ARP SCADA DCS the divergence and cyber security issues

24
SCADA/DCS the divergence and cyber security issues Contents Page 1. Introduction......................................... ...........................................1 2. The Component and Architecture of SCADA/DCS............................. 3 2.1. SCADA................................................ .........................................3 2.2. DCS.................................................. ........................................... 5 3. Next Generation........................................... .......................................6

Transcript of ARP SCADA DCS the divergence and cyber security issues

SCADA/DCS the divergence

and cyber security issues

Contents Page

1.Introduction....................................................................................1

2. The Component and Architecture of

SCADA/DCS............................. 3

2.1.

SCADA................................................

.........................................3

2.2.

DCS..................................................

........................................... 5

3. Next

Generation...........................................

.......................................6

4. Security

Issues...............................................

.....................................8

4.1. Cyber Security

Vulnerability........................................

.................8

4.2 Threats

types................................................

...............................10

5. Discussion.........................................................................................12

6.Conclusion...................................................................................14

References............................................................................................15

1

1. Introduction In the past decades, Industrial Control Systems (ICS) have

influenced effectively on all of the aspects of human life.

What is meant here, such as in the field manufacturing,

construction and etc. Especially in the field of remote

control and distributed control. However, at the first

industries were operating manual as Galloway and Hancke

perspective is that '' Initially, control of manufacturing and

process plants was done mechanically either manually or

through the use of hydraulic controllers'' [1], whereas

working manual takes time and exhausts effort. Control systems

were limited to one area or each machine had own control

system. After the use of distributed systems have become

common, the advent of control loops, the advanced electrical

circuits and multiple means of communication, productivity has

become better, and the industrial process needs less time.

One of the popular control systems was introduced in 1960's

[12], is Supervisory Control And Data Acquisition (SCADA)

system. SCADA used for several goals, including taking into

account the human's safety and security, in order to avert

exposure to injuries in places have a hazardous working

environment such as opening and closing valves or switches.

Also, in order to avoid the cost of manual operation and that

by abandoning workers. However the main goal is to provide a

remote control of plants in large geographic areas. As well

as any system has issues, the largest source of concern in

modern SCADA is the security problems. As a result of the

2

system connection with network such as WLAN, which will be

mentioned after. Whereas, early SCADA has problems were

threatening the physical structure of the SCADA system [2].

The other system which will be introduced in this paper is

DCS (Distributed Control System). Almost at the same time, in

1975 Yokogawa the Japanese electrical engineering, and

Honeywell the American multinational company introduced their

own DCSs. This system is commonly used in small geographic

areas, for example to control an oil refineries, electric

power generation plants. Though both systems, SCADA and DCS

have been one blend as explained by Austin Scott in [3][4].

Also, DCS has the same security issue, making the system

threatened by attacks.

The aim of this paper has therefore been to try and

establish what is the difference between SCADA and DCS. The

paper has been organised in the following way. Firstly, there will

be an explanation of the components and the architecture of

both of the systems separately. Secondly, expectation about

the future of SCADA/DCS in terms of the changes that may will

occur on the entities of the systems, to configure the new

system that is a blend of the two systems which called System-

of-Systems (SoS). Then Will be mentioned some of the weak

points in the systems and the threats types facing them.

Thereafter, a discussion will demonstrates and summarizes the

differences and future predictions according to projections in

one of the research papers. Finally, the conclusion will sum

up what has been deduced and presented.

3

4

2. The Component and Architecture of

SCADA/DCS:

2.1. SCADA

Supervisory Control And Data Acquisition (SCADA) one of the

systems that has changed control and remote monitoring

systems. SCADA has facilitated the process of remote

monitoring and remote control in industry system [2]. As an

example of this, the system can monitor or control several

industrial places from thousands of kilometres. SCADA system

is a program operator at the top of the hierarchy of the

industrial network, and its major role is to collect

information and observation by displaying this information to

the user by human machine interface (HMI). And may go beyond

these permissions by sending operation orders to one of the

industrial elements such as an engine to run or substitute

orders which were fixed previously. The significance about

SCADA system is to observe various control hardware dispersed

in large wide geographic areas.

