Transcript Problem Statement - Senior Design

Personnel
500-600 hours
Hardware
Virtualization Server(?)
SIPROTEC 4 7SJ61 Relay s
SCALANCE S612 Security Module
Software
Spectrum Power TG SCADA/EMS (HMI)
SICAM PAS v6.00 (RTU)
DIGSI (Relay Configuration)
DIgSILENT PowerFactory (Power Flow)
VmWare ESXi
NMap
Wireshark
BackTrack Linux
Total
$10,000-$12,000
$3000-$10,000
$0
$0
$0
$0
$0
$0
$0
$0
$0
$0
$13,100-$22,200
SCADA
System with
Poor Security
SCADA
System with
Improved
Security
Improvement
Cycle
System
Configuration
and
Improvement
Attack Scenario
Vulnerability
Assessment
Virtualized and
Real Relays
Virtal and Real
SICAM PAS
(OPC DA Server)
DIgSilent
PowerFactory
(OPC Client)
Siemens
Spectrum Power
TG (HMI)
• Will use vulnerability scanners to scan for potential
vulnerabilities
• Document and assess this vulnerabilities for potential
attack
• Implement an attack to exploit vulnerability,
documenting outcomes
• Write a report with detail about vulnerabilities,
attacks and potential fixes.
Our SCADA network test bed consists of a few key pieces
of hardware and software:
• Hardware
• Siemens SCALANCE S612 Security Module
• Siemens SIPROTEC 4 7SJ61 Relay (Sensor)
• Software
• Siemens Spectrum Power TG SCADA/EMS (HMI)
• Siemens SICAM PAS v6.00 (RTU)
• Siemens DIGSI (Software for SIPROTEC Protection
Relays)
• VmWare ESXi 4.1
• Nessus
• Other Vulnerability Assessment Software
1. Validate the System
– Eliminate any incorrect assumptions
2. Document Running Services
– Evaluate possible network entry point into each
device
– Check for glaring security holes (Open webserver,
mail server, etc.)
3. Document Well-Known Vulnerabilities
– Check for popular exploit opportunities (Windows,
Adobe Reader, Flash)
4. Document Implementation Specific Vulnerabilities
– Vulnerabilities specific lab equipment and software
5. Attack Implementation
– Implement Attack
– Document Attack Procedure
6. Produce Report
– Existing Vulnerabilities
– Possible Impact
– Possible Countermeasures
• Delphin-Informatika IEC 61850 Simulator
– Software Solution for use a virtual relay
– Design for use with SICAM PAS and SIPROTEC Relays
– Trial license; limited functionality; expensive
– End result: chose to use another software solution
• Siemens Spectrum Power TG DTS
– Dispatcher Training Simulator
– Desired to have DTS read real time data points and update power flow
solution in real time
– Siemens support period expired, bad/no documentation
– End Result: Chose to use DIgSILENT PowerFactory instead
• Virtualization
• Need to finish implementing the virtual relay
simulator and connect it to system.
• Work on implementing multiple virtual substations
into system
• Create easy deployments for substations
• Power Flow Simulation
• Configure DigSilent to integrate with testbed
• Test out real world scenarios
• Cyber Attacks
• Implement attacks against vulnerabilities
• Document findings