different critical infrastructure ICS use common protocols that lack security, and ..... ICS/SCADA (European Network and Information Security Agency (ENISA), 2016). ..... into a Security Information and Event Management (SIEM) tool like Splunk that ... Retrieved from http://www.sersc.org/journals/JSE/vol6_no6_2009/6.pdf.
Running head: ICS/SCADA Security Issues of Interdependencies and Unsecure Protocols
ICS/SCADA Security Issues of Interdependencies and Unsecure Protocols Examiner Name: Brian Greer Utica College Professor: Chet Hosmer Course Name: CYB649 Date: 12/15/2017 DOI: 10.13140/RG.2.2.28413.46567
Abstract Society relies on critical infrastructure that provides numerous services, most of which are often taken for granted. These include such things as transportation, energy, and water and dams, just to name a few. The sectors that provide these services rely on Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) to maintain the plant or facility is continuously operating without disruption to the community. The environment in which these systems operate today relies on dependencies from design and implementation from decades ago that used closed, isolated, and serial systems. Technology has advanced at a rapid pace allowing for physical equipment and electronic controls to be remotely controlled or monitored from the emergence of the Internet. The interdependencies of different critical infrastructure ICS use common protocols that lack security, and different hardware assets that differ from firmware versions, in that they are proprietary and lack security and documentation. This further complicates operational technology (OT) due to the variety and differences used by multiple entities within the same or different sectors that create obstacles to the Active Cyber Defense Cycle (ACDC). These obstacles include the vulnerability of protocols and devices that pose threats from critical design weaknesses and lack of secure standards for those sectors using public facing ICS on the Internet. The opportunity to design new hardware oriented around security and authentication using new protocols designed for the digital age would allow entities to implement ACDC strategies using more robust technologies available today.
2
Table of Contents Abstract ........................................................................................................................................... 2 List of Illustrative Materials............................................................................................................ 4 Figures......................................................................................................................................... 4 Introduction ..................................................................................................................................... 5 Interdependencies ........................................................................................................................... 6 Physical ................................................................................................................................... 6 Geographical ........................................................................................................................... 7 Cyber ....................................................................................................................................... 8 Logical .................................................................................................................................... 9 Protocols ....................................................................................................................................... 10 Modbus ................................................................................................................................. 10 IEC 60870 ............................................................................................................................. 12 OPC ....................................................................................................................................... 13 DNP3..................................................................................................................................... 14 Discussion of the Findings ............................................................................................................ 15 Conclusion .................................................................................................................................... 20 References ..................................................................................................................................... 22
3
List of Illustrative Materials
Figures Figure 1 - Physical Infrastructure Interdependencies ..................................................................... 7 Figure 2 - Geographical Infrastructure Interdependencies ............................................................. 8 Figure 3 - Logical Infrastructure Interdependencies ..................................................................... 10 Figure 4 - Latency of Modbus vs Secure Modbus ........................................................................ 12 Figure 5 - Electric Power infrastructure depenencies ................................................................... 16 Figure 6 - Supply Chain Interdependency on Critical Infrastructure ........................................... 17
4
Introduction The continued growth of industrial automation and society dependence upon critical infrastructures through interconnected devices connecting to the Internet has resulted in an unforeseen rise in cyber-attacks and threatens the security of ICS/SCADA infrastructure. This paper argues that the inter-dependencies and protocols of ICS/SCADA in critical infrastructure pose challenges to security and the continuing integration of IT and OT networks allow the emergence of new threats against control systems. This paper will provide a literature review of the various infrastructure interdependencies and protocols of ICS/SCADA including physical, geographical, cyber, logical, DNP3, IEC 60870, OPC, and Modbus. The literature review will be followed by a discussion of the findings from the literature review then followed by a conclusion. The literature review of the types of interdependencies and protocols discussed are only some of the possible components to security within ICS that will provide clarity to the argument of this paper.