One of the components in these areas is a remote terminal

unit, (RTU) could be one of the forms of (PLC) Programmable

Logic Controller, that indicated as control hardware. The main

terminal that is connected to the RTUs called Master Terminal

Unit (MTU) also called the Master, it could be at a distance

from RTUs. Furthermore MTU can control more than one RTU. The

method of the SCADA system modelling can be affected by the

restrictions obliged by the role of MTU [1]. Also the

5

connection between MTU and RTUs may be one of the traditional

communication means, such as satellite [4], transfer data

information from RTUs or PLCs to MTU to deal with it or

processed if it needed.

Another important element in SCADA is system Intelligent

Electronic Devices (IED) as described by Stouffer, Falco as

a '' “smart” sensor/actuator '', has a role of aggregating

data from the other equipments that are part of the SCADA

system in the industry field, provides data to the SCADA

server.

As it is shown in Figure 1, there are three levels in SCADA

system linked by a LAN, Field Sites, Wide Area Network level,

and Control Centre. Control Centre has three essential

elements, data presenter is HMI, recorder and information

collector from the Field Sites is Control Centre, which is

answerable for alerts, attitude evaluation and maybe produce

commands depending on the results that received from Field

Sites [4].

Figure 1 [4]

6

Furthermore, the Field Side uninitialized with distant

control equipments which have the ability to identify, mend

problems, then deal with this information by exchange it via

dial up modem or WAN. However MTU to RTU connection differ

according to application on the Field Site which called

communication Architecture, as Stouffer, Falco, Scarfone

clarify ''. The various architectures used, including point-

to-point, series, series-star, and multi-drop '' [4] as shows

in Figure 2.

Figure

2 [4]

The advantages of point-to-point are the simplicity, though

every single channel is expensive. For the series pattern the

number of channels decreased, but the intricacy of SCADA also

increased. On the other hand functioning and performance

7

affected by channel sharing, by making a channel for every

device as in the case of the series-star and multi-drop the

performance rise with the rising of intricacy.

2.2. DCS

The similarity between SCADA and DCS (Distributed Control System) is a similarity in pattern of system functionality,

this function is to monitor the sub-control devices and data

obtaining by applying a set of programs.

Part of these programs and hardware taking a place in a

monitoring control loop, which means playing an essential role

by presenting this information to a centralized HMI and

storing it in a data storing device. These sub-controllers

distributed in the same industrial area, consequently they can

be close range of the controlled equipments.

8

Figure 3[4]

In addition, to give an idea how the production process

works in the industrial location, and to decrease the

shortcoming influence of the whole system, there are a

connection between DCS and data collector. So the DCS includes

all layers or levels from the field layer up to supervisory

layer, there are several examples of this system, such as an

oil refineries, electric power generation plants, water and

wastewater treatment [1] [4].

Figure 3 illustrates the four examples of low-level

controllers, in other words the component of the field level

of DCS system, three of them encompasses a process

controllers, a machine controller, PLC uses Fieldbus networks

9

to link the actuator and sensors with the controller. One

single loop controller included actuators and sensors wired by

point-to-point wiring connected to the controllers. The other

loops connected Fieldbus which characterized by properties,

the quality and considerable practicality, identifying

workflow, the ability of fulfilling control algorithms, and

averting signal back to the PLC [4] .

Furthermore, as Stouffer, Falco, Scarfone demonstrate in

[4], when DCS has a discrete controlled section in the plant,

there is another level in-between the two levels that have

mentioned before, the mediate level has a monitor for every

single section, these sections could be a motor controller, or

even a robot controller.

3. Next Generation SCADA passed through several stages which have evolved in terms of the components and the methods of data transferring

or communications, mainly SCADA has experienced three

generations as shown in Figure 4.

