ICS/SCADA Security vs. Hacking Article # 1

The Key Differences between Security of SCADA and security of Traditional IT systems.

For all of my friend they are coming from Information Security background for IT systems, SCADA Systems security now are green field and very hot topic because ICS/SCADA are used in many of critical infrastructures which have directly impact to any nation's national security and national economy. These systems are vulnerable for many reasons i will talk about all reason in this series of articles.

Many of traditional IT security technologies and solutions are not applicable to ICS/SCADA Security.

IT Data Protection.

When we are trying to protect IT system we are focus on data security as we need to keep our data away from attacks and prevent hacker from obtain confidential information. This data may be credit card numbers, enterprise business emails, ETC... in case there is an attack we can recover and go online again with in few hours.

ICS/SCADA Security the process

ICS/SCADA systems are depend upon continuous functions and process between fields. Imagine that if one of these fields are goes down for any reason it will take some weeks may be months to be restart and be up again and this cost the owner millions of dollars of down time as well as many of fields employees may lost their life :( :(

In addition to if these ICS/SCADA systems are used in Electrical power or transportation systems or water plants etc.. if one of these system are suddenly down this may cause people's to be angry and down many services in this region. So ICS/SCADA security should focus on secure the process.

In traditional IT systems we are protecting the data, while in ICS/SCADA systems we are protecting the process.

Technologies in IT Systems v. ICS/SCADA system.

In traditional IT systems we are working with some of protocols and all vendor's products should understand these protocols to can communicate with others. this protocols have layer of security such as TCP/IP, UDP, DHCP, DNS and FTP etc..

In ICS/SCADA there are many number of protocols some of them are vendor proprietary and there is no security level for all of them like Modbus, DNP3, S7comm etc..

Life cycle for IT technologies in between three to five years while the life cycle for ICS/SCADA may be in between fifteen to twenty years, this long time make the security level for it to be very low as developments of attack methods. As well as many of SCADA system are outdated and vulnerable but still in used.

In traditional IT you should protect Network equipments, Servers, Applications as well as users all of these to protect your data, while in ICS/SCADA systems you should protect Programmable Logic Controller (PLC), SCADA Server or Master Terminal Unit (MTU), Remote Terminal Unit (RTU), Human Machine Interface (HMI) and Data Historian etc.. I will explain the functions of all these devices such as PLC.

PLC's are small computer systems utilizing Ladder Logic programming to control sensors, valves, alarms and other devices.These PLC's are used for nearly every type of industrial control system, whether manufacturing, petroleum refining, electricity transmission, water treatment etc. Hacking ICS/SCADA systems often requires a knowledge of the programming of these PLC's.

Key measure for security in traditional IT vs. ICS/SCADA.

Availability is one of the component of security triangle as well as confidentiality and integrity.In IT system may be you have backup and DR site and have recovery technologies to all of your data so you can comeback online with in maximum some hours if extended may be day/days.

As we mentioned above in ICS/SCADA we are secure the process rather than the data. This mean that there is no option to restart or down the systems expect the annual or quarterly maintenance shut-downs. this mean that the system may be still running with many and many of vulnerabilities. These vulnerabilities may be known and unpatched for months or years :(

The traditional IT security engineer would be able to implement a preventative controls such as patch management solutions, while the SCADA engineer are interested about continuous the process so keep their system away from any down with vulnerabilities.

ICS/SCADA devices on the internet

In the Traditional IT security engineer have direct physical access to their equipments while in ICS/SCADA the components of the system may be distributed over hundreds or thousands of miles (i.e. pipelines, electrical grid, etc). This will be challenge to implement security for all of them.

With in the last years many of SCADA system are published over the internet to facilitate the operations but this may be entry point for the hacker to the entire ICS/SCADA systems.

In any future Cyber War these systems will be targeted first you can search for Stuxnet attack against Iranian Nuclear power or Black Energy 3 Attack against Ukrainian electrical system in their conflict with Russia.

This article may be simple, theoretical and high level but it just start. i will go for deep technical in the next articles Insha'aa Allah :)

#All images above are copied from google images :)