5
Interdependencies Physical Interdependency can be defined as a relationship between entities or infrastructure in this case that is bidirectional where the state of one infrastructure may impact or influence another (Rinaldi, 2004). Physical connections between business and control systems continue to increase due to the demand for sharing of real time data, which in turn increases the complexity of the interdependency among the infrastructures (Eisenhauer, Donnelly, Ellis, & O’ Brien, 2006). A physical interdependency often misconstrued is that ICS/SCADA systems that are not connected internally to the enterprise network or the Internet are isolated and protected (European Network and Information Security Agency (ENISA), 2016) A physical interdependency exists when the output or material flow of an infrastructure is needed or reliant on another for connections and linkages (Rinaldi, 2004). The 2003 blackout that affected the US and Canada was a result of the interdependent cyber and electric power infrastructure impacted due to cyber failures (Zimmerman & Restrepo, 2006). This had a cascading effect on not only the power infrastructure but other infrastructures including water treatment plants, transportation, and emergency medical services (Zimmerman & Restrepo, 2006). The critical infrastructure of the energy sector contains the production and distribution of natural gas and the distribution and generation of electricity. Physical interdependencies of connecting nodes overlapping with infrastructures of water, emergency services, transportation, and telecommunications clearly shows the complexity of the components (Dudenhoeffer, Permann, & Manic, 2006) (See Figure 1).
6
Figure 1 - Physical Infrastructure Interdependencies. Reprinted from “CIMS: A framework for infrastructure interdependency modeling and analysis,” D. Dudenhoeffer, M. Permann, and M. Manic, 2006, Proceedings - Winter Simulation Conference, Idaho National Laboratory, p. 479. Copyright 2006 by D. Dudenhoeffer, M. Permann, and M. Manic.
Geographical A geographical interdependency is where infrastructures are geographically located within close proximity to one another (Ramachandran, Shoberg, Long, Corns, & Carlo, 2015). The closeness of infrastructures when some element causes a disturbance or change can correlate in affecting other infrastructures. These occurrences are not cyber or physical interdependencies or connections but rather from some form of an event that that affects all the infrastructures at the same time (Rinaldi, Peerenboom, & Kelly, 2004). For example, an attacker is able to hack and derail a train that travels under a bridge. Under the bridge are physical power and communications lines that provide electrical power and communications geographically and 7
suddenly the lines are severed when the train derails. Due to the close proximity of the infrastructures and the lines being disconnected would ultimately impact critical infrastructures relying on power and communications. This may impact emergency services, transportation, and water sanitation. Distributed control systems (DCSs) are typically found at plant sites while SCADA systems cover a much larger geographical area thus any type of disruption can increase the effects of interdependent infrastructures compared to DCSs (Hentea, 2008).
Figure 2 - Geographical Infrastructure Interdependencies. Reprinted from “Modeling and simulating critical infrastructures and their interdependencies,” S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, 2004, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, p. 15. Copyright 2004 by S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly.
Cyber Cyber interdependency relies upon the transmission of information between infrastructures like ICS/SCADA becoming widespread among automation (Rinaldi, 2004). 8
SCADA stations in the past use to be hard wired to controller stations that limited exposure to external networks. Nowadays the communications can be done through the Internet, a virtual private network (VPN), or wirelessly which introduces and escalates the risk factors to ICS/SCADA (European Network and Information Security Agency (ENISA), 2016). Some of the misconceptions of ICS/SCADA security are that security through obscurity and proprietary protocols do not provide protection due to features that are lacking and thus implementation may pose vulnerability (European Network and Information Security Agency (ENISA), 2016). The rail industry is part of the transportation infrastructure that relies on ICS/SCADA systems to manage and control railcars which also relies upon electronic information and electricity (Rinaldi, Peerenboom, & Kelly, 2004). Logical A logical interdependency exists if the state of one infrastructure is dependent upon the state of another through some sort of a mechanism like regulations, policies, or lawful, which in turn excludes any type of connection through physical, geographical, or cyber (Rinaldi, 2004). These dependencies at the logical level include influence and decisions based on attributes of human decisions that may impact the logistics and operations to research and development (Petit & Lewis, 2016). These elements can be further be categorized as logical, societal, and policy and/or procedure that can influence or change components of the infrastructure (Petit & Lewis, 2016). The may impact policies and procedures such as incident response, investment strategies, “criticality” of links, nodes, and connections, or implementing effective security measures (Rinaldi, 2004) (See Figure 3).
