SCADA security in the light of Cyber-Warfare

Supervisory Control and Data Acquisition (SCADA) systems are deployed worldwide in many critical infrastructures ranging from power generation, over public transport to industrial manufacturing systems. Whilst contemporary research has identified the need for protecting SCADA systems, these information are disparate and do not provide a coherent view of the threats and the risks resulting from the tendency to integrate these once isolated systems into corporate networks that are prone to cyber attacks. This paper surveys ongoing research and provides a coherent overview of the threats, risks and mitigation strategies in the area of SCADA security.     

基于MODBUS的SCADA系统网络威胁与入侵检测

数据采集与监视控制（SCADA）系统是国家基础设施的重要组成部分,然而近年来SCADA系统一直遭受网络攻击的威胁。在分析SCADA通信协议脆弱性的基础上,描述了23种基于MODBUS的SCADA系统可能面临的网络威胁,这些威胁可分为四大类：信息扫描、响应注入、命令注入以及拒绝服务。利用SCADA系统与物理系统交互的特性,设计了基于协议缺陷和基于系统状态的检测规则。在实验室天然气管道系统的环境下,进行了基于Snort的入侵检测实验,结果验证了入侵检测规则的有效性。     

Estimating a System's Mean Time-to-Compromise

Mean time-to-compromise is a comparative security metric that applies lessons learned from physical security. To address this need in the SCADA world specifically and the corporate IT security world more generally, we propose a mean time-to-compromise (MTTC) interval as an estimate of the time it will take for an attacker with a specific skill level to successfully impact a target system. We also propose a state-space model (SSM) and algorithms for estimating attack paths and state times to calculate these MTTC intervals for a given target system. Although we use SCADA as an example, we believe our approach should work in any IT environment.     

基于云模型和组合权重的SCADA系统安全风险评估研究

当前数据采集与监控系统(supervisory control and data acquisition, SCADA)系统面临着巨大的安全威胁,对其风险状况进行监测和评估是一项有效的应对措施。为有效处理评估过程中存在的模糊性和随机性问题,将云模型理论引入SCADA系统安全风险评估中,提出了一种基于云模型和组合权重的安全风险评估模型。该模型从SCADA系统的资产、威胁、脆弱性、安全措施4方面构建安全风险评估指标体系,采用最小二乘法求出评估指标的最优组合权重,借助云发生器得到评估指标的云模型数字特征和SCADA系统的综合评估云,然后基于黄金分割率构建标准评估云,同时结合改进的云相似度计算方法得出最终评估结果,最后通过实验验证了模型的有效性和可行性。研究结果表明,该模型能够得到准确的评估结果,与模糊综合评价等方法相比,该评估方法具备更高的可信性,评价效果更好。该方法不仅有助识别SCADA系统的安全风险威胁,而且为其他领域的安全风险评估提供了一定的参考。     

Physical process resilience-aware network design for SCADA systems

The fact that modern Supervisory Control And Data Acquisition (SCADA) systems depend omunication Technologies (ICT), is well known. Although many studies have focused on the security of these systems, today we still lack an efficient method to design resilient SCADA systems. In this paper we propose a novel network segmentation methodology that separates control hardware regulating input product flows from control hardware regulating output product flows of the associated industrial processes. Consequently, any disturbances caused by compromised network segments could be compensated by legitimate control code running on non-compromised segments. The proposed method consists of a graph-based representation of the physical process and a heuristic algorithm which generates network designs with a minimum number of segments that satisfy a set of conditions provided by a human expert. The validity of the approach is confirmed by results from two attack scenarios involving the Tennessee–Eastman chemical process.     

