confidentiality then SCADA transactions are communicated “in the clear” meaning that intercepted communications may be easily read.
• Many SCADA systems give little regard to security, often lacking the memory and bandwidth for sophisticated password or authentication systems. As a result there is no mechanism to determine a system user’s identity or if that user is authorized to access. This allows for the injection of false requests or replies into the SCADA system.
• SCADA systems often lack a session structure which, when combined with the lack of authentication, allow the injection of erroneous or rogue requests or replies into the system without any prior knowledge of what has gone on before.
The threat of electronic or physical attacks on SCADA systems could come from a number of different sources. Following are some examples of threat sources:
• insider attack from employees or ex-employees who are disgruntled or for any other reason are a possible security threat;
• organized crime may be driven by financial incentive to penetrate SCADA systems;
• genuine mistakes made as a result of lack of training, carelessness or an oversight;
• terrorists who may be seeking to add electronic attack to their existing capabilities;
• generic Internet threats such as worms, trojans and viruses that infect systems on the Internet can also affect SCADA systems when they use the same software and protocols. This may not be the result of a deliberate attack, SCADA systems may be infected merely because they can be.
• recreational hackers, crackers and virus writers motivated primarily by the challenge and a fascination with technology;
• script kiddies who are primarily untrained and yet have hostile or thrill-seeking
intentions towards almost anything connected to the Internet;
• activists conducting publicity-seeking attacks; and
• corporate attackers that spy on competitors to gain a competitive advantage.
Scada-security.com has designed a specialized security offering for the SCADA/Process control environment. Our offer includes Penetration Testing , Risk Assessment Services and Risk Mitigation Technology.
Penetration Testing - The only way to know for sure how your network will perform under attack is to actually attack it. Scada-security.com team of certified security experts will launch controlled, non intrusive, simulated attacks against your designated network segments and prepare a report detailing what holes were found, how they were exploited, how much of a threat they are, and suggestions on how to fix them.
How does a penetration test work?
A penetration test starts with a large amount of research. Any data about your company and employees we are able to find will then be used to more effectively plan and execute attacks on your network. The next step in the test is to scan and footprint the network. Once we have gathered an appropriate amount of data, we begin attacking your network using many of the same tools that malicious hackers use. All research, footprinting, and attacking will start in a very quiet way, growing louder and more aggressive as the test progresses. This allows us to gauge what kinds of attacks your network will block, and which it will allow. By the end of the test, we will have collected enough information to prepare a report detailing everything we found, highlighting any points of concern, and how to improve your security.
Unlike some “penetration tests” performed by other security firms, Scada-security.com will go as deep into your network as you want. This makes the test very much more realistic, and provides a good deal more data about the real state of security throughout your network. In some cases, we will be unable to get beyond the network perimeter (a very good thing). Should this happen, we offer a variety of ways to continue the test via a secure tunnel, allowing us to bypass perimeter security without leaving any holes for attackers.
One of the most recently popular and difficult to secure vulnerabilities is the client-side attack. These attacks don’t target the network’s perimeter or any of its services, but instead targets your end users. Statistically, even with good training, and good perimeter defenses, these attacks will be successful a significant amount of the time.
Internal Penetration Testing.
The goal of an Internal Penetration Test is to simulate an attack by someone inside the organization. This attacker could be anyone who has access to any building or network in your organization. Typically, an organization’s network is weakest on the inside, precisely where these attackers will be. Our security experts will carry out such an attack, mainly targeting access control systems, wireless networks, and, optionally, physical security. In the end, you will know how an attacker would exploit the systems in your organization.
External Penetration Testing. An External Penetration Test aims to simulate an attacker outside your organization, who is also usually in a remote location. Such attackers may be malicious hackers from a few miles away, or a few continents away.
Custom Penetration Testing. If your needs are more specific than either of the above offerings, we would still like to help. Scada-security.com will work with you to test a specific system or set of systems. A good example of this is a new installation of IDS/IPS systems. In order to be useful, they need to be tuned, and tuning these systems can be difficult. It’s even more difficult without controlled attack traffic to reference. Scada-security can assist in this and many other situations. Contact us to see how we can help you.
Attaining a good security stance is never easy, but it is much more difficult when you don’t know where you currently are. A Vulnerability Assessment will help nail down exactly what areas are weak and where to devote resources. A Scada-security team of certified security experts can cover your organization from top to bottom, or only in the areas you feel that need help.
One of the newer risks to sensitive networks is the proliferation of cheap and easy-to-use wireless devices. Many times, people will bring in these unauthorized devices and attach them to the network without anyone knowing. And, without proper security settings (which are never there by default and rarely applied), they open the internal network to anyone within several miles. Even laptops with built-in wireless capability can be a threat when attached to your network. Scada-security’s team will find any rogue devices in your area and alert you to their presence.
Having strong security measures on the perimeter of your network is only the first step to having a good security stance. The best methodology is “defense in depth,” which says that any secure system should have good security measures in place throughout the system, not just in selected places. While most attackers are located outside your network, many attacks are actually executed from inside of vulnerable networks, where there are generally fewer defenses. Scada-security.com can perform scans of your internal networks to find any weak points and help eliminate them.
The perimeter of your network is the first line of defense against a world full of malicious hackers. The devices that make up the perimeter are often difficult to configure and rarely installed correctly. Scada-security will perform a scan of your network’s front line to verify the proper functionality of the devices. These scans are able to be performed as a single event, or as part of an ongoing verification of your network’s security.
At the core of every good security program is a well-written and current policy. The policy should drive all other parts of the security process, including technology purchases and implementations. A good policy will be a useful tool instead of a hindrance, allowing for easy fixes to existing problems, and preventing new problems from occurring. Scada-security.com can help you write a new policy, or shape up your existing policy.
Consulting - If your organization has security needs above and beyond our defined services, we offer consulting at an hourly rate. Contact us and let us know how we can help make your organization more secure.
Other members of our business group: