See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/275045465

Cyber Security - Industrial control systems

Research · April 2015

DOI: 10.13140/RG.2.1.2240.4645

CITATIONS READS

0 72

1 author:

Ramesh Sivaraman
C4ISR Global Systems
9 PUBLICATIONS   0 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Early warning system View project

Cyber Security View project

All content following this page was uploaded by Ramesh Sivaraman on 18 April 2015.

The user has requested enhancement of the downloaded file.

 ABSTRACT
This document provides an Insight
about S3tel’s solution for securing
Industrial Control Systems

Ramesh Sivaraman
Specialist

CYBER SECURITY-ICS
Brief Solution Summary
The page is left intentionally blank
Introduction
S3tel Inc. a leading solution integrator in the space of Homeland security and National Defense. As
part of the Critical National infrastructure protection solution portfolio, S3tel has inherited the
process and procedures based on standards and developed a comprehensive Intelligence acquisition
platform that integrates with third party cyber security products to provide complete situational
awareness and actionable intelligence for protecting the Industrial control/automation systems

For the past few years, there has been a huge focus on securing the Industrial control systems/SCADA
based Industrial process monitoring system as few attacks/disaster has been reported publicly.

Supervisory control and data acquisition (SCADA) networks contain computers and software that
perform critical tasks and provide essential services within critical infrastructure. These
infrastructures are

 Power generation and distribution centers

 Nuclear reactors
 Dam control and Hydro power stations
 In Oil and gas refineries
 Large scale manufacturing process industries
 Water treatment, distribution, waste water management plant
 Food production Industry
 Telecom and information technology

And the most important fact to note here is that these systems are deployed over a decade before
and most of them are legacy systems.

Hence they are prone for various cyber threats that could compromise and jeopardize a country in
many ways

Originally these systems are deployed to monitor the key parameters of production processes and to
operate their control to ensure the proper provisioning of critical services.

These systems were designed in an environment with the sole intent to monitor processes without
considering the security requirements and the needs to protect them from external threats. On top
of it, they are operating in an environment that is totally different from the one they have been
designed for.

Therefore their exposure to internet will be an obvious risk factor. Find below a typical layout
SCADA devices communicate with the control system using protocols such as DNP v3, ICCP and
MODBUS. MIS reports are passed to and from SCADA devices via the following interfaces:

 Human–machine interface – the HMI allows an operator to view and react to process status
and events
 Supervisory system – computers which monitor and send commands to control devices and
processes
  Remote terminal units – RTUs convert signals from process sensors to digital data and relay
them to the supervisory system
 Communications infrastructure – connects RTUs to the supervisory system

Access failure or compromise to these systems could result in severe physical damage, disruption
and financial loss to a company. Therefore, security of these SCADA systems shall be a high priority.

We have summarized the following Challenges and security concerns for better understanding

 Security was not a major concern when Legacy ICS systems were developed
 ICS system lifecycle is typically 15-20 years
 ICS products are incorporating COTS technology from the business IT sector (Ethernet,
Windows OS, SQL, webservers, etc.)
 Multi-vendor solutions at most ICS sites
 Increasing need to share data between the enterprise, corporate, and DCS networks
 Lack of experienced security personnel working on ICS’s
 History of separate IT and ICS teams
 Vulnerability to Denial of Service attacks
 Backdoors and “holes” in the network perimeter
 Devices with little or no security features (modems, legacy control devices, etc.)
 Common communication protocols designed without security
 Remote, unmanned sites with challenging physical security
 Database security vulnerabilities (proprietary and / or 3rd party )
 Lack of encryption and authentication
 Improper or nonexistent patching of software and firmware
 Unsecure coding techniques in product design
 Non-existent cyber security procedures
 Lack of control system-specific security protection / mitigation technologies
 Security researchers with various vulnerability disclosure practices
 Publicly available hacking tools make hacking easier for even “novices”
 S3tel Solution
We provide a comprehensive solution to protect the SCADA that includes services and products.

The services and product are as follows

 Assess existing systems

o Identify all connections to the SCADA networks
 Identify the gaps and vulnerabilities ( we use various tools to accomplish this)
o Follow Layered approach for vulnerability and Risk assessment
 Segment the control system network
 Control access to the system
o Establish strong controls
 Harden the component of the system
 Monitor and Maintain the system security
o This is through an enterprise-class agentless solutions for the continuous monitoring
of vulnerabilities.
 Conduct external audit
 Document Policies and procedure
 Train internal and external clients

We offer enterprise-class agentless solutions for the continuous monitoring of vulnerabilities,

configuration weaknesses, data leakage, log management and compromise detection to help ensure
compliance to international industry standards

Our solution will detect vulnerabilities with active and passive scanning and analysis, and host based
patch monitoring for enterprise networks. Key product lines include:

 Security Center, for enterprise security management;

 Vulnerability Scanner Active/and passive
 Log Correlation Engine, for secure log aggregation and analysis.

Security Center is fully integrated with proposed line of products and is used to manage the
information collected by the Log Correlation Engine, vulnerability scanners etc.

In summary, it is combination of consultancy work and implementation of best practices and

products and educate the end users about maintaining the system to the standards set.

View publication stats