On the use of open-source firewalls in ICS/SCADA systems

ABSTRACT

Firewalls are one of the most widely used security devices to protect a communications network. They help secure it by blocking unwanted traffic from entering or leaving the protected network. Several commercial vendors have extended their firewall capabilities to support SCADA protocols or designed SCADA-specific firewalls. Although open-source firewalls are used successfully in IT networks, their use in SCADA networks has not been properly investigated. In this research we investigate the major open-source firewalls for their use in SCADA networks and identify Linux iptables’ potential as an effective SCADA firewall. Iptables is a powerful open-source firewall solution available as part of most Linux distributions in use today. In general, use of iptables as a network-level firewall for SCADA systems has been limited to basic port and host filtering, without further inspection of control messages. We propose and demonstrate a novel methodology to use iptables as an effective firewall for SCADA systems. This is achieved by utilizing advanced iptables features that allow for dynamic inspection of packet data. It is noteworthy to mention that the proposed solution does not require any modification to the netfilter/iptables framework, making it possible to turn a Linux system into an effective SCADA firewall. The approach has been tested by defining filtering rules for the Modbus TCP protocol and validating its ability to defend against various attacks on the protocol.     

美国确保工业控制系统安全的做法及对我们的启示

文章介绍了美国确保SCADA系统安全做法的同时,对中国工业控制系统面临的安全风险与威胁,以及进一步完善和强化中国的工业控制系统安全防护进行了探讨。     

An extensible pattern-based library and taxonomy of security threats for distributed systems

Security is one of the most essential quality attributes of distributed systems, which often operate over untrusted networks such as the Internet. To incorporate security features during the development of a distributed system requires a sound analysis of potential attacks or threats in various contexts, a process that is often termed "threat modeling". To reduce the level of security expertise required, threat modeling can be supported by threat libraries (structured or unstructured lists of threats), which have been found particularly effective in industry scenarios; or attack taxonomies, which offer a classification scheme to help developers find relevant attacks more easily. In this paper we combine the values of threat libraries and taxonomies, and propose an extensible, two-level "pattern-based taxonomy" for (general) distributed systems. The taxonomy is based on the novel concept of a threat pattern, which can be customized and instantiated in different architectural contexts to define specific threats to a system. This allows developers to quickly consider a range of relevant threats in various architectural contexts as befits a threat library, increasing the efficacy of, and reducing the expertise required for, threat modeling. The taxonomy aims to classify a wide variety of more abstract, system- and technology-independent threats, which keeps the number of threats requiring consideration manageable, increases the taxonomy's applicability, and makes it both more practical and more useful for security novices and experts alike. After describing the taxonomy which applies to distributed systems generally, we propose a simple and effective method to construct pattern-based threat taxonomies for more specific system types and/or technology contexts by specializing one or more threat patterns. This allows for the creation of a single application-specific taxonomy. We demonstrate our approach to specialization by constructing a threat taxonomy for peer-to-peer systems.     

A practical approach to enterprise IT security

As the Internet has matured, so have the threats to its safe use, and so must the security measures that enable its business use. Traditional piecemeal, single-layer, single-dimensional security approaches are no longer adequate. These approaches can create a false sense of security and create as many problems as they attempt to address. We propose a multifaceted framework to prevent, detect, and respond to ever more sophisticated threats to enterprise IT information and assets. We outline a practical implementation approach to building enterprise IT security mechanisms in an incremental and continuous fashion. We believe that enterprises should adopt a similar multifaceted framework, following a practical but disciplined implementation approach. Enterprises must treat IT security as a required business enabler rather than just a costly item with low priority     

Anomaly Detection in ICS Datasets with Machine Learning Algorithms

An Intrusion Detection System (IDS) provides a front-line defense mechanism for the Industrial Control System (ICS) dedicated to keeping the process operations running continuously for 24 hours in a day and 7 days in a week. A well-known ICS is the Supervisory Control and Data Acquisition (SCADA) system. It supervises the physical process from sensor data and performs remote monitoring control and diagnostic functions in critical infrastructures. The ICS cyber threats are growing at an alarming rate on industrial automation applications. Detection techniques with machine learning algorithms on public datasets, suitable for intrusion detection of cyber-attacks in SCADA systems, as the first line of defense, have been detailed. The machine learning algorithms have been performed with labeled output for prediction classification. The activity traffic between ICS components is analyzed and packet inspection of the dataset is performed for the ICS network. The features of flow-based network traffic are extracted for behavior analysis with port-wise profiling based on the data baseline, and anomaly detection classification and prediction using machine learning algorithms are performed.     

