Security Analysis of Industrial Control Systems

(SCADA), have lately gained the attention of IT security researchers as critical components of modern industrial infrastructure. One main reason for this attention is that ICS have not been built with security in mind and are thus particularly vulnerable when they are connected to computer networks and the Internet. ICS consists of SCADA, Programmable Logic Controller (PLC), Human-Machine Interfaces (HMI), sensors, and actuators such as motors. These components are connected to each other over fieldbus or IP-based protocols. In this thesis, we have developed methods and tools for assessing the security of ICSs. By applying the STRIDE threat modeling methodology, we have conducted a high level threat analysis of ICSs. Based on the threat analysis, we created security analysis guidelines for Industrial Control System devices. These guidelines can be applied to many ICS devices and are mostly vendor independent. Moreover, we have integrated support for Modbus/TCP in the Scapy packet manipulation library, which can be used for robustness testing of ICS software. In a case study, we applied our security-assessment methodology to a detailed security analysis of a demonstration ICS, consisting of current products. As a result of the analysis, we discovered several security weaknesses. Most of the discovered vulnerabilities were common IT security problems, such as web-application and software-update issues, but some are specific to ICS. For example, we show how the data visualized by the Human-Machine Interface can be altered and modified without limit. Furthermore, sensor data, such as temperature values, can be spoofed within the PLC. Moreover, we show that input validation is critical for security also in the ICS world. Thus, we disclose several security vulnerabilities in production devices. However, in the interest of responsible disclosure of security flaws, the most severe security flaws found are not detailed in the thesis. Our analysis guidelines and the case study provide a basis for conducting vulnerability assessment on further ICS devices and entire systems. In addition, we briefly describe existing solutions for securing ICSs. Acknowledgements I would like to thank Nixu Oy and the colleagues (especially Lauri Vuornos, Juhani Mäkelä and Michael Przybilski) for making it possible to conduct my thesis on Industrial Control Systems. The industrial environment enabled us to take advantage of the research and to apply it to practical projects. Moreover, without the help and involvement of Schneider Electric such an applied analysis would not have been possible. Furthermore, I would like to thank Tuomas …