9
Figure 3 - Logical Infrastructure Interdependencies. Reprinted from Communication network dependencies for ICS / SCADA Systems, In European Network and Information Security Agency (ENISA), 2016. Retrieved from https://www.enisa.europa.eu/news/enisa-news/attacks-on-ics-scada-how-to-protect-critical-infrastructures. Copyright 2016 by European Network and Information Security Agency (ENISA).
Protocols Modbus The Modbus protocol was designed by Modicon in 1979 and was later acquired by Schneider Electric in 1997 and used for process automation. The protocol is a layer 7 or application messaging protocol that allows the increasing connections of ICS/SCADA devices and systems to be connected through the Internet using port 502 (Cagalaban, So, & Kim, 2009). Modbus was designed as a protocol for serial communications between electronic devices like 10
Modicon’s programmable logic controllers (PLCs), which allowed information to be transmitted between devices (Pefhany, 2000). The vulnerability of the Modbus protocol are inherent due to the design and the lack of security that were built into its specifications (Cagalaban et al., 2009). Modbus is currently considered a legacy protocol by today’s standards. Modbus provides the ability to communicate with instruments, sensors, and intelligent devices; program and monitor devices, and the monitoring of field devices through the use of human machine interfaces (HMI) and/or computers (Modbus, 2017). This provided a standard language for Modicon’s controllers, giving them the ability to communicate with other devices as well its own controllers across various networks (Pefhany, 2000). The master-slave technique allowed for a master device to initiate communications and the slave devices the ability to respond. Modbus RTU is a communication method that allows devices to interact through the use of connecting them together in a chain. This method does not use encryption and security features are not provided which allows any type of unauthorized modification to introduce a man-in-the-middle (MITM) attack (Blair et al., 2013). Modbus has many advantages that include its simplistic instruction which can be used with TCP/IP. The protocol is free or open to use by anyone, supports computer network interface cards (NIC) or Ethernet, and supports numerous devices offered from vendors (Modbus, 2017). Modbus TCP allows for the encapsulation of the Modbus protocol over the Transport Control Protocol Internet Protocol (TCP/IP) to communicate with other devices over Ethernet. Modbus TCP is also susceptible to MITM attacks due to the implementation not supporting the Transport Layer Security (TLS) that would mitigate a MITM attack with shared authentication 11
(Blair et al., 2013).There are currently no existing security tools to address and detect malicious traffic of the Modbus protocol (Cagalaban et al., 2009). A Modbus secure protocol was proposed, using SHA2 hashing and RSA signatures for authentication and verification of the private key (Fovino, Carcano, Masera, & Trom-Betta, 2009). To fully implement this protocol into an ICS/SCADA environment the infrastructure would need four components which consist of a SHA2 validation, a Modbus stream builder, a Modbus reader and builder, and a unit to encrypt and decrypt RSA (Fovino et al., 2009). The results of the experiment clearly show how the impacts of performance are affected in real-time by adding security features (See Figure 1).
Figure 4 - Latency of Modbus vs Secure Modbus. Reprinted from “Design and implementation of a secure Modbus protocol,” I. N. Fovino, A. Carcano, M. Masera, and A. Trom-Betta, 2009, IFIP Advances in Information and Communication Technology, p. 94. Copyright 2009 by I. N. Fovino, A. Carcano, M. Masera, and A. Trom-Betta.
