IMPLICATION OF DBSY ON SCADA NETWORKS
RESEARCH ADVISORS: DR. PAVOL ZAVARSKY
SHIREESHA KATAM {skatam@student.concordia.ab.ca}- ID: 130526 DECEMBER 03, 2014
1 Research Statement
This research proposal is focused on modelling of SCADA networks by implementing the DBSy modelling method, and risk assessment.
2 Problem Statement
SCADA and ICS are the Critical Infrastructures, Which Operates a number of significant resources including fuel, energy, water, airports, and biotech and run many day-day utilities and services requirements [1]. This systems are also used in the production of goods and services which may consist of the manufacturing, managing, controlling monitoring. So the enterprises need a real time updates to allow a better
…show more content…
• Suggest an appropriate controls to manage the risks
4 Resources
The following main documents will be the resources to conduct the proposed research.
Below are the key terms with their abbreviations that will be used in this proposal.
Terms Abbreviation
SCADA Supervisory control and data acquisition
NEC Network enabled capability
DBSy Domain based Security
IS1 HMG InfoSec Standard
HMI Human machine interface
5 Connection with course
Risk Management is a main aspect of information security as it acts as both the bedrock and umbrella to any proposed security control. This research is directly related to all of the three MISSM courses Disaster Recovery, Risk Management and Security Policies & Procedures. The research paper can give the best practices to be followed by any enterprise application architecture related organization towards implementing the best security practices.
6 Literature Review
6.1 SCADA Overview
Supervisory Control and Data acquisition systems are abbreviated as SCADA systems which plays a vital role national critical infrastructures like oil and gas, water, Power distribution, waste management, transportation systems. Cardenas, Amin, Huang, Lin & Sastry 2011 mentioned that these systems are used in the weapon systems, transportation management and even in health –care devises.
AS a result, there is accumulative interest in the forensics and security research community on SCADA systems. It is because of the governments
The Project is the first stage of the MCS project which is an organisation wide upgrade of monitoring and control systems and consists of a whole portfolio of projects.
This report provides a summary of NIST Framework and its process based on the documents SP 800-30, SP 800-37 and SP 800-39. The national agencies in United States of America and also a lot of companies are relying on the framework in order to improve their infrastructure security settings. Cybersecurity threats can exploit their systems and cybersecurity risks can affect the company’s bottom line. It can drive up costs and impact revenue but it can also affect their ability to innovate, gain and maintain customers. The framework was created through the collaboration between several governmental agencies and the private sector and it has been made as simple as possible using common language to address and manage cybersecurity risks in a cost-effective way.
This project identifies a two possible issues that can happen during the system operations like hacking or data loss due to improper security provided to the company branches and there is no proper infrastructure of the firewall for the network structure. The aircraft security policy result in failure due to their two year reset program.
CE 1.3.3 I studied plant system architecture and the interfaces with the distributed control system (DCS) and emergency control system (ESD) of Honeywell,as this was key aspect for interface. Since the data like signal values, alarms, trips etc. from MCMS was serially interfaced by either Modbus or OPC(OLE for Process Control) to DCS .The trip signals from MCMS system was hardwired signals to ESD, since these are very critical signals for machine shut down.
challenge is to improve the access controls to the SCADA networks. A solution will make it harder for an attacker to
This starts with five crucial risk management practices: protection, detection, prevention, reaction and documentation. Along with the risk management practices, the company should also implement good physical security measures. They include firewalls, user authentications- like strong passwords and user names, software protections like security suites, backups, Intrusion detection and automated constant system integrity
Introduction: - for my research project, I would like to explore about the cyber security measures. Cybersecurity covers the fundamental concepts underlying the construction of secure systems from the hardware to the software to the human computer interface, with the use of cryptography to secure interactions. These concepts are easily augmented with hands-on exercises involving relevant tools and techniques. We have different types of computer related crimes, cybercrimes, computer related offenses, federal approaches defenses. The information resources management has the technical matters for which IT are widely known. Cyber resources and cyber power as well as cyber security. We have spent a lot of time talking about many different high level critical infrastructure protection concepts we have general rule stayed away from cyber security explaining the ins and out of how the NIPP and NRF work together to ensure that we can live our daily live in relative comfort.
I personal agree with 100% confidence that there is no one security technology, product, or even security tactic that by itself can be used to protect an industrial control system adequately against all security threats. The reason I say this is three fold. First off, industrial control systems are high target systems for nation state actors and political activist who have and spend large sums of money to create specialized cyber-attacks, malware, and viruses to gain access to and control of industrial control systems. This means that these cyber criminals are continually developing new advanced
Abstract— In business, disasters can happen anytime if information security is compromised at some point. In most of the disaster caused by humans, small incidents happened before can be prevented with some careful planning. Proper incident response should be integral part of overall security policy and risk mitigation strategy. This paper provides steps forming and operating Incident Response Plan.
Critical infrastructure vulnerability is the in-depth analysis of the degree of loss of a given item of the list of foundations at a risk resulting from a given threat at a certain level of severity. In this case, the support includes objects such as public service water systems, transportation, telecommunication, and energy supply. The analysis in this paper shows how the major infrastructural systems are connected to come up with an extensive system free of vulnerability. To achieve that objective, the writer will see the details of acceptable CIP management models to explain the importance of interconnectivity then provide specific examples for demonstration.
This is achieved through the assessment of the business, operations, staff, assets, risks, legislations, standards and policies.
Though there are many ways to make the power grid more secure, the improvements suggested: resources, best practices, and standards, will improve the current problem of cyber attacks.
SCADA Systems is considered a vital aspect of Critical Infrastructures, which is tied to all other Critical Infrastructures. In the modern age where automation is emerging as a normal part of daily function, the need for a system to monitor and control these automated processes is required. While automation yields an overabundance of benefits such as reduced operating costs and efficiency, it is not without flaws. SCADA Systems are like any other program in the sense that it is vulnerable to attacks. As the automation continues to evolve, security threats will parallel the growth and demands innovative protection methods. This paper will provide an overview of SCADA Systems functions, vulnerabilities, and protection suggestions.
Table 2 identifies the controls applicable to Sentara IT System. The security controls are illustrated using various colour codes and identified by the following convention:
Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.