Nuclear Industry Control Security | SCADA Security

The recent introduction of information technologies such as Windows®, Ethernet® and TCP/IP in nuclear industry control devices has resulted in significantly less isolation from the outside world. Both anecdotal evidence [1] [2] and research [3] indicates that SCADA protocols, particularly those running over top of transport protocols such as TCP/IP, have vulnerabilities that could be exploited by network hackers or terrorists to cause considerable disruption to our critical infrastructures. Little is known about these vulnerabilities and there are limited security tools or methodologies available for vendors or users to detect these flaws prior to equipment deployment.

As highly integrated control systems are relatively new, there is shockingly little data, good or bad, on network security for these industrial devices. The current methodologies for security testing focus on business systems and their dependence on common operating system such as Windows and UNIX. Similarly, vulnerability reporting such as CERT or BugTraq primarily addresses IT products and rarely includes issues with industrial control products. In order to determine the security robustness of integrated control systems new testing methodologies are required.

This paper describes a new test framework which enables the economical creation of security suites targeted at testing the dominant SCADA application layer protocols.

To demonstrate the effectiveness of the framework we employed it to generate a test suite for the MODBUS/TCP protocol. We then exercised the resulting test suite against the MODBUS/TCP implementations on two representative SCADA devices. The results were unsettling.

II. ORGANIZATION OF THIS PAPER

This paper is designed to introduce and support the need for new and efficient tools to test the network security robustness of industrial control devices. We begin by briefly presenting some background information on protocol testing and the tools which are available. We then introduce blackPeer, an innovative testing framework for communication protocols. We then discuss the employment of blackPeer in conformance testing MODBUS/TCP implementations. We conclude with a summary of the MODBUS/TCP implementation errors found by blackPeer in two representative SCADA devices and some observations on how the SCADA community can better ensure the security of its control systems.