IEC 60870 Inter-Control Center Protocol (ICCP) also known as IEC 60870 is a protocol that allows for the control centers to communicate (Mirian et al., 2016). The protocol is also a layer 7 or application protocol like Modbus but enables communication or transmission with devices and services through a standard network (IPComm, 2017). The protocol was designed by the International Electrotechnical Commission (IEC) for serial communications but was later revised for communications over TCP/IP (Maynard, McLaughlin, & Haberler, 2014). The protocol was 12
originally designed for serial communications but subsequent releases allowed communication of serial frames over TCP/IP (Maynard et al., 2014). The IEC protocol resides on both the application layer seven and the data link layer two depending on the standards implemented. For example, IEC 60870-5-2 resides on layer two but IEC 60870-5-101 resides on layer seven (IPComm, 2017). IEC is vulnerable to Replay attacks, sniffing, and data modification at the data link layer. The protocol at is also vulnerable at the application layer from attacks like non-repudiation and spoofing (Pidikiti, Kalluri, Kumar, & Bindhumadhava, 2013). The checksum for IEC is unreliable and due to its relative small size is insufficient as an overflow may occur and verified SCADA research (Pidikiti et al., 2013). IEC 62351 is a standard that was designed to specifically prevent some forms of these attacks. Deploying IEC 60870 and IEC 62351 together would thus mitigate spoofing or relay attacks as the new standards are more secure but are rarely implemented with legacy systems due to financial constraints (Maynard et al., 2014) OPC The Open Platform Communications (OPC) protocol looked at protocols like Modbus and Profibus in an attempt to standardize an interface for human machine interface (HMI) in order to communicate requests for devices and vice versa using a so called “middle man” (OPC Foundation, 2017). The Distributed Component Object Model (DCOM) of Microsoft Windows was one service for the basis of the specifications for access to alarms and different types of data (OPC Foundation, 2017). The standards that OPC was based on include other services like Remote Procedure Call (RPC) and Object Linking and Embedding (OLE) from Microsoft Windows that threaten security due to vulnerability (ICS-CERT, 2017). 13
The OPC protocol allows communication in real time between interface devices like HMI and data acquisition hardware like PLCs (European Network and Information Security Agency (ENISA), 2016). OPC is vulnerable to remote code execution, buffer overflow, denial of service (DoS), and other forms affecting Windows operating systems (Rolston, 2006). OPC is also vulnerable to arbitrary code execution due to the write function interface ability to write values to memory addresses (European Network and Information Security Agency (ENISA), 2016). OPC is an industrial integration standard and is widely used throughout the world. The protocol can be used with HMI computers; safety instrumented systems (SIS), enterprise resource planning (ERP), and distributed control systems (DCSs) (MatrikonOPC, 2011). This provides attack vectors of traditional IT systems that are interconnected with OT systems to be exploited using RPC and DCOM vulnerability (Trend Micro, 2017). DNP3 The Distributed Network Protocol (DNP3) was designed by Westronic which was later acquired by GE-Harris Canada in the 90’s. DNP3 was partially designed from IEC 60870-5 and IEC 61805 for use in water and electrical infrastructure (Mirian et al., 2016). The oil and gas sectors of North and South America, Asia, Australia, and South Africa currently use the DNP3 protocol similar to how the same industries in Europe use IEC 60870 (Mohagheghi, Stoupis, & Wang, 2009). This provides communications between intelligent electronic devices (IED), remote terminal units (RTU) and clients at the stations (Mohagheghi, Stoupis, & Wang, 2009). Similar to Modbus, DNP3 provides communication between master and slave devices, is an open protocol, and provides no security for encryption or authentication (Majdalawieh, ParisiPresicce, & Wijesekera, 2006). The SCADA protocol is predominantly used in the United States energy sector for its reliability of measurements of data from devices in the field to the control 14
