Process Control Systems Workshop, 2008

Wednesday, March 5

5:00

Welcome Reception and Registration

Thursday, March 6

7:30

Registration and Continental Breakfast

8:00

Welcome and Introduction to the PCS Security Workshop
Robert K. Cunningham, MIT Lincoln Laboratory

8:15

Keynote Speaker: Catch Me If You Can: True Stories of Industrial Control Room Break-ins
Jonathan Pollet, Vice President, North American Operations, Industrial Defender, Inc.

Control systems security expert Jonathan Pollet will describe extensive penetration testing of SCADA and DCS systems, with photos and videos. Pollet’s eye-opening work shows how easily one can hack into a control system from the Internet, physically enter the plant, and gain access to the plant’s wireless network from the perimeter. 

8:45

How Much Is Security Worth?
Scott Dynes, Tuck School of Business at Dartmouth College
Shari Lawrence Pfleeger, RAND Corporation

Cyber intrusions and other security breaches that were once mere nuisances are now being replaced by a raft of serious threats, such as extortion and espionage, delivered by professionals. Yet requests from system operators for greater security funding to protect corporate assets against these attacks are often denied for lack of evidence. How can a company invest wisely in cyber security and justify its funding choices? This interactive session examines the business case for increased security and presents case studies of investment strategies.

9:30

The Day Ahead
Robert K. Cunningham, MIT Lincoln Laboratory

9:40

Connecting the Dots: How PCS Vulnerabilities Impact the Business
Jim Watters, MITRE and Rick Kaun, Matrikon

Learn how the RiskMAP tool makes the business case for security by translating between the techno-speak of network risk assessments and the corporate language of business risks. Hear about refinery owners who have deployed RiskMAP and now have a firm understanding not only of their various risks but of how operational tasks and network nodes relate to business objectives. Hear about the forthcoming Matrikon product that will enable owner-operators to take advantage of RiskMAP technology.

10:00

Improving Robustness of PCS Software: How to Discover Vulnerabilities Before Deployment
Michael Zhivich, MIT Lincoln Laboratory

Vulnerabilities in PCS and SCADA applications threaten availability and integrity of control and data acquisition services. This session will discuss I3P advances in securing future PCS applications as well as existing approaches that can be used to improve security and robustness testing. Learn how to reduce the cost of software development and maintenance with DEADBOLT - a state-of-the-art tool suite that facilitates automatic discovery of buffer overflow and resource exhaustion vulnerabilities in PCS applications.

10:20

Break

10:40

Hardening Security for Existing PCS Networks
Ron Pawlowski, Pacific Northwest National Laboratory

This session will present SHARP, an appliance that augments the security provided by commercially available products. Firewalls and intrusion detection systems help protect plant networks if configured correctly, but even these measures remain vulnerable to compromise. SHARP will add another level of security by protecting the processes and resources on a computer, rather than just securing its perimeter. SHARP is designed to easily integrate with existing PCS networks while keeping the costs of deployment low.

11:00

Access Control Policies and their Impact on Survivability
David Nicol, Bill Sanders and Mouna Seri, University of Illinois at Urbana-Champaign

Firewalls are an essential tool for network security. They restrict potentially dangerous network traffic while still allowing access to selected services. Yet because firewalls control network access using lists of complex rules errors are common. In this session, we will discuss suitable access control policies and demonstrate an analysis tool, the Access Policy Tool (APT). APT checks the correctness of firewall rule sets against the desired policy, assuring that the policy implementation meets the requirements. In addition, APT allows an operator who is considering small changes in the rules to evaluate their potential impact on compliance through “what if” scenarios.

11:20

Monitoring Tools for Process Control Networks
Mauricio Papa, University of Tulsa

The interconnectivity observed in process control networks today, accentuated by the use of TCP/IP, exposes them to serious attacks. This session focuses on a distributed monitoring architecture (SecSS) for the Modbus protocol capable of protecting against such attacks. The architecture offers advantages over commercial solutions that either operate at a higher level or use minor variants of tools used in IT networks. SecSS was designed to be scalable, distributable and have minimal impact on network bandwidth.

11:40

A Concept of Operations to Ensure System-Level Survivability and Recovery
Benjamin Cook, Sandia National Laboratory

Most facilities are not well prepared to respond to a cyber disruption. Effective response requires a systems approach that integrates threat information, understanding of operationally critical functions and platforms, and knowledge of the operational consequences of disruptions. This session covers what you can do today to help make your operations more resilient to a cyber disruption. We will also describe ongoing work to develop ROBUST, a novel analysis engