The following activity is designed to prompt expression of your knowledge of and ability to apply engineering professional skills. Its purpose is to determine how well your engineering program has taught you these skills. By participating, you are giving your consent to have your posts used for academic research purposes. When your posts are evaluated by the program assessment committee, your names will be removed. In order to post, click on the Sign In button in the upper right hand corner of the blog page, then sign in using your gmail account and password.
Time line: You will have 2 weeks to complete the on-line discussion as a team. Use this blog to capture your thoughts, perspectives, ideas, and revisions as you work together on this problem. This activity is discussion-based, meaning you will participate through a collaborative exchange and critique of each other’s ideas and work. The goal is to challenge and support one another as a team to tap your collective resources and experiences to dig more deeply into the issue(s) raised in the scenario. Since the idea is that everyone in the discussion will refine his/her ideas through the discussion that develops, you should try to respond well before the activity ends so that the discussion has time to mature. It is important to make your initial posts and subsequent responses in a timely manner. You are expected to make multiple posts during each stage of this on-going discussion. The timeline below suggests how to pace your discussion. This is just a suggestion. Feel free to pace the discussion as you see fit.
Tuesday Week 1 Initial Posts: All participants post initial responses to these instructions (see below) and the scenario.
Thursday Week 1 Response Posts: Participants respond by tying together information and perspectives on important points and possible approaches. Participants identify gaps in information and seek to fill those gaps.
Tuesday Week 2 Refine Posts: Participants work toward agreement on what is most important, determine what they still need to find out, & evaluate one or more approaches from the previous week’s discussion.
Thursday Week 2 Polish Final Posts: Participants come to an agreement on what is most important, and propose one or more approaches to address the issue/s.
Discussion Instructions
Imagine that you are a team of engineers working together for a company or organization to address the issue raised in the scenario. Discuss what your team would need to take into consideration to begin to address the issue. You do not need to suggest specific technical solutions but identify the most important factors suggest one or more viable approaches.
Suggestions for discussion topics
• Identify the primary and secondary problems raised in the scenario.
• Who are the major stakeholders and what are their perspectives?
• What outside resources (people, literature/references, and technologies) could be engaged in developing viable approaches?
• Identify related contemporary issues.
• Brainstorm a number of feasible approaches to address the issue.
• Consider the following contexts: economic, environmental, cultural/societal, and global. What impacts would the approaches you brainstormed have on these contexts?
• Come to agreement on one or more viable approaches and state the rationale.
Power Grid Vulnerabilities
In 2010, the US power industry received $3.4 billion as part of the recent economic stimulus package to help modernize the country's electric power system and increase energy efficiency.
The nation’s security experts are concerned about the increased vulnerability of the operational systems used to manage and monitor the smart grid infrastructure. Supervisory Control and Data Acquisition (SCADA) systems are one of the primary energy management systems used to control the power grid. SCADA systems are susceptible to cyber attacks because many are built around dated technologies with weaker protocols. To increase access to management and operational data, these systems and their underlying networks have been progressively more interconnected.
Contemporary hackers may circumvent technical controls by targeting a specific user within the utility instead of hacking directly into the grid. For example, a person with intention to launch cyber attacks could be employed by a business that sells products or services to a company, allowing regular e-mail interactions with the internal procurement office. The hacker could circumvent the company’s firewall by sending emails with a Trojan horse or advanced malware, thus creating a virtual tunnel to the procurement office’s computers. This would give the hacker undetected direct access to the company's network which could be used to launch further attacks.
Since 2000, successful cyber attacks to the SCADA systems of a number of US power generation, petroleum production, water treatment facilities, and nuclear plants have increased by tenfold. In April 2010, a Texas electric utility was attacked from Internet address ranges outside the US. In late 2010 and early 2011, Iranian nuclear power plants and German-headquartered industrial giant Siemens witnessed the powers of Stuxnet, the sophisticated malware designed to penetrate industrial control systems. Experts warn that Stuxnet or next-generation worms could incapacitate machines critical to US infrastructure, such as electric power grids, gas pipelines, power plants, and dams. The worm circumvents digital data systems and thwarts human operators by indicating that all systems are normal, when they are actually being destroyed.