center (Darwish, Igbe, Celebi, Saadawi, & Soryal, 2016). The protocol is compatible and operable with different devices from diverse manufacturers allowing DNP3 to have the same functionality as IEC 60570 (Triangle MicroWorks, 2001). One vulnerability of the protocol stems from allowing IEDs to use various protocols like HTTP, UDP, and TCP providing attackers with more opportunities to exploit (Darwish et al., 2016). Research has identified that securing the DNP3 protocol requires the cyclic redundancy check (CRC) bytes to be removed from the header to support encryption algorithms and the authentication field provides message authentication using the Integrity Check Value (ICV) (Majdalawieh et al., 2006). A common exploit associated with DNP3 is the ability for an attacker to send commands without validation. Attackers take advantage of the DNP3 protocol by first exploiting the integer or string entry functions not properly managed and second the default implementation of the protocol does not have security measures (European Network and Information Security Agency (ENISA), 2016). Discussion of the Findings The interdependencies of physical, geographical, logical, and cyber use many different processes and mechanisms to form a complex ICS/SCADA infrastructure which becomes a complex system. Complex systems are composed of various layers and types of connectivity using subsystems within changing environments from stable to unstable that compose numerous components both locally and globally (Boccaletti et al., 2014). This complexity in ICS/SCADA is not only a security problem but also a problem that stems from mathematics, physics, engineering, mechanics, and other areas of science. The physical interdependency of the energy sector stems from these complex subsystems, which are intertwined with other subsystems that 15
are relied upon by other infrastructures. The subsystems connect nodes that overlap the infrastructures of the water, emergency services, transportation, and telecommunications sectors (Dudenhoeffer et al., 2006). The electric power subsystem of the energy sector affects critical infrastructure due to its dependencies on infrastructure (See Figure 5).
Figure 5 - Electric Power Infrastructure Dependencies. Reprinted from “Modeling and simulating critical infrastructures and their interdependencies,” S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, 2004, Proceedings of the 37th Annual Hawaii International Conference on System Sciences, p. 14. Copyright 2004 by S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly.
Geographical interdependency within local areas can be affected from natural disasters or elements like a cyber-attack that can disrupt or affect infrastructures in close proximity. Environmental disasters like Hurricane Katrina and more recently Hurricane Maria interrupted products and services of ICS/SCADA systems in numerous ways. A cyber-attack could potentially disrupt critical infrastructure and its dependence on the supply chain (See Figure 6).
16
Figure 6 - Supply Chain Interdependency on Critical Infrastructure. Reprinted from “Identifying geographical interdependency in critical infrastructure systems using open source geospatial data in order to model restoration strategies in the aftermath of a large-scale disaster,” V. Ramachandran, T. Shoberg, S. Long, S. Corns, and H. Carlo, 2015, International Journal of Geospatial and Environmental Research, p. 1. Copyright 2015 by V. Ramachandran, T. Shoberg, S. Long, S. Corns, and H. Carlo.