SCADA系统设计与实现的原型法

文中力求从广义的角度看待原型化方法，论述了ＳＣＡＤＡ系统开发策略及采用增量式原型法开发ＳＣＡＤＡ系统的全过程，阐明了系统快速生成依赖于辅助原型开发工具，并为之设计，创建了一系列用于界面开发的工具集。     

Cooperative situation assessment in a maritime scenario

In large‐scale, complex domains such as space defense and security systems, situation assessment and decision making are evolving from centralized models to high‐level, net‐centric models. In this context, collaboration among the many actors involved in the situation assessment process is critical to achieve a prompt reaction as needed in the operational scenario. In this paper, we propose a multiagent‐based approach to situation assessment, where agents cooperate by sharing local information to reach a common and coherent assessment of situations. Specifically, we characterize situation assessment as a classification process based on OWL ontology reasoning, and we provide a protocol for cooperative multiagent situation assessment, which allows the agents to achieve coherent high‐level conclusions. We validate our approach in a real maritime surveillance scenario, where our prototype system effectively supports the user in detecting and classifying potential threats; moreover, our distributed solution performs comparably to a centralized method, while preserving independence of decision makers and dramatically reducing the amount of communication required. © 2012 Wiley Periodicals, Inc.     

Security-Preserving Live Migration of Virtual Machines in the Cloud

Hypervisor-based process protection is a novel approach that provides isolated execution environments for applications running on untrusted commodity operating systems. It is based on off-the-shelf hardware and trusted hypervisors while it meets the requirement of security and trust for many cloud computing models, especially third-party data centers and a multi-tenant public cloud, in which sensitive data are out of the control of the users. However, as the hypervisor extends semantic protection to the process granularity, such a mechanism also breaks the platform independency of virtual machines and thus prohibits live migration of virtual machines, which is another highly desirable feature in the cloud. In this paper, we extend hypervisor-based process protection systems with live migration capabilities by migrating the protection-related metadata maintained in the hypervisor together with virtual machines and protecting sensitive user contents using encryption and hashing. We also propose a security-preserving live migration protocol that addresses several security threats during live migration procedures including timing-related attacks, replay attacks and resumption order attacks. We implement a prototype system base on Xen and Linux. Evaluation results show that performance degradation in terms of both total migration time and downtime are reasonably low compared to the unmodified Xen live migration system.     

Enabling automated threat response through the use of a dynamic security policy

Information systems security issues are currently being addressed using different techniques, such as authentication, encryption and access control, through the definition of security policies, but also using monitoring techniques, in particular intrusion detection systems. We can observe that security monitoring is currently totally decorrelated from security policies, that is security requirements are not linked with the means used to control their fulfillment. Most of the time, security operators have to analyze monitoring results and manually react to provide countermeasures to threats compromising the security policy. The response process is far from trivial, since it both relies on the relevance of the threat analysis and on the adequacy of the selected countermeasures. In this paper, we present an approach aiming at connecting monitoring techniques with security policy management in order to provide response to threat. We propose an architecture allowing to dynamically and automatically deploy a generic security policy into concrete policy instances taking into account the threat level characterized thanks to intrusion detection systems. Such an approach provides means to bridge the gap between existing detection approaches and new requirements, which clearly deal with the development of intrusion prevention systems, enabling a better protection of the resources and services.     

Adaptive Mean-Shift Tracking With Auxiliary Particles

We present a new approach for robust and efficient tracking by incorporating the efficiency of the mean-shift algorithm with the multihypothesis characteristics of particle filtering in an adaptive manner. The aim of the proposed algorithm is to cope with problems that were brought about by sudden motions and distractions. The mean-shift tracking algorithm is robust and effective when the representation of a target is sufficiently discriminative, the target does not jump beyond the bandwidth, and no serious distractions exist. We propose a novel two-stage motion estimation method that is efficient and reliable. If a sudden motion is detected by the motion estimator, some particle-filtering-based trackers can be used to outperform the mean-shift algorithm, at the expense of using a large particle set. In our approach, the mean-shift algorithm is used, as long as it provides reasonable performance. Auxiliary particles are introduced to cope with distractions and sudden motions when such threats are detected. Moreover, discriminative features are selected according to the separation of the foreground and background distributions when threats do not exist. This strategy is important, because it is dangerous to update the target model when the tracking is in an unsteady state. We demonstrate the performance of our approach by comparing it with other trackers in tracking several challenging image sequences.     

