Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...

More documents

Recommendations

Info

Figure 3: Sample Nessus Vulnerability List It is difficult to predict what software will be used to implement the attacks, as the appropriate software will vary depending on the type of vulnerability. Most, if not all tools will be free and open source, though we will not exclude commercial software if it will prove useful. An excellent compilation of common security tools is the Linux distribution called Backtrack 4, which is available for free from its website. Testing approach considerations Virtualization Testing How and where will testing be performed? Testing will be performed in the SCADA lab. We will need to verify the virtual server is running and communications are working. Exactly what will be tested? Communications between virtual RTUs and virtual relays Communications between virtual RTUs and physical command center How will testing accuracy be determined? We will check the RTU operations screen and if it shows that both virtual relay and command center are connected than it is working correctly What information will be recorded on the forms that will be used to record test results? We will record what virtual RTUs and virtual relays are not working and record any errors associated with them. SDMAY11-11 13
Who will be doing testing and how will it be verified? Most likely James Parrott will complete tests. Graduate students will also help in the testing. Power System Simulation and Integration Testing How and where will testing be performed? Testing will be performed in our SCADA lab. We will need to verify that our SCADA testbed is interacting with and controlling our power flow software. Exactly what will be tested? We will need to test each component on our power flow simulation that is linked to our OPC server and controlled by our SCADA system. These components will mainly be relays. How will testing accuracy be determined? Our testing will be very objective, since the components that we are testing—virtualized relays—only exist in two states: on and off. Our operator will be sitting at our control terminal, and he will toggle the status of a relay. If the change is reflected on our PowerFactory display, and the power flow solution is adjusted accordingly, we know that the tested component is functional. What information will be recorded on the forms that will be used to record test results? Date/Time, name of component tested, location on OPC server, test failed/successful, comments Who will be doing testing and how will it be verified? Most likely Tony Gedwillo will be performing these tests. Our cooperating grad students will help to verify these results by attempting to operate the system. Cyber Security Testing How and where will testing be performed? o In the lab, on the physical substations. Exactly what will be tested? o We will test the overall security configuration of the system and attempt to implement any promising vulnerabilities that are discovered. How will testing accuracy be determined? SDMAY11-11 14
Page 1 and 2: 12/6/2010 SDMAY11-11 CYBER SECURITY
Page 3 and 4: Virtualization: ...................
Page 5 and 6: Executive Summary Supervisory Contr
Page 7 and 8: Operating Environment The operating
Page 9 and 10: o We want to integration between th
Page 11 and 12: Software Selection for a Virtual Hy
Page 13: Is limited by the plugins that have
Page 17 and 18: Figure 4: System Diagram Power Flow
Page 19 and 20: Figure 6: Using Spectrum Power TG t
Page 21 and 22: Validate the System The initial ste

Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?