The transmission of information between infrastructures like ICS/SCADA continues to grow and is becoming widespread (Rinaldi, 2004). Communications of information through the Internet and other forms has created a paradigm shift not only in technology but culturally as well. The logical, societal, and policy and or procedure may influence human decisions that impact the logistics and operations of the infrastructure (Petit & Lewis, 2016). More recently, a new methodology, based on the so-called multi-layer networks has been developed for modeling dependence and interactions between different complex networks and various processes on the corresponding “networks of networks” (D’Agostino and Scala 2014). Multi-layer networks have been successfully used for analyzing complex networks and extracting useful insights about the underlying complex systems in different fields of sciences and engineering (Zuev & Beer, 2016). The protocols that dominate the ICS/SCADA environment include Modbus, IEC 60870, DNP3, Profibus, and Ethernet among others (Cagalaban et al., 2009). Protocols without 17
authentication are vulnerable to exploitation due to implementation by vendors, misconfigurations, and the initial design of the protocol itself. Some of the protocols that communicate between PLCs and computers unauthenticated include Modbus TCP, DNP3, BACnet, EtherNet/IP, and vendor proprietary protocols (Mcbride, 2017). Modbus and DNP3 are vulnerable by design due to the lack of support in verifying and authenticating packets (Maynard et al., 2014). IEC is susceptible to many of the same types of attacks as Modbus and DNP3 including MITM. Tools for MITM attacks are publicly available on the Internet and the protocols that are vendor neutral pose more risk due to sharing and documentation from attackers (Luallen, 2014). The use of strict operational policies and procedures combined with firewalls (unidirectional and bidirectional) provide some security for the communications on the internal network (Luallen, 2014). MITM attacks can be negated by preventing address resolution protocol (ARP) poisoning using Dynamic ARP Inspection combined with dynamic host configuration protocol (DHCP) snooping similar to Cisco’s port security (Maynard et al., 2014). Interconnected control and business networks are often of concern due to the increase in remote access which can be circumvented by attackers bypassing legacy systems which may lack security or finding exploits among the increased wireless connections (Homeland Security, 2010). Network isolation can be achieved through the use of firewalls specifically tailored for the ICS/SCADA community. Recommendations often fall on deaf ears when securing ICS due to default settings may not be changed or updated and authentication before any configurations changes can be made (Mahan, Burnette, Fluckiger, Goranson, Clements, Kirkham & Tews, 2011).
18
The OPC platform has begun efforts to standardize towards web-based protocols and move away from Microsoft, however many legacy implementations, devices, and equipment in ICS/SCADA are still using the OLE service (ICS-CERT, 2017). Network theory in the last couple of years has started looking at the complexity of elements involved dealing with multilayered and time varying real world systems (Boccaletti et al., 2014). This allows the diverse relationships to be understood from a perspective of how the multi layered networks affect the dynamics and processes between constituents of different infrastructures. The interdependencies and protocols of ICS/SCADA impact the effectiveness of the active cyber defense cycle (ACDC). The legacy protocols lacking authentication security pose a challenge to ACDC lifecycle as the endpoints and controllers using unauthenticated protocols affect the Network Security Monitoring (NSM) phase. This phase is to collect, detect, and analyze the environment including asset mapping and monitoring of those assets. The Incident Response (IR) phase is clearly impacted and should be reduced from the NSM phase but in the case of assets and protocols not being mitigated from the data gathered only increases the landscape of incident response threats. IR data is fed to the Threat and Environment Manipulation (TEM) phase to analyze and understand the threats, but due to the interdependencies and protocol vulnerability the TEM phase must identify the critical vulnerability that need to be mitigated within the environment. Changes to the environment infrastructure may not be implemented like normal information technology (IT) due to ICS/SCADA for critical infrastructure is a blended environment of information technology (IT) and operational technology (OT). Scheduled maintenance downtimes allows for implementing patches or removing security flaws of workstations and servers but critical exploits during unscheduled maintenance may not be an option. The malware in traditional IT environments may 19
affect OT devices and systems very differently due to the fragility of the environment. There may also be limited time in test the defensive measures taken in a simulated environment that may have a negative impact in the control system itself. This further complicates the Threat Intelligence Consumption (TIC) phase as the current trends of tactics, techniques, and procedures (TTPs) being used by attackers may have already been identified in another phase of the ACDC. Service providers like FireEye provide this information through a service that can be configured into a Security Information and Event Management (SIEM) tool like Splunk that can provide new vulnerability for the NSM phase to identify. The ACDC is a continuous cycle that depends on the previous phase to identify and reduce the threat landscape of an ICS/SCADA environment. Security is based on the four phases working on conjunction with one another to feed the information to the next phase; failure in one of the phases leads to a weakened defense and security threats that may have potential consequences that impact the ICS/SCADA infrastructure. Conclusion Legacy protocols and interdependencies demonstrate just a small sample of the security concerns surrounding ICS/SCADA systems. Control systems have evolved from isolated environments of OT from the past into a blend of traditional IT implemented within the OT environment due to the advances in technology like the Internet. Many of the legacy protocols were developed decades ago for closed and serial connections that lacked security due to the environment from which they were designed. Control systems have become intertwined with systems and subsystems within various parts of critical infrastructure today which has created a complexity issue in maintaining them while keeping them secure.