关于现有双网隔离计算机安全隐患的分析及应对措施

以隔离卡为代表的现有双网隔离计算机由于架构本身的缺陷,存在严重的安全和泄密隐患,继续应用在要求较高的重要机构,必然会对信息安全造成重大威胁.针对其安全隐患,文章提出了一种完全物理隔离,双主机独立工作的双网计算机架构,并建议了一些安全计算机必备的安全防护功能,如指纹识别加电（注）、适时人脸比对验证、内外网网口异型化设计、数据的单向传递、被盗后数据自毁等.通过这些方法有效地提高了计算机终端的安全等级.     

Threat-driven modeling and verification of secure software using aspect-oriented Petri nets

Design-level vulnerabilities are a major source of security risks in software. To improve trustworthiness of software design, this paper presents a formal threat-driven approach, which explores explicit behaviors of security threats as the mediator between security goals and applications of security features. Security threats are potential attacks, i.e., misuses and anomalies that violate the security goals of systems' intended functions. Security threats suggest what, where, and how security features for threat mitigation should be applied. To specify the intended functions, security threats, and threat mitigations of a security design as a whole, we exploit aspect-oriented Petri nets as a unified formalism. Intended functions and security threats are modeled by Petri nets, whereas threat mitigations are modeled by Petri net-based aspects due to the incremental and crosscutting nature of security features. The unified formalism facilitates verifying correctness of security threats against intended functions and verifying absence of security threats from integrated functions and threat mitigations. As a result, our approach can make software design provably secured from anticipated security threats and, thus, reduce significant design-level vulnerabilities. We demonstrate our approach through a systematic case study on the threat-driven modeling and verification of a real-world shopping cart application.     

火电厂大型设备故障诊断的数据挖掘方法

针对火电厂大型设备的常见故障 ,提出一种新的诊断方法———数据挖掘方法 .该方法通过建立一个智能化的数据挖掘工具 ,直接从火电厂SCADA系统历史数据库的大量实时数据中获取故障诊断知识进行故障诊断 .数据挖掘工具的核心是 ,采用粗糙集的约简方式 ,将数据库中抽取的故障诊断规则简化为基于最小变量集的决策表 .该方法避免了为诊断故障而附加的专门测试或试验 ,降低了费用 ,同时减少了试验对设备造成的潜在危险 .将这一方法应用于火电厂锅炉的一个复杂故障事例 ,结果表明其诊断的精度在 92 %以上 ,可以满足现场应     

基于实时数据库的天然气长输管线SCADA系统的设计

介绍了SCADA系统和实时数据库技术,根据实际生产运行情况,提出了基于实时数据库的SCADA系统设计方案,以实现实时数据筛选、储存、查询以及报表打印等功能,使得采用了实时数据库的SCADA系统具有较高的效率。     

SCADA中历史数据的SDT算法研究与改进

随着物联网和大数据技术的快速发展,数据采集与监视控制SCADA系统每天采集的数据量呈几何级数增长,传统的数据压缩算法--旋转门算法SDT 已经不能满足SCADA系统对历史数据压缩的要求。在深入研究了数据压缩方法尤其是旋转门SDT算法的基础上,提出了一种改进的ASDT 算法,并用Java语言加以实现。ASDT算法通过正弦曲线拟合数据以实现数据压缩,与传统SDT算法的性能相比,ASDT算法能取得更好的压缩效果。实验数据结果表明,相对于传统SDT算法,ASDT算法可以在不显著增加压缩误差的前提下,有效地提高压缩比。