The first generation which RTUs linked to monolithic

systems through WAN at the industry field. In the second

generation in terms of making it more productive than the

first generation, the number of system elements became larger,

and were distributed and connected via LAN to involve the

other component information state, of course by taking

proprietary protocols into consideration. In the third

generation network usage to link the components of the system

10

developed using the Internet, distinguished an open structure

and protocols.

However, Karnouskos and Colombo in [5] predicted that next

generation using the internet means forcing the network to

expand in terms of the protocols. And the levels of developed

components of the system will reach a degree of self-control

by using sophisticated technology without any need to ''

single controlling/management authority '' [5]. Self-control

will occur by sharing the pros of high level developed systems

and merge it in SCADA to be SCADA-SoS (System-of-Systems).

11

Figure 4 [5]

Nevertheless, must be noted that in the recent years SCADA

systems have developed in conjunction with DCSs and these days

they have commonalities. This evolution of both systems is due

to the ongoing communications revolution at this time. And

other factors such as the modern computer programs that do not

stop evolving, the developing industrial PCs, and the

application of up to date models such as Service-oriented

Architecture (SOA) and System-of-Systems (SoS) [6].

Consequently, SCADA and DCSs will be influenced by the

development of the progression of software and hardware, and

going to be apart from an advanced SoS.

Based on future projections how both systems will be,

Karnouskos and Colombo built expectations and made a vision

about the next generation. SCADA/DCS will have to deal with

12

many variations, the merged systems have to face challenges in

the real-time collaborating with inner and outer data to

choose the right resolution [5], also the system will be

information driven as well as the communication through the

web.

Furthermore, the elements will see changes, HMI could be

replaced by displaying information from other devices for

instance mobile appliance. But the existence of the Internet

feature, the information could be reached at any time for

example via in-cloud services and that could be a source of

danger.

Because of high ability of intelligent devices RTU, maybe

tasks will be implanted in them or even in the service

mediator. PLCs probably will be characterised with advanced

logical implementation. The main nerve, which is the

communication linking the system elements via internet that's

available everywhere, makes finding resolution easier by fast

connection [5].

4.0 Security Issues

Nowadays, SCADA and DCS are vital and essential systems to

operate the industrial facilities [7]. Therefore, the cyber

threats and the weakness maybe cause damages to the physical

elements, and changing some control settings. There are many

papers assess the risks and the vulnerabilities, such as [7]

13

[2], and this paper will introduce some of the important

weakness points, and a list of the threats.

4.1. Cyber Security Vulnerability

The weakness of protocols:

Since the beginning of using digital communications in DCS

and SCADA systems, which already applied by means of serial

networks such as telephone lines or other electronic-based

media, and the omnipresent RS-232, RS-422, RS-485 standards.

This makes the RTU vulnerable to attacks by accessing the

control network [2], so before using digital signal which

means using analogue signal still both of the systems isolated

from the outside world communication.

Although the weakness of these protocols, such as low

accuracy and limited channel capacity, there was a unification

between communication standards and communication channels.

These protocols supported a certain number of tasks, data

acquisition, and giving orders to points within a remote

device, with not giving priority to security or ignoring it.

So the given orders dealing with them as a clear text without

security procedures [7].

The open access to SCADA and DCS:

Simultaneously, there was a revolution in the world of

communications with the growing trend of technological

development demands, and to ease the communication between the

main controller and the equipments inside the control systems,

there has been dealing with the modern networks. Since the 14

modern networks have features as the capacity and the speed

data transmission, that gives the possibility of accessing via

many access points, whether using Intranet connecting or phone

line [8] [7].

Figure 6 is shown Intranet connecting.

Figure

6 [9]

With the increasing developing modes of communication has

become more sophisticated, using networks as wireless and

Ethernet. As it is known these networks provide connectivity

for SCADA and DCS to the Internet, which are progressively

slightly isolated, because of the public use of these

communication channels [7], at this point these links could

be exploited by unlicensed people or attackers to access the

network and change some of the commands or operations [10].15

Disadvantage of COTS:

Another principle causes a security shortage, is emerged

because of the vulnerabilities of commercial off-the-shelf

(COTS) software section of SCADA and DCS network [7]. As Igure

points out that the failsafe usage of COTS does not mean that

COTS software will not provide security side of the network

[8]. Which makes another application layers interface access,

via using development SCADA protocols work on Ethernet and

TCP/IP based network. This layers such as web interface makes

it easy to penetrate by attackers [2].

