Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Cyber Security in the Water Sector Author: Brandon Khoury Faculty Advisor: Dr. Lingfeng Wang Electrical Engineering and Computer Science Research Objectives • Highlight importance of cyber security in water sector • Review historical progression • Intrusion path analysis • Means of risk mitigation and assessment Background • Vital to the daily function of the general population • Small amount of water plants provide service to over three quarters of U.S. population [1] • Industry mission sight includes reliable and affordable water services Background cont. • Industrial automation technology • Supervisory Control and Data Acquisition (SCADA) networks • Industrial Control Systems (ICS) • Components • • • • Programmable Logic Controller (PLC) Human Machine Interface (HMI) Server/Client communication protocol Network connectivity Background cont. Sensor/Telemetry Site Growth vs. Time Source: See references [5] Methodology • Open ended methodology • Deductive • General sources/inquires lead to more specifically focused research • Inductive • Specific technological factor leads to hypothesis on general vulnerability • Confirm with research • Synthesis of data – intrusion path analysis Theoretical Intrusion Path Intrusion Path cont. • Denial of Service (DoS) scenario • Affects integrity (ability to function correctly and detect error/malicious activity) of system components [4] • Capitalizes on water sector and SCADA weaknesses • • • • Lack of resources for incident detection Intrinsically archaic network architectures Complex hacking code and lack of anti-virus software Un-encrypted communication protocol, MODBUS for example Risk Mitigation Technical: Multi-Factor Authentication Virus protection software/intrusion detection Transaction logging (MODBUS) [2] Network segmentation Process/Organizational: Maintain IT staff Risk mitigation goals Performance metrics [5] Response/disaster recovery plan [3] Risk Mitigation cont. Example of simple network segmentation architecture Conclusion • Why is this important? • Water industry designed without security as a primary concern • Technological advances put sector even more at risk • An attack could endanger public health • Inhibit primary industrial functions that required water • Upgrading to adequate security is a large task » Time, Money, Manpower » Constant quality control Questions • Questions? • Thank you! References • • • • • [1] C. Copeland and B. Cody, “Terrorism and Security Issues Facing the Water Infrastructure Sector,” Congr. Res. Serv. Rep., pp. 1–6, 2010. [2] E. J. Byres, M. Franz, and D. Miller, “The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems.” [3] S. Panguluri, W. Phillips, and P. Ellis, “Cyber Security: Protecting Water and Wastewater Infrastructure,” Handb. Water Wastewater Syst. Prot., pp. 285–318, 2011. [4] S. Amin, X. Litrico, S. Sastry, and A. M. Bayen, “Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks,” pp. 1–8, 2012. [5] Water Sector Coordinating Council Cyber Security Working Group, “Roadmap to Secure Control Systems in the Water Sector,” pp.5–37, 2008.