Last Line of Defence Cyber Security of Industrial Control Sys- Tems

Last Line of Defence Cyber Security of Industrial Control Sys- Tems

Last line of defence Cyber security of industrial control sys- tems M. Luchs Delft University of Technology LASTLINEOFDEFENCE CYBER SECURITY OF INDUSTRIAL CONTROL SYSTEMS by M. Luchs in partial fulfillment of the requirements for the degree of Master of Science in Offshore and Dredging Engineering at the Delft University of Technology, to be defended publicly on Wednesday October 26th, 2016 at 14:00 PM. Supervisor: dr. ir. C. Doerr Thesis committee: Prof. dr. C. van Rhee, TU Delft dr. ir. S. A. Miedema, TU Delft Ir. F.van der Heijden, Heerema Fabrication Group An electronic version of this thesis is available at http://repository.tudelft.nl/. PREFACE Before you lies the thesis "Last line of defence: Cyber security of industrial control systems". This work in- vestigates the state of cyber security within the offshore and dredging industry, the result of which has led to the proposal of a novel intrusion detection system for industrial control systems. It is written to complete the graduation requirements of the MSc program Offshore and Dredging Engineering at the Delft University of Technology. The project has been undertaken in collaboration with Heerema Fabrication Group whom where looking to increase their awareness on cyber security. Investigating the state of cyber security within the offshore and dredging industry has led to the research question, which was formulated together with my supervisor from the TU-Delft, Christian Doerr. The work has proven challenging at times, in part because the subject is fairly unexplored terrain, and also my missing of a background in cyber security and computer networks. Nonethe- less it has provided me with many avenues for growth and learning, especially since both the TU-Delft as HFG provided me the option to freely explore and thus gain insights broader then in one area of focus alone. Ad- ditionally both Mr. Doerr and my advisor from HFG, Mr. van der Heijden, were always available to provide valuable feedback and insight, and were willing to assist me when hitting roadblocks or I lost traction. I would like to thank Frank van der Heijden, my supervisor at Heerema Fabrication Group for the support and many opportunities granted to me while working on-site in Zwijndrecht. Significant gratitude and appreci- ation also go towards Christian Doerr, my supervisor at the TU Delft, for his excellent advice and guidance during this process. For without his counsel this work would not exist in its current shape or form. I also wish to thank all those whom responded to my many questions, or helped me along my path while conducting this work. To other collegues as both HFG and TUD: Thank you for all the pleasant cooperation. Then there are some others whom I want to specifically mention. To my family: Thank you for your believing in me, your love and support has served me well, as always. Charlie Wolters, thank your for a listening ear, your kind words, and loving hugs. You provided a safe harbour whenever I felt lost. As for who helped me re- view my work and provided significant and valuable feedback on my work: Robbie Luchs, Erwin Junge, Nikol Guljelmovi´c, and Sander Dragt. I am thankful and indebted for your efforts! I hope you enjoy your reading. M. Luchs Delft, October 16, 2016 iii ABSTRACT The world is rapidly embracing networked technology and transitioning into one of hyperconnectivity, a term first coined by social scientists Anabel Quan-Haase and Barry Wellman. Increased connectivity provides ben- efits such as automation and, remote access and control of networks and equipment, thereby decreasing op- erational costs. Maritime and offshore companies are increasingly automating their vessels and platforms to reduce the required workers on-board and centralise platform control. With this tight coupling of complex ICT and industrial control systems however comes an increase in risks. These risks are further increased due to the application of security controls. Where in mechanical and struc- tural engineering the focus lies on failure (e.g. safety factors), this is not necessarily the case for ICT related systems, which are often only verified to be working as specified and expected. Unexpected behaviour is not taken into consideration. Thus, while most vessels and platforms depend on automated systems, it seems lit- tle is being done to protect them from cyber incidents and attacks. The impact of security breaches on these systems can be disastrous due to the potential for physical damage to people and planet. This is especially true within the oil and gas industries. For example a fire at the Piper Alpha production platform in the North Sea in 1988, caused by an oil and gas leak, resulted in the loss of 169 lives. While computer viruses or worms might not directly injure people, or destroy equipment, automated control systems can. This work thus focusses on the area where mechanical systems meet automation systems, a field called in- dustrial control systems. An investigation into the current state of cyber security within the dredging industry has been conducted, which was followed by a threat analysis on industrial control systems. These systems operate at the heart of the dredging industry. This has revealed that malicious software can cause physical damage to equipment and injury to people. In an effort to improve the current state and help prevent cyber incidents from occurring the following research question has been formulated: Can adversaries operating on Control System infrastructures be detected by an Intrusion Detection System which is monitoring the physical state? To answers this question a novel intrusion detection system is designed which takes advantage of the physical state of the processes. This new concept deviates from other systems in that they obtain information from the network, as opposed to the physical process, where the data cannot necessarily be trusted. Additionally, when malicious events or cyber incidents occur within or behind the controller (PLC), the control net- work does not necessarily contain the required information de- tailing ongoing attacks. Looking at the physical system then allows for malicious attacks and cyber incidents to be detected by observing anomalous and unexpected be- haviour of the monitored physical process. This enables the detection of advanced malicious threats which would be missed otherwise. The required information on the physical state of the process is obtained on the last line, between the controller and field devices. v CONTENTS 1 Introduction 1 1.1 Focus on industrial control systems................................2 1.2 Aim, Research Questions and Approach..............................2 1.3 Intended Audience........................................3 1.4 Thesis Outline..........................................3 2 Preliminary topics 5 2.1 Understanding the Cyber Security Landscape...........................5 2.1.1 Malicious actors......................................5 2.1.2 Motives driving actors...................................6 2.1.3 Common Attack Methods.................................7 2.1.4 Consequences of security incidents............................8 2.2 Understanding Industrial Control Systems............................9 2.2.1 Control systems...................................... 10 2.2.2 Components........................................ 10 2.2.3 Architecture........................................ 11 2.2.4 Communication Protocols................................. 12 2.2.5 Users............................................ 13 2.2.6 Differences between ICT and ICS systems......................... 13 2.3 Challenges securing Industrial Control Systems.......................... 14 2.3.1 Traditional ICT solutions not always applicable...................... 14 2.3.2 Legacy systems....................................... 14 2.3.3 Patching and updating................................... 15 2.3.4 Control Protocols..................................... 15 2.3.5 Commercial Off The Shelve hardware and software.................... 15 2.3.6 Malware.......................................... 16 3 Cyber security in offshore and dredging 17 3.1 Cyber incidents are on the rise.................................. 18 3.2 Cyber Security Awareness..................................... 19 3.3 Industrial Control Systems.................................... 20 3.4 Cyber security vulnerabilities and incidents............................ 22 3.4.1 Offshore and dredging related............................... 22 3.4.2 Industrial control system related.............................. 24 3.5 Discussion and Recommendations................................ 25 3.5.1 Recommendations..................................... 25 3.5.2 Security initiatives..................................... 26 4 Malicious software 27 4.1 Background............................................ 27 4.2 Documented malware incidents................................. 29 4.2.1 Conficker......................................... 29 4.2.2 Stuxnet........................................... 30 4.3 Impact on industrial control systems............................... 34 4.4 Obtaining malware........................................ 36 4.4.1 Control flow........................................ 37 4.4.2 Exports........................................... 38 4.4.3 Implementation...................................... 39 vii viii CONTENTS 4.5 Malware as a service....................................... 39 4.6 Conclusion............................................ 43 4.6.1 Recommendations....................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    135 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us