Supervisory Control and Data Acquisition (SCADA) solutions are increasingly standardized, and the number of connections between SCADA systems and office networks are more common today. These changes have pushed power producers and distributors to focus on their SCADA system security.
Assessments of SCADA systems should consider both physical and logical borders between the corporate enterprise and the SCADA network, and any other border or perimeter end points that are IP addressable. Sword & Shield performs a logical and physical security assessment of the borders and/or perimeters surrounding the SCADA system.
Sword & Shield SCADA Assessment Scope and Tasking
- Interview – Sword & Shield interviews key managers in the organization to understand which information and systems are critical and sensitive. The interview is also an opportunity for management to identify any areas of concern to emphasize in the assessment.
- Administrative Security Controls Analysis – Sword & Shield analyzes the client’s written security policies and procedures along with the current state of compliance. Additionally, we analyze security audit results, operations, and service flows related to network services, network and security management (e.g. change management, user administration), and the incident response team and plans. Sword & Shield identifies whether key areas—such as, the ability to legally monitor the system—are covered by appropriate policies.
- Technical Security Controls Analysis – Sword & Shield analyzes the current network architecture, interfaces, critical components and services for security weaknesses. This includes examining the service design, placement of security devices, service arrangements with vendors, and technology vulnerabilities to determine whether they conform to industry best practices. We review the configuration of infrastructure systems, the network operating system and all security systems. In addition to analyzing the current network, Sword & Shield reviews any future directions the client can describe.
Our Methodology for SCADA Security Testing
Sword & Shield has experience with testing critical infrastructure control networks. We perform testing in a slow and careful manner that leverages the redundancy in the system. While our scanning is broad-based, we do not run a scan on the entire SCADA subnet all at once, as this could cause SCADA outages. Instead, we run numerous scans on selected targets to maintain system availability. The Sword & Shield SCADA Assessment includes reconnaissance, broad-based scanning, and secondary testing.
Reconnaissance “footprinting” is used to identify what is on the network and determine what an outsider or insider could learn about the SCADA system using:
- company information, websites, FTP sites and public servers,
- Internet resources such as Sam Spade, Netcraft, ARIN, and Network Solutions, and
- resource kit and command line tools such as NBTscan, reg, and UsrToGrp.
Broad-based scanning uses a variety of tools to identify well known vulnerabilities across most systems that use more than 1,000 tests, including multiple port scans, a wide variety of information gathering utilities, and tests for common vulnerabilities.
Secondary testing and targeted scanning on SCADA servers, EMS servers, HMI, web servers, databases, and other systems are performed using specialized scanning tools when available.
Questions Our Report Answers
- Is my SCADA system sufficiently protected from hackers who may have breached the external perimeter?
- Is my SCADA system sufficiently protected from unauthorized internal users?
- Can un-patched systems be exploited to gain unauthorized access to critical infrastructure?
- How do I prioritize the vulnerabilities found, create a plan for improvement and get budget approval?
SCADA Assessment results and analysis are presented in a comprehensive report. The report details the vulnerabilities present in the network, network devices and specific systems. The impact of vulnerability exploitation is discussed and may be used as input for further risk analyses. In addition to describing the current security posture, we provide recommendations for safeguarding SCADA systems including tools, policies, procedures and information sources.
Real Success Story
During the course of an internal SCADA assessment for a power producer, Sword & Shield analysts gained access to the SCADA network. An internal firewall managed by corporate IT was installed between the corporate network and the SCADA network, but the firewall had been disabled, providing an open door to the critical infrastructure.
Based on Sword & Shield’s findings, the power producer activated and properly configured the firewall to provide adequate protection as a secondary layer of defense.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885