Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Using cyber vulnerability testing techniques to expose undocumented security vulnerabilities in DCS and SCADA equipment

Conference ·
OSTI ID:22030140
 [1]
  1. PlantData Technologies, Inc., 1201 Louisiana Street, Houston, TX 77002 (United States)
+ Show Author Affiliations

This session starts by providing an overview of typical DCS (Distributed Control Systems) and SCADA (Supervisory Control and Data Acquisition) architectures, and exposes cyber security vulnerabilities that vendors never admit, but are found through a comprehensive cyber testing process. A complete assessment process involves testing all of the layers and components of a SCADA or DCS environment, from the perimeter firewall all the way down to the end devices controlling the process, including what to look for when conducting a vulnerability assessment of real-time control systems. The following systems are discussed: 1. Perimeter (isolation from corporate IT or other non-critical networks) 2. Remote Access (third Party access into SCADA or DCS networks) 3. Network Architecture (switch, router, firewalls, access controls, network design) 4. Network Traffic Analysis (what is running on the network) 5. Host Operating Systems Hardening 6. Applications (how they communicate with other applications and end devices) 7. End Device Testing (PLCs, RTUs, DCS Controllers, Smart Transmitters) a. System Discovery b. Functional Discovery c. Attack Methodology i. DoS Tests (at what point does the device fail) ii. Malformed Packet Tests (packets that can cause equipment failure) iii. Session Hijacking (do anything that the operator can do) iv. Packet Injection (code and inject your own SCADA commands) v. Protocol Exploitation (Protocol Reverse Engineering / Fuzzing) This paper will provide information compiled from over five years of conducting cyber security testing on control systems hardware, software, and systems. (authors)

Research Organization:
American Nuclear Society, 555 North Kensington Avenue, La Grange Park, IL 60526 (United States)
OSTI ID:
22030140
Country of Publication:
United States
Language:
English

Similar Records

Security and SCADA protocols
Conference · Sat Jul 01 00:00:00 EDT 2006 · OSTI ID:22030056
SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013
Technical Report · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1070143
Intrusion Monitoring in Process Control Systems
Conference · Wed Jan 07 23:00:00 EST 2009 · OSTI ID:946141

Related Subjects

22 GENERAL STUDIES OF NUCLEAR REACTORS
42 ENGINEERING
COMPUTER ARCHITECTURE
COMPUTER CODES
COMPUTERS
CONTROL SYSTEMS
DATA ACQUISITION
DESIGN
FAILURES
INFORMATION
SAFETY
SECURITY
SWITCHES
VULNERABILITY