|
Automated Testing of SCADA Protocols
Daneil Hoffman & Nate Kube
Wurldtech Security Inc.:
401 W Georgia Street, Suite 1680
Vancouver BC Canada
V6B 5A1
nkube@wurldtech.com
University of Victoria:
Department of Computer Science,
PO Box 3055 STN CSC,
Victoria, BC, Canada, V8W 3P6,
dhoffman@cs.uvic.ca
Abstract – Testing is an important part of the Quality Assurance (QA) process, and the security portion of QA can detect potential vulnerabilities prior to exploitation. This paper begins by presenting background information on protocol testing and the available tools. We then discuss our experience in developing blackPeer, the testing framework for SCADA1 protocols in Achilles, including lessons learned and key design decisions. The paper includes detail on the employment of blackPeer in vulnerability and conformance testing SCADA devices and the Achilles test methodology. We end with a discussion on common device errors and observations regarding the communication of these errors to the client.
I. INTRODUCTION
The recent introduction of information technologies such as Windows®, Ethernet® and TCP/IP in industrial control devices has resulted in significantly less isolation from the outside world. Both anecdotal evidence [1] [2] and research [3] indicates that SCADA protocols, particularly those running over top of transport protocols such as TCP/IP, have vulnerabilities that could be exploited by network hackers or terrorists to cause considerable disruption to our critical infrastructures. Little is known about these vulnerabilities and there are limited security tools or methodologies available for vendors or users to detect these flaws prior to equipment deployment.
As highly integrated control systems are relatively new, there is shockingly little data, good or bad, on network security for these industrial devices. The current methodologies for security testing focus on business systems and their dependence on common operating system such as Windows and UNIX. Similarly, vulnerability reporting such as CERT or BugTraq primarily addresses IT products and rarely includes issues with industrial control products. In order to determine the security robustness of integrated control systems new testing methodologies are required.
This paper introduces and supports the need for new and efficient tools to test the network security robustness of industrial control devices. We briefly present background information on protocol testing and the tools which are available. We then introduce blackPeer, an innovative testing framework for communication protocols. We discuss its design and its evolution via field experience. We then present our test methodology, and end with a discussion on common device errors and our experiences disseminating this information to the client.
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Next »
1 The term SCADA is used in this document to represent any industrial control system including Distributed Control Systems, Programmable Logic Controllers, Remote Terminal Units and Emergency Shut Down systems.
|
