Team Anthony Gedwillo EE James Parrott CPrE David Ryan CPrE Client Dr Govindarasu Iowa State University What is a SCADA System SCADA stands for Supervisory Control and Data Acquisition ID: 639480
Download Presentation The PPT/PDF document "Cyber Security of SCADA Systems" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Cyber Security of SCADA Systems
Team:Anthony Gedwillo (EE)James Parrott (CPrE)David Ryan (CPrE)Client:Dr. Govindarasu, Iowa State UniversitySlide2
What is a SCADA System?
SCADA stands for “Supervisory Control and Data Acquisition”SCADA systems control our nation’s vital infrastructure, including Power Transmission and Distribution, Oil, Gas, and WaterSCADA Systems act as the brain and nerves for the systems they control. They sense, process (think), and send commandsSlide3
Problem Statement
Supervisory control and data acquisition (SCADA) systems are vital parts of our nation’s infrastructure, and the security of these systems is a top priority. However, there is a shortage of adequate research environments for modeling and testing SCADA systems.Slide4
Our SolutionSlide5
Test Bed FunctionalitySlide6
Concept DiagramSlide7
Operating Environment/
Intended UsageCoover Hall – Room 3042DemonstrationsResearchSlide8
Functional Requirements
-VirtualizationCreate a virtualized platform that allows network stack inspection.Create virtualized
machines for RTUs and Relays
Virtualized
system should be scalable to provide more realistic scenariosSlide9
Functional Requirements
-Cyber SecurityVulnerability assessment / ReportCyber attack implementation
Denial of ServiceInvalid Data
Information TheftSlide10
Functional Requirements
-Power System IntegrationIntegrate DIgSILENT PowerFactory into current test bed Configure DIgSILENT for real time power flow simulationSlide11
Non-Functional Requirements
Minimal configuration on virtual image deploymentImages should have backups to prevent lossAttack
scenarios can be demonstrated without requiring detailed information on attack functionality
Power flow system should be easily interpreted Slide12
Implemented Design - VirtualizationSlide13
Implememted Design – Power Flow
Google EarthSlide14
Cyber Security Vulnerability Assessment
Validate the systemDocument running servicesDocument well-known software vulnerabilitiesSearch for implementation vulnerabilities
Attack Implementation
Produce ReportSlide15
Attack Implementation
Man in the Middle attacksIntercept and drop command packetsEttercap Issues
Modified packet sniffer
Intercept and return fake confirmation
Denial of Service attacksSlide16
Virtualization /Power Flow / Cyber Security TestingSlide17
Current Test Bed StatusSlide18
Questions?Slide19
Technical Approach Consideration and Results
Virtual hypervisor software selectionVmWare ServerVmWare ESXCitrix XenServerMicrosoft HyperVRelay Virtualization software selection
Delphin-Informatika IEC 61850 Simulator
SISCO AX-S4 MMS
SystemCORP IEC61850 DLL
Matrikon
OPC ServerSlide20
Technical Approach Consideration and Results
Power system simulation software selectionSiemens Spectrum Power TG (DTS)DIgSILENT PowerFactoryPower World
Cyber attack/security software selectionNessus Security Scanner
Various open-source tools