Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...

More documents

Recommendations

Info

Power System Simulation and Integration Approach Software Options o Siemens Spectrum Power TG DTS (Dispatcher Training Simulation) Advantages Software already installed in our lab Software designed to interact with the our system Disadvantages Poor documentation Hard to set up Technical support period had expired o DIgSILENT PowerFactory Advantages Has OPC communication capabilities Easy to use Extensive documentation Many people in ECpE department use this software Disadvantages Requires advanced license Software Selection We chose to use DIgSILENT PowerFactory for our power system simulation. It was becoming apparent that we required technical support from Siemens if we were going to use Spectrum Power TG DTS. The manuals were not helpful, and they did not contain the information we needed. This support costs around $20,000 per year—a price clearly out of our budget. We found that there was a graduate student here at ISU doing something very similar to our project. He was using an OPC server to control breakers in DIgSILENT PowerFactory. Since this was exactly what we wanted to do, and we knew it could be implemented, we decided to go with that. The use of PowerFactory’s OPC capabilities requires an advanced license that costs around $2,000. Since this was way less than the Siemens support cost, that was only going to last a year anyway, we decided it would be better to obtain a license that the whole department could use. Cyber Attack/Security Approach Software Options o Nessus Security Scanner Advantages Remote Vulnerability Scanning Combined the “Document Running Services” and”Document wellknown software vulnerabilities” phases into one scan Free License available Disadvantages SDMAY11-11 11
Is limited by the plugins that have been created o Various Open Source Tools Advantages Usually free Disadvantages Not necessarily well documented or supported Software Selection The first piece of software used in performing the vulnerability assessment will be Nessus Security Scanner from Tenable Security. Nessus remotely scans computers for vulnerabilities, both client-side and server side, through tests that are specified via the software’s plugin architecture. Nessus generates a report for each computer which contains a list of any vulnerabilities it discovered during the scan, each categorized by port number and severity level, as well as reports generated by the test plugin itself. These reports can be viewed directly on the Nessus Server via a web interface, or exported as an HTML file. Figure 2: Sample Nessus Workstation Report SDMAY11-11 12
Page 1 and 2: 12/6/2010 SDMAY11-11 CYBER SECURITY
Page 3 and 4: Virtualization: ...................
Page 5 and 6: Executive Summary Supervisory Contr
Page 7 and 8: Operating Environment The operating
Page 9 and 10: o We want to integration between th
Page 11: Software Selection for a Virtual Hy
Page 15 and 16: Who will be doing testing and how w
Page 17 and 18: Figure 4: System Diagram Power Flow
Page 19 and 20: Figure 6: Using Spectrum Power TG t
Page 21 and 22: Validate the System The initial ste

Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...

Create successful ePaper yourself

Delete template?

Save as template?