4.2 Threats types

The system may be exposed to several threats, because of theevolved communications that characterised by many features,

such as high download speed and upload. However, there are

risks in using those communications, which provide for example

the internet as a chance for attackers to execute their

attacks. SCADA and DCSs will be subjected to the dangers of

over threats, threats may be internal or external. The

internal, by one of the employees to sabotage the system by

logging into one PCs system. Or could be external by attackers

from outside the system network, such as Bot-network

operators, Criminal groups, Phishers, Spammers,

Spyware/malware authors, or Terrorists, these threats threaten

not just both systems but also any devices connected to the

internet .

16

The table shows an overview of the different types of threats

[4]:

17

18

Threat Agent

Description

Attackers Attackers break into networks for the thrill of the challenge or for bragging rights in the attacker community. While remote cracking once required a fair amount of skillor computer knowledge, attackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, while attack tools have become more sophisticated, they have also become easier to use. Many attackers do not have the requisite expertise to threaten difficulttargets such as critical U.S. networks. Nevertheless, the worldwide population of attackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

Bot-network operators

Bot-network operators are attackers; however,instead of breaking into systems for the challenge or bragging rights, they take over multiple systems to coordinate attacks and todistribute phishing schemes, spam, and malware attacks. The services of compromisedsystems and networks are sometimes made available on underground markets (e.g., Purchasing a denial of service attack or the use of servers to relay spam or phishing attacks).

Criminal groups Criminal groups seek to attack systems for monetary gain. Specifically, organized crimegroups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose athreat to the U.S. through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop attacker talent. Some criminal groups may try to extort money from an organization by threatening a cyber attack

Foreign intelligence services

Foreign intelligence services use cyber toolsas part of their information gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrines, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures

5. Discussion According to Galloway, Hancke in [1], the main divergence between SCADA and DCS, that SCADA systems are event-driven unlike DCSs are process-driven. What is more SCADA system

concentrate on just informing the changes of the situation of

the observed system, instead of conveying information at

consistent pattern along the operation period. Where as DCSs

are process-driven, that means transmit the information at

consistent pattern all the period of the process operation.

Despite that, both systems seem to do identical tasks.

However, they have a considerably different inner tasks. For

instance DCSs present all the data gained from the controller,

instead of keeping records of these data, to reach high

connectivity. Karnouskos and Colombo in [5], sharing them the

concluded result, by saying '' Additionally SCADA systems are

mostly event-driven while DCS systems generally run

sequentially '', also Greeff and Ghoshal agree with them [11].

Overall, it is assumed from SCADA to work untrustworthy with

untrustworthy connections, whereas DCSs accessing straight

away to data source and thus most recent information values.

This table shows the main difference between SCADA and DCS

[1]:

DCS SCADA Process driven Small geographic areas Suited to large,

integrated systems such as chemical processing

Event driven Large geographic areas Suited to multiple

independent systems such as discrete manufacturing

19

and electricity generation

Good data quality and media reliability

Powerful, closed-loop control hardware

and utility distribution Poor data quality and

media reliability Power efficient hardware,

often focussed on binary signal detection

In addition, Greeff and Ghoshal stated other differences in

their book [11]. In terms of cost SCADA hardware is cheaper

than DCS by 200%, however DCS engineering design is cheaper

than SCADA.

The expected aim by Karnouskos and Colombo to obtain a

system with optimum performance get involves in every side of

industrial life, will not be achieved without the cooperating

of human ecosystem, system elements, practicalities. The

essential aims, event-driven monitoring conjugated with

service-oriented structure, optimal management using high

technology self-configuration, self-healing, self-

optimization, and large levels of security [5].