Official US governmental standards for power grid cyber security are not robust enough to ensure against such threats. According to a January 2011 Department of Energy audit, the current standards are not “adequate to ensure that systems-related risks to the nation’s power grid were mitigated or addressed in a timely manner.”
Sources
Audit Report: Federal Energy Regulatory Commission’s Monitoring of Power Grid Cyber Security. (January 26, 2011). U.S. Department of Energy, Office of Inspector General, Office of Audits and Inspections.
Computer Expert Says US Behind the Stuxnet Worm. (March 3, 2011). Agence France-Presse.
Cyberwar: In Digital Combat, U.S. Finds No Easy Deterrent. (January 25, 2010). New York Times.
Hacking the Smart Grid. (April 5, 2010) Technology Review.
New Breed of Hacker Targeting the Smart Grid. (June 1, 2010). Coal Power Magazine.
http://www.bbc.co.uk/news/technology-13122339
ReplyDeleteI figured I would start of the discussion with a recent news article on the subject. Really I see the current primary and secondary issues in my mind as very close rivals. The primary I see is that a old war tactic (destroying or hindering a opponents resource production) is being introduced in a new cyber warfare environment. The secondary, which could be thought of being as important almost, is that hackers, or more accurately any cyber attacker, have technology and techniques that far exceed the protective options of those in control of resources. This is most likely due to the years that policy makers and non technical general populace spent ignoring that protections should be developed, while the technical community was either using aggressive tactics (in what was a positive and largely minimal damage scenario) or simply no in a position to create protective measures. As such protective tools and standards have fallen years, decades even, behind their more offensive and destructive counterparts. To return to our primary issue. This means that. for a system to exist in this secondary issue's domain, that one of two things needs to occur as solutions to this problem have in previous fields of warfare. The common options are to either to rapidly advance protective tools and systems to catch up to offensive methods or to change the systems and environment which is being used for these attacks such that methods (or mutated methods) used to make offensive action are made infeasible for the implemented system. That is to saw, it needs to be made so that all currently employed methods for cyber attacks need to be incompatible to even operate in the SCADA systems. One, expensive, but potentially possible way to explain this would be to create a internet type network in which only SCADA necessary systems be attached and no physical connections to systems outside that list exist or will be introduced. Alternately, the system could be changed so that tools used by attacked simply cannot work in the SCADA environment. The most effective way to do this, so that a mutation in current methods does not occur, is to make the hardware connecting the SCADA systems completely incompatible with systems used by attacked (which would require completely reworking the system so all modern computers are not used). These are of course drastic and illogical options, but they demonstrate an extreme side to an argument.
So after reading about the problem I decided to do a little more reading into SCADA systems to determine what sort of weak points there are that can be attacked.
ReplyDeleteAs mentioned in the problem outline above, Stuxnet circumvents digital systems and indicates that all systems are normal, while destroying them. Well based on Wikipedia's fantastic article about SCADA systems, each process is controlled by its own Remote Terminal Unit (RTU) or Programmable Logic Controller (PLC). These RTU/PLC's control the physical systems based on sensor feedback. For example, a process could consist of a RTU or PLC that measures a flow rate and controls a pump speed to maintain a desired rate of flow. Each RTU/PLC is then controlled by the actual SCADA system.
With the system designed as described, there's a pretty big vulnerability between the SCADA (the digital system mentioned as being bypassed) and the RTU/PLC's. The SCADA receives limited feedback from each process, and depending on the sophistication of the system perhaps only a signal that the process is operating as expected. As such if a malware were able to penetrate to the RTU/PLC's it would be able to change tell the SCADA system that it was operating as normal while at the same time changing operational values to damaging or unsafe levels. This could result in the physical damage of equipment which seems to be the incapacitation of machines critical to US infrastructure as mentioned in the problem outline.
It appears that the newer SCADA systems are beginning to more closely resemble Distributed Control Systems (DCS). This change means that newer systems are personally interacting with the hardware rather than going through an external system. This allows the system to separately monitor as many constraints as desired about a process, greatly increasing the chance of recognizing undesired behavior and stopping it before a malware can compromise a system. This centralization also allows for more security to be put on the outside of the system.
It looks like a lot of those RTU/PLC's are going to need to be replaced with other systems before anything major can happen with improving security.
