SCADA & ICS Security Assessment



Challenges and threats to ICS systems

The concept of manufacturing and control systems (ICS) electronic security is applied in all types of plants, facilities, and systems in all industries. Manufacturing and control systems include, but are not limited to:

  • Hardware and software systems such as DCS, PLC, SCADA, networked electronic sensing, and monitoring and diagnostic systems.
  • Associated internal, human, network, or machine interfaces used to provide control, safety, and manufacturing operations functionality to continuous, batch, discrete, and other processes.
  • Physical security is also an important component in the overall integrity of any control system environment..

Originally, ICS  systems were physically isolated from enterprise networks and based on proprietary hardware, software, and communication protocols that lacked the secure communication capabilities; and hence the need for cyber security measures within these systems was not anticipated.

However, in today’s business environment, Enterprise networks comprising of mission critical applications such as SAP are inter-connected in real-time with ICS networks and the earlier “air gap” does not exist anymore. This poses great challenge for Enterprises because the Enterprise networks are susceptible for Virus, Worms & Tojan Horse attacks which in turn could have a disastrous effect on  the ICS network and destabilize the manufacturing operations.

Common threat agents for these ICS systems are:

  • Attackers
  • Bot-network operators
  • Criminal groups
  • Malicious Insiders
  • Spyware/malware authors
  • Terrorists
  • Industrial/State sponsored spies

Vulnerabilities in ICS systems

The vulnerabilities can be classified into broadly three groups:

  • Policy and Procedure Vulnerabilities
  • Platform Vulnerabilities
  • Network Vulnerabilities
Policy and Procedure Vulnerabilities

These vulnerabilities are introduced into the ICS due to incomplete, inappropriate, or non-existent security documentation, including policy and procedures.

Platform Vulnerabilities

These vulnerabilities can occur due to flaws, misconfiguration, or poor maintenance of hardware, operating systems, and ICS applications.

Network Vulnerabilities

These vulnerabilities in ICS may occur from flaws, misconfiguration, or poor administration of ICS networks and their connections with other networks.

How Irisk can help you?

Our team of experts follow a step by step procedure to do a thorough security assessment of your mission critical SCADA systems to find out how vulnerable they are against external attacks by malicious users and how much they are compliant against the security standards such as ICS-CERT, DoE (Department of Energy), DHS (Department of Homeland Security), NIST SP 800-82 Rev 1, NIST SP 800-53 Rev 4, TR99.00.02 and ENISA guidelines for ICS systems, National ICS Security Standard, Qatar etc. We use tools such as Nmap, Nessus, Super scan etc for security assessment.

Irisk Methodology for ICS systems

As per the criticality of the ICS, here is the brief snapshot of Irisk Methodology:

  1. Irisk follows ISA 99/IEC 62443 Standard, NIST, DoE, DHS security guidelines for ICS risk assessment.
  2. Irisk will review existing policy and procedures, else will assist to develop the new policy and procedure as per the global best practices for ICS.
  3. Irisk will start project with site survey which will include onsite visit to the PDCs and PMUs sites on sample basis. This will help us to understand how ICS are being utilized.
  4. Irisk will analyse network diagram on site visit.
  5. Irisk will perform Risk based Penetration testing and vulnerability Assessment which will combine Automated and Manual assessment as ICS components are prone to be crash.
  6. Irisk will report immediately to the stakeholders about any critical issue found during the assessment process.
  7. Post assessment, Irisk will submit the drafted report to the management for their input.
  8. Once approved by management, Irisk will release the final report.

What are the Takeaways?

After the security assessment tests, our results will help you to determine these core points:

  1. The importance of system and configuration hardening for mission-critical SCADA systems
  2. You will come to know these complex machines better and secure them accordingly
  3. You can be sure that your SCADA system is actually isolated

SCADA systems make attractive targets for the attackers to tinker around the mission critical systems such as making atomic energy uranium enrichment process unstable by planting a Trojan which suppresses the earning alarm system. With the emergence of Advanced Persistent Threats (APT) like Stuxnet looming around, it should act as a major security concern for every organization having SCADA infrastructure. A thorough security assessment of such SCADA system is a need of the hour and it must be taken seriously.