Security in process control systems

• Main Author: Szostak, Rafal
• Format: Others
• Language: English
• Published: Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk 2009
• Subjects: ntnudaim; SIE7 kommunikasjonsteknologi; Telematikk
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-9903

PCS are used to control parts of the critical infrastructure of society, such as electric utilities, petroleum , water, waste, chemicals and pharmaceuticals amongst others. If the PCS become victims of cyber attacks, this can have severe consequences. The consequences may involve health and safety of human lives as well as having a huge impact on national and global economy. Since the merging of COTS and PCS, the previously isolated PCS now face new types of threats due to well-known flaws in COTS, as well as being connected to the Internet. Therefore the focus on securing PCS and ICS in general should get increased attention. In this thesis the laboratory system used was a scaled down PCS that could be tested on without any serious consequences. The laboratory system was delivered by Kongsberg Maritime. The OS is the first unit an attacker from the outside has contact with and it is used for controlling the other components of the system, therefore the OS is the main source of attention in this thesis. A scan was made on the OS to map the vulnerabilities of the OS. The scan was used as a basis for the attacks. Attacks were divided into attacks from the outside (Internet) and attacks from the inside. Under the circumstances of the testing on the laboratory PCS, many of the attacks tried were successful. A shell was planted in the OS, so an attacker could control it remotely, DoS attack flooded the OS and forced it to halt for a few seconds, VNC password was found enabling remote view and control of the OS, replay of packets was successful on the inside of the system making a man in the middle scenario possible. Despite the fact that the laboratory system may not have all the security mechanisms implemented, as the PCS systems in the industry does, the fact that the attacks on the laboratory system are possible may seem a bit disturbing. To prevent from the types of attacks described in this thesis steps has to be taken. Some of the prevention steps can be to regularly patch the system, use firewall filtering, monitor nodes in case of DoS, IDS monitoring and guidelines on system use.