After doing some research on the SCADA system and reading the article, it looks like this vulnerability is mainly caused by vulnerable computers with access to the SCADA system, the fact that the control systems can be modified remotely, and the data transmissions from the SCADA systems are vulnerable.
ReplyDeleteI looked at what caused the spread of the w32.stuxnet worm and it looks like it was spread via USB drives. The worm used an exploit in all windows systems involving .lnk files, and infected computers that simply browsed the USB drives, and further infected other drives connected to infected computer. Once on the computer the worm would then check to see if the system was running a Siemens Simatic WinCC software and if it was it would try the default password that that is used when the program is first set up. This password had been released on the internet several years before the worm was released and could be easily looked up.
I also looked at how some of the SCADA systems work and it appears that remote users can modify the control systems on some industrial SCADA systems. This could be really bad if a remote hacker was able to gain access to the systems over the net because they could reprogram the control systems to intentionally fail.
Also I found that one of the other vulnerabilities is that the networks that transmit the data from the systems to remote terminals are often either using a proprietary communication system or use open communication standards. The proprietary communication standards have been shown to have questionable security standards if the company implemented them at all. The open security standards are arguably better, as they can be upgraded with current network security proticals. However it has been shown that some systems have not fully implemented the security proticals available, and often leave the data streams un-encrypted.
This comment has been removed by the author.
ReplyDeleteI kinda agree with Scott, in the fact that cyber-attacks are nothing new. To me the new thing is that the public utilities are now networked and susceptible to this kind of attack and since they never had to protect themselves from this kind of threat in the past they are not prepared.
ReplyDeleteFrom my research it looks like there are several simple security measures/policies that they could implement with little to no cost to the facilities. One simple policy that could have stopped the before mentioned worm could be to simply not allow USB-drives (or other media) from outside the work place, and to use a an encryption method when sending data streams to other computers.
One method that might be a little more expensive could be to add more hardware limitations to the SCADA and control systems so that they cant modify the systems unless physically present.
I really wonder why the computers that can change the SCADA system are connected to the internet. It seems to me that in order to keep the whole system secure, they should have their own network to control the SCADA system and have it completely separate from the web, that way the only computers that could possibly change anything would be the ones connected to the SCADA network and not the ones connected to the world wide web. This would not stop the USB worms, but if they implemented the no removable media policy that would get rid of that problem.
ReplyDeleteThat sounds like a good solution to me. If web access were necessary for the SCADA systems, say for company wide updates, there could be a computer or terminal that's external to the network and interacts with one of the other computers rather than any of the control systems.
ReplyDeleteI think that a quick and cheap fix would be to initiate some more strict office security standards (such as restrictions on thumb drives, and other media, emails) and set up more technology security standards (such as strong encryption on sensitive data and communications). In the long run though I think that they should upgrade the systems to have more hardware protections, such as a physical presence to reprogram the systems.
ReplyDeleteI remember I was talking to guy that worked at BNSF (one of the largest train companies in the US) and he was telling be that they were going to be updating all of their control systems from PLC and SCADA systems to work off of more complex embedded systems. He also mentioned that the embedded systems would allow way more security, safety and even "smarter" systems to be used.
Taking keeping this in mind, maybe we should just make a planned phasing out of these older systems that were not designed to defend against cyber attacks, in favor of a more advanced, modern systems.
I agree. For the time being, we should initiate stricter security standards, but that is not enough. As with any system controlled or designed by humans the is a possibility of error. Just because there is tighter security does not mean that there will no longer be accidents.
ReplyDeleteDown the line, it would be a very good idea to upgrade the SCADA system and implement encryption when sending any sensitive data as soon as feasible.
I kind of think that a third party should set up the new systems and mediate the transition too. If the group that setup the current systems stays in complete control they might just make the same mistake or enact a bunch of policies that aren't really happening. Like when a company claims they recycle all paper but their employees throw out recyclables. It needs some sort of watch dog to make sure that they are enforcing their own policies, or they have to setup within themselves a way to prove they are making sure it happens.
ReplyDeleteShort term I think Bryan is right about a lot of simple things can stop it, but there is definitely big room for improvement on their systems. But with new tools like this there usually is.