In this project, physical simulation models are designed to allow the testing of possible cyber vulnerabilities and potential solutions for securing Modbus DNP-3 based Remote Terminal Units (RTUs) used in large military and commercial complexes.

Advanced mitigation solution developed included:

• Firewalls capable of deep packet inspection of Modbus/TCP traffic for both compliance to specification and for specific function code and memory address ranges
• VPN encryption tools with true drag and drop configuration capability

Completed the development of the ISASecure Certification Program for Embedded Controllers focusing on the Functional Security dimensions of the certification.

Completed the development of an audit program for supplier software engineering practices which evaluates the extent to which suppliers include design-for-security in their software engineering practices.

Developed a certification report template and sample report

DNP3 Security Vulnerability Analysis project was funded under Cisco’s Research Grants program to analyze this important SCADA protocol to determine the potential vulnerabilities.

• Analysis of the DNP3 specifications to uncover possible risks inherent in the protocol.
• Deconstruction of the protocol to allow the development of a vulnerability checker designed to test SCADA products deploying DNP3.
• Based on the results of this analysis, recommendations were developed for improving the security of the protocol, the SCADA devices using it and the deployment of DNP3 SCADA systems.

• The first stage of the SCADA Firewall Effectiveness Investigation assessed the effectiveness of common IT firewalls deployed in SCADA and process control environments. The project commenced with a survey of end-users and vendors to determine current best practices for firewall deployment in these settings. The resulting configurations were then analyzed for effectiveness against typical CIP threats,
• The second stage of the study included lab testing the effectiveness of current firewall technology in mitigating known SCADA vulnerabilities and identifying the limitations of these systems.

• Analysis of the MODBUS specifications to uncover possible risks inherent in the protocol using attack tree models
• Deconstruction of the protocol to allow the development of a vulnerability checker designed to test SCADA products deploying MODBUS.
• Detailed testing of representative SCADA products.
• Based on the results of this analysis, recommendations were developed for improving the security of the protocol, the SCADA devices using it and the deployment of MODBUS SCADA systems.

 
• Conducted Cyber Vulnerability Risk Assessment (CVA) of the electric utility SCADA system and made computer network security recommendations regarding compliance of NERC CIP-002 through CIP-009 and other regulations and standards
 
• Conducted workshop with District staff to present and collaborate on the following
  • Cyber Vulnerability Assessment (CVA) and compliance of NERC CIP-005 & CIP-007. 
   
  • Overview of NERC’s CIP standards 2 through 9 compliance
   
  • Applying standards such as ISA 99 and NERC CIP-002…009
   
  • Best practices in security policy, security education programs, layering of firewall defenses and the hardening of endpoint devices through patch management, antivirus deployment, and micro-firewalls within the control network, resulting in compliance

• Performed Achilles Level 1 testing of clients integrated DCS and Safety System with and without external firewall
• Issued test report with recommendations

To create a report defining good security practices for the use of the OLE for Process Control (OPC) industrial communications standards in industrial settings. This includes the widely used Data Access (DA), Alarms and Events (A&E), and Historical Data Access (HDA) portions of the OPC standards.

• The project methodology consisted of literature search and document reviews, an internationally conducted survey of end-users on OPC practices and lab testing of the DCOM/RPC protocol in a simulated industrial setting.
• The final report provides detailed guidance on the secure use of this common protocol in critical industrial control environments.

This project developed and then deployed a non-intrusive audit methodology for determining the detailed status of all assets connected to process control networks in multiple company locations.

• The audit project started with the development of a set of non-intrusive security audit instruments and procedures tailored to process control facilities in the petroleum industry (in particular Honeywell based systems).
• Once these methodologies were completed, the project moved into the audit phase and four team members traveled to the client sites to conduct structured interviews with process control management and staff
• Next the team conducted a detailed device audit, investigating all networked devices in the process areas at these sites.
• On return from the sites, the audit team commenced the reduction and analysis of the collected device and interview data to produce a comprehensive risk analysis. 
• An audit report was produce outlining the areas of both compliance and concern. In addition, a consolidated asset database was created for the company’s long term security management.

Performed a cyber security review of process control systems and corporate practices at the company refineries. This was then used to develop a detailed plan for process control security program.

• An initial review of process control architectures and policies using client supplied diagrams and documentation.
• Onsite inspections of key facilities to view and assess actual security status of each control network.
• A report reviewing the security policies and architectures used to protect Honeywell systems from cyber attack, providing recommendations for possible security improvements.

Development of a framework and methodology which can be used to estimate the risk associated with cyber attacks on SCADA/Control Systems and the risk reduction when mitigating factors are employed. Primary emphasis is on the development of quantitative parameters and tools to support the risk analysis methodology. Includes the development of a defensible process to estimate the probability of deliberate attacks coming through specific nodes of an attack tree. The attack trees will be used to estimate the risk associated with an electronic attack (eA) and/or cyber attack (cyA) on a SCADA/Control System and correlated with actual reported events of attacks.

This includes:

• Developing a typical deployment model for a SCADA/Control System.
• Developing meaningful and orthogonal indicators for the capabilities needed to exploit a vulnerability (The ISID database of known system attack events is be a critical asset used to develop these indicators).
• Identifying the threat agents interested in an eA/cyA of a SCADA/Control System.
• Writing meaningful profiles for each threat agent and assigning appropriate levels to each indicator.
• Testing the profiles and indicators by case study.
• Developing meaningful functions for risk mitigation.

This project focused on providing a security analysis of serial gateways used for the inter-connection of 3rd party systems into control systems in the Exxon refineries. The results of this analysis is then used to develop corporate policy for the use and configuration of these systems in Exxon refineries worldwide. This project includes the following stages:

• Development of a threat modeling process for analyzing cyber risk serial to LAN gateways. This must be applicable in case of older legacy systems where detailed information may be limited.
• A review of gateway architectures, policies and configuration requirements using client and vendor supplied diagrams and documentation for three specific serial gateway products.
• Creation of a report providing an assessment of risk involved in the use of these gateways and recommendations for the appropriate deployment in control systems.

 
• Performed Achilles Level 1 testing of the Honeywell Safety Manager in multiple configurations  
 
• Issued Achilles Level 1 Certification and Certification Report

The project focused on the development of a security module generator and toolkit that will provide a rapid means for creating application layer test modules for specific SCADA protocols. Once created, the modules will operate on the Achilles Protocol Vulnerability Test Platform and will allow network security specialists and equipment manufacturers to test critical SCADA network components for both known and undiscovered security flaws at the application layer prior to deployment of the equipment.

• This project extended the Achilles Protocol Vulnerability Test Platform by creating the methodology and a core toolkit to allow testers to inexpensively generate application layer security modules for specific SCADA protocols. Once generated by the toolkit, these modules can then be used for testing SCADA devices using fuzzy and two-cover traffic generation techniques.  As part of this project, modules will be developed for the MODBUS/TCP protocol, with other protocols developed at a later date.  Project phases include:
• Development of module generation toolkit consisting of a structured protocol description language (PDL), a PDL interpreter and case file generator for creating application layer fuzzy, two-cover and corner-case test modules.
• Using the toolkit described above to generate application layer software tools for the vulnerability testing of MODBUS/TCP devices.
• Testing the complete SCADA Protocol Vulnerability Test Platform system against two representative MODBUS/TCP devices.