What can be inferred that the system, possibly will be non-

physical, this means that it may exist only on the Internet in

a simulated world, will assume the existence of devices within

this world from the reality.

20

6. Conclusion

A comparison has been presented between SCADA system and DCS

in this paper, to determine the difference between the two

systems in terms of the internal functions. Also, by comparing

them, the advantages and the disadvantages have become

obvious. The results were consistent of several papers such

as in [1] [5], DCS is process Driven in contrast to SCADA is

an event Driven. SCADA is used in large geographic areas while

DCS is used in small geographic areas. Furthermore, the media

reliability, the control power, and data quality of DCS are

better than the SCADA. Also, DCS hardware is more expensive

than SCADA, but the engineering design of SCADA is more

expensive than DCS.

The vulnerability of protocols, and the open access to

SCADA and DCS, make them under the threat of the attackers

which have been mentioned before. Through the communication

channels as a land line, radio waves, or via satellite, which

the systems often use them to send and receive information

ease for the attackers to get access to these systems.

Therefor, it must be found a solution for these threats, which

in this paper did not address the proposed solutions in some

other research papers. Because this paper aimed to establish a

comparison between SCADA and DCS, and address the cons and

pros.

Previously, SCADA and DCA were two separate systems.

Currently, it is difficult to see the difference between the

two systems, the reason both of them have become a blend. This21

may make the systems sharing each one features, which improves

the performance and effectiveness. In other words, Elements of

both systems merged to become a Hybrid Control System (HCS) as

Greeff and Ghoshal explained in [11].

Based on the expectations, the new system will be a best

features such as self-control system, and the information will

be uploaded in a a sophisticated network such as cloud

network. Also, has the ability to overcome the threats of the

attackers and strengthen the cyber security weaknesses. (SoS)

is expected to be the system of the future to achieve these

goals.

References

[1] B. Galloway and G. P. Hancke, "Introduction to Industrial Control Networks," IIE, vol. 15, pp. 860 - 880, Second Quarter 2013.

[2] J. L. Hieb, "Security hardened remote terminal units for SCADAnetworks," Doctor of Philosophy Dissertation Department of Computer Science and Computer Engineering University of Louisville ProQuest LLC 789 E. Eisenhower Parkway PO Box 1346 Ann Arbor, Ml 48106-1346 February 26, 2008.

[3] A. Scott. ( 2012, September 8 2014). Key Differences between DCS and SCADA Systems

Available: http://www.synergistscada.com/dcs-vs-scada-systems/[4] K. Stouffer, J. Falco, and K. Scarfone, "Guide to industrial

control systems (ICS) security," NIST special publication, pp. 800-82,2011.

[5] S. Karnouskos and A. W. Colombo, "Architecting the next generation of service-based SCADA/DCS system of systems," Melbourne, VIC, 2011.

22

[6] S. Simanta, E. Morris, G. A. Lewis, and D. B. Smith, "Engineering lessons for systems of systems learned from service-oriented systems," in Systems Conference, 2010 4th Annual IEEE,2010, pp. 634-639.

[7] P. A. Ralston, J. H. Graham, and J. L. Hieb, "Cyber security risk assessment for SCADA and DCS networks," ISA Trans, vol. 46, pp. 583-94, Oct 2007.

[8] V. M. Igure, S. A. Laughter, and R. D. Williams, "Security issues in SCADA networks," Computers & Security, vol. 25, pp. 498-506, 2006.

[9] Microsoft. ( 2010, September 10 2014). Separating Internet and Intranet Traffic

Available: http://technet.microsoft.com/en-us/library/dd637769(v=ws.10).aspx

[10] T. Brown, "Security in SCADA systems How to handle the growingmenace to process automation," IET, vol. 16, pp. 42- 47, June/July 2005.

[11] G. Greeff and R. Ghoshal, Practical E-manufacturing and supply chain management: Newnes, 2004.

[12] Wikipedia. ''Distributed Control System'', Wikipedia.org. [Online]. Available http://en.wikipedia.org/wiki/Distributed_control_system [Last Modified: 11 August 2014, [07:05].

23