20
The complexities of critical infrastructure and control systems stems from the blending of IT with OT in which traditional IT implementations, features, and standards may not be adaptable in an OT setting. The advances in technology have helped bridge some of these gaps in introducing new authentication protocols through testing and research. Although more interdependencies research is needed, the implementation and testing will take time to achieve the desired results due to how fragile these systems are. The industry is starting to adapt and change views on new implementations of the culture by engaging new partnerships to further collaborate on preventing constantly evolving cyber threats.
21
References Blair, J., Nunneley, J., Kaisler, R., Fox, B., Nagy, F., Randle, B., & Linse, L. (2013). Security Recommendations SunSpec Alliance Best Practice Guide. Sunspec Alliance. Retrieved from http://sunspec.org/wp-content/uploads/2015/06/SunSpec-Best-Practice-Guide-SecurityRecommendations-A42025-1.1.pdf Boccaletti, S., Bianconi, G., Criado, R., del Genio, C. I., Gómez-Gardeñes, J., Romance, M., … Zanin, M. (2014). The structure and dynamics of multilayer networks. Physics Reports, 544(1), 1–122. https://doi.org/10.1016/j.physrep.2014.07.001 Cagalaban, G. A., So, Y., & Kim, S. (2009). SCADA Network Insecurity: Securing Critical Infrastructures through SCADA Security Exploitation. Journal of Security Engineering, 6(6), 12. Retrieved from http://www.sersc.org/journals/JSE/vol6_no6_2009/6.pdf D'Agostino, G. & Scala, A. (2016). Networks of Networks: The Last Frontier of Complexity. New York City, NY: Springer. Darwish, I., Igbe, O., Celebi, O., Saadawi, T., & Soryal, J. (2016). Smart Grid DNP3 Vulnerability Analysis and Experimentation. Proceedings - 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015, (March 2017), 141–147. https://doi.org/10.1109/CSCloud.2015.86 Dudenhoeffer, D. D., Permann, M. R., & Manic, M. (2006). CIMS: A framework for infrastructure interdependency modeling and analysis. Proceedings - Winter Simulation Conference, 478–485. https://doi.org/10.1109/WSC.2006.323119
22
Eisenhauer, J., Donnelly, P., Ellis, M., & O’ Brien, M. (2006). Roadmap to Secure Control Systems in the Energy Sector. US Department of Energy, (September), 58. Retrieved from https://ics-cert.uscert.gov/sites/default/files/documents/TransportationRoadmap20120831.pdf European Network and Information Security Agency (ENISA). (2016). Communication network dependencies for ICS / SCADA Systems. https://doi.org/10.2824/397676 Fovino, I. N., Carcano, A., Masera, M., & Trom-Betta, A. (2009). Design and implementation of a secure Modbus protocol. IFIP Advances in Information and Communication Technology, 311, 83–96. https://doi.org/10.1007/978-3-642-04798-5_6 Hentea, M. (2008). Improving security for SCADA control systems. Interdisciplinary Journal of Information, Knowledge, and Management, 3, 73–86. Homeland Security. (2009). Roadmap to Secure Control Systems in the Chemical Sector. Retrieved from http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/roadmap.pdf Homeland Security. (2010). Dams Sector. Hydro World. Retrieved from http://www.hydroworld.com/content/dam/hydroworld/onlinearticles/documents/2012/April/DamsSectorRoadmaptoSecureControlSystems2010.pdf IPComm. (2017). IEC 60870-5-104. Retrieved from http://www.ipcomm.de/protocol/IEC104/en/sheet.html Luallen, M. (2014). Breaches on the Rise in Control Systems: A SANS Survey. SANS Institute, (April), 31. Retrieved from https://www.sans.org/readingroom/whitepapers/analyst/breaches-rise-control-systems-survey-34665 23
Mahan, R. E., Burnette, J. R., Fluckiger, J. D., Goranson, C. A., Clements, S. L., Kirkham, H., & Tews, C. (2011). Secure Data Transfer Guidance for Industrial Control and SCADA Systems. Report to US Department of Energy, PNNL-20776, (September). https://doi.org/10.6028/NIST.SP.800-82r2 Majdalawieh, M., Parisi-Presicce, F., & Wijesekera, D. (2006). DNPSec: Distributed Network Protocol Version 3 (DNP3) Security Framework. Advances in Computer, Information, and System Science, and Engineering, 3. Maynard, P., McLaughlin, K., & Haberler, B. (2014). Towards Understanding Man-In-TheMiddle Attacks on IEC 60870-5-104 SCADA Networks. Proceedings of the 2nd International Symposium for ICS & SCADA Cyber Security Research 2014, 30–42. https://doi.org/10.14236/ewic/ics-csr2014.5 Mcbride, S. (2017). WHAT ABOUT THE PLANT FLOOR? SIX SUBVERSIVE CONCERNS FOR INDUSTRIAL ENVIRONMENTS. FireEye. Retrieved from https://www2.fireeye.com/rs/848-DID-242/images/rpt_subversivesix.pdf Mirian, A., Ma, Z., Adrian, D., Tischer, M., Chuenchujit, T., Yardley, T., … Bailey, M. (2016). An Internet-wide view of ICS devices. 2016 14th Annual Conference on Privacy, Security and Trust, PST 2016, 96–103. https://doi.org/10.1109/PST.2016.7906943 Petit, F. & Lewis, L., P. (2016). Incorporating Logical Dependencies and Interdependencies into Infrastructure Analyses. George Mason University. Retrieved from https://cip.gmu.edu/2016/02/17/incorporating-logical-dependencies-and-interdependenciesinto-infrastructure-analyses/ 24
Pidikiti, D. S., Kalluri, R., Kumar, R. K. S., & Bindhumadhava, B. S. (2013). SCADA communication protocols: vulnerabilities, attacks and possible mitigations. CSI Transactions on ICT, 1(2), 135–141. https://doi.org/10.1007/s40012-013-0013-5 Ramachandran, V., Shoberg, T., Long, S., Corns, S., & Carlo, H. (2015). Identifying geographical interdependency in critical infrastructure systems using open source geospatial data in order to model restoration strategies in the aftermath of a large-scale disaster. International Journal of Geospatial and Environmental Research, 2(1). Retrieved from http://dc.uwm.edu/cgi/viewcontent.cgi?article=1029&context=ijger Rinaldi, S.M., Peerenboom, J.P., Kelly, T. K. (2004). Modeling and simulating critical infrastructures and their interdependencies. Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004., 8 pp. https://doi.org/10.1109/HICSS.2004.1265180 Rinaldi, S. M. (2004). Modeling and simulating critical infrastructures and their interdependencies. Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004., 0(C), 8 pp. https://doi.org/10.1109/HICSS.2004.1265180 Rolston, B. (2006). Security Implications of OPC , OLE , DCOM , and RPC in Control Systems. Idaho National Laboratory. Retrieved from https://inldigitallibrary.inl.gov/sites/sti/sti/3494180.pdf Triangle MicroWorks. (2001). Using DNP3 & IEC 60870-5 Communication Protocols In the Oil & Gas Industry. SCADAhacker. Retrieved from https://scadahacker.com/library/ Zimmerman, R., & Restrepo, C. E. (2006). The next step: quantifying infrastructure 25
interdependencies to improve security. International Journal of Critical Infrastructures, 2, 215–230. https://doi.org/10.1504/IJCIS.2006.009439 Zuev, K. M., & Beer, M. (2016). Reliability of Critical Infrastructure Networks : Challenges. arXiv preprint arXiv:1701.00594
26
