Securing SCADA Systems
Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN-13: 978-0-7645-9787-9
ISBN-10: 0-7645-9787-6
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
1MA/RQ/RR/QV/IN
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Library of Congress Cataloging-in-Publication Data
Krutz, Ronald L., 1938–
Securing SCADA systems / Ronald L. Krutz.
p. cm.
Includes bibliographical references and index.
ISBN-13: 978-0-7645-9787-9 (cloth : alk. paper)
ISBN-10: 0-7645-9787-6 (cloth : alk. paper)
1. Process control. 2. Data protection. 3. Computer security. I. Title.
TS156.8.K78 2005
670.42’7558—dc22
2005026371
Trademarks: Wiley, the Wiley logo, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
To Emma Antoinette:
The latest Lady Love in my life—a precious beauty—and only 18 months old.
Love
Grandpapa
Ronald L. Krutz, Ph.D., P.E., CISSP, ISSEP, is a senior information security researcher for Lockheed Martin Information Technology. In this capacity, he works with a team responsible for advancing the state of the art in information systems security. He has more than 40 years of experience in distributed computing systems, computer architectures, real-time systems, information assurance methodologies, and information security training.
He has been an information security consultant at REALTECH Systems Corporation and BAE Systems, an associate director of the Carnegie Mellon Research Institute (CMRI), and a professor in the Carnegie Mellon University Department of Electrical and Computer Engineering. Dr. Krutz founded the CMRI Cybersecurity Center and was founder and director of the CMRI Computer, Automation, and Robotics Group. He is also a distinguished special lecturer in the Center for Forensic Computer Investigation at the University of New Haven, a part-time instructor in the University of Pittsburgh Department of Electrical and Computer Engineering, and a registered professional engineer.
Dr. Krutz is the author of seven best-selling publications in the area of information systems security, and is a consulting editor for John Wiley & Sons for its information security book series. He holds B.S., M.S., and Ph.D. degrees in electrical and computer engineering.
Executive Editor
Carol Long
Development Editor
Tom Dinse
Production Editor
Kathryn Duggan
Copy Editor
Maarten Reilingh
Editorial Manager
Mary Beth Wakefield
Production Manager
Tim Tate
Vice President and Executive Group Publisher
Richard Swadley
Vice President and Executive Publisher
Joseph B. Wikert
Project Coordinator
Ryan Steffen
Graphics and Production Specialists
Karl Brandt
Carrie A. Foster
Stephanie D. Jumper
Barbara Moore
Quality Control Technicians
Jessica Kramer
Robert Springer
Proofreading and Indexing
TECHBOOKS Production Services
Special thanks to my wife, Hilda, for her encouragement and support during yet another book project.
I also want to thank Carol A. Long, executive acquisitions editor, Networking and Security, Wiley Technology Publishing, for her support and advice on this text and Tom Dinse, development editor, Wiley Publishing, for his excellent editing efforts.
I want to express my appreciation to Dr. Eric Cole, chief scientist at Lockheed Martin Information Technologies, for his input to this text as a subject matter expert.
Dr. Cole is a renowned thought leader with over 15 years of experience in the network-security consulting market space, with clients including leading international banks, Fortune 500 companies, and the CIA. Eric is a member of the HoneyNet project and the CVE editorial board, and is a recognized author of several books, including Hackers Beware and Hiding in Plain Sight.
Computer-based supervisory control and data acquisition (SCADA) systems have evolved over the past 40 years, from standalone, compartmentalized operations into networked architectures that communicate across large distances. In addition, their implementations have migrated from custom hardware and software to standard hardware and software platforms. These changes have led to reduced development, operational, and maintenance costs as well as providing executive management with real-time information that can be used to support planning, supervision, and decision making. These benefits, however, come with a cost. The once semi-isolated industrial control systems using proprietary hardware and software are now vulnerable to intrusions through external networks, including the Internet, as well as from internal personnel. These attacks take advantage of vulnerabilities in standard platforms, such as Windows, and PCs that have been adopted for use in SCADA systems.
This situation might be considered a natural progression of moderate concern—as in many other areas using digital systems—if it were not for the fact that these SCADA systems are controlling a large percentage of the United States’ and the world’s critical infrastructures, such as nuclear power plants, electricity generating plants, pipelines, refineries, and chemical plants. In addition, they are directly and indirectly involved in providing services to seaports, transportation systems, pipelines, manufacturing plants, and many other critical enterprises.
A large body of information-system security knowledge has accumulated concerning the protection of various types of computer systems and networks. The fundamental principles inherent in this knowledge provide a solid foundation for application to SCADA systems. However, some of the characteristics, performance requirements, and protocols of SCADA system components require adapting information-system security methods in industrial settings.
In order to present a complete view of SCADA system security concepts and their important role in the nation’s critical infrastructure, this text begins by defining SCADA system components and functions, and providing illustrations of general SCADA systems architectures. With this background, specific SCADA implementations in a variety of critical applications are presented along with a determination of security concerns and potential harmful outcomes of attacks on these operations.
The text follows these illustrations with a detailed look at the evolution of SCADA protocols and an overview of the popular protocols in use today. Then the security issues and vulnerabilities associated with these protocols are examined.
With the criticality of SCADA system security established, the chapters that follow explore SCADA system vulnerabilities, risk issues, attacks, and attack routes, and they provide detailed guidance on countermeasures and other mechanisms that can be applied to effectively secure SCADA systems. In addition, related information, security standards, and reference documents are discussed. These publications provide extremely useful information for securing SCADA systems from cyberattacks.
The book concludes with an examination of the economics of implementing SCADA system security, organizational culture issues, perceptions (and mis-perceptions) of SCADA vulnerability, and current state of SCADA system security. This last topic is addressed in detail by examining SCADA security issues in the oil and gas industry, rail systems, and seaports. Finally, current advanced development programs, additional countermeasures, and legislation targeted to increase the effectiveness of SCADA security in the present and future are described.