Home Industry Solutions Products Support Center Design Services Contact Us

The Back Door Attack ▲Top

Front door attacks, through the Internet, have been widely publicized. Yet attacks on the (non-routable) back door are far easier to execute than most realize. Tools used for this type of attack are not only available, many are identical to the tools that would be used in the front door attack.

Serial SCADA systems are isolated, out in the open, and unprotected, making them prone to vulnerabilities that can be exploited easily by a “back door” attack. With no security, the system is unable to distinguish between a real and spoofed control signal, allowing the attacker to seize control.

Industry Solutions

Serial SCADA Systems Are Vulnerable to Attacks

The devices, protocols, and communication media in use by serial SCADA systems do not adequately prevent attacks against remote assets. Common misconceptions are (1) isolation makes these systems secure and unlikely to be compromised and (2) attacks on these systems are made difficult because attackers lack specialized knowledge. In reality, physical isolation does not ensure network security and attackers need only understand a small segment of the system to cause disruption. And the risk is significant, in the legacy environment where there are anywhere from hundreds to tens of thousands of datapoints, a structured attack along multiple points can cause widespread infrastructure disruption.

Vulnerabilities that must be guarded against exploitation:

Protocols (serial DNP3 or Modbus)

Security is non-existent - no authentication, no encryption
Specifications released in the public domain
Susceptible to spoofing, which permits attacker to seize control of the master/slave device to send fake messages, e.g., “power off”

Communication media (dial-up, radio, leased)

Unsecured, dial-up lines represent a substantial exposure to attack
Attacker uses war dialing tools to find equipment accessible via phone lines
Remote access through maintenance ports can be dangerous access points

Vulnerability analysis teams have repeatedly demonstrated exploitable vulnerabilities in SCADA systems. Many of these vulnerabilities now form a part of public domain knowledge.

High Value Target for Attackers

Critical infrastructures are reliant on control systems for continuous operation. The impact of an attack on these systems for power plants, water treatment facilities, chemical factories, and other vital infrastructure could be devastating, causing financial loss, reputation loss, equipment and environmental damage, and even loss of human lives.

Step 2: Encrypted & Clear

The second step is to install remote EncryptorPaks and activate encryption links while remainder links operate in the clear.

Wired Solution ▲Top

EncryptorPak L secures Ethernet-to-serial and serial-to-serial communications between RTU and Master (serial or Ethernet interface) in point-to-point or multi-drop configurations.

MORE ►

Wireless Solution ▲Top

EncryptorPak Z secures “over-the -air” communications between RTU (serial) and Master (serial or Ethernet interface).

MORE ►

Step 3: All Encrypted

The third step is to operate encryption on all links. As many as 65,535 secure tunnels simultaneously.

Each tunnel has its own Encryption Key and Authentication Key.

Oil Refining

Petro-Chemical

Electric Power Substations

Water & Water Treatment

Chemical Processing

Manufacturing

Key Industries

The first step in solving a
security problem is
to understand it

Presented at the Industrial Control Systems Joint Working Group (ICSJWG) Fall 2011:

IEEE 1711-2010 Security for
Legacy SCADA Protocols

Download PDF

Legacy Retrofit Issues

Secure SCADA Migration in 3 Easy Steps

Substation Security - An Example

The Back Door Attack

Legacy Retrofit Issues ▲Top

The “retrofit” is actually a proactive and preventative approach to improving the security posture of the legacy network. It is the alternative to tearing down the existing network and replacing it with a new one. The EncryptorPak family conforms to the IEEE 1711-2010, the new SCADA-specific standard. It delivers the strongest security for serial links and addresses all legacy retrofit issues (see below).

The importance of critical infrastructures and the need to protect them

Substation Security - An Example ▲Top

The EncryptorPak L adds security to legacy equipment (breakers/relays, meters, IEDs...) and extends the ESP boundary (NERC CIP).

Security for Serial DNP3 or Modbus ▲Top

The EncryptorPak Series is an easy-to-use and cost-effective solution for protecting last mile assets in the industrial control network, such as serial RTUs, PLCs and other field equipment, which are vulnerable to infiltration and sabotage.

Step 1: All Clear

The first step of the migration is to install the EncryptorPak at the Control Center and have it pass-through all messages in the clear.

Migration to a Secure SCADA System in Three Easy Steps ▲Top

With the EncryptorPak, legacy serial links can be easily retrofitted with security - without disruption or change to the existing equipment. Moreover, migration can be phased-in by securing one link at a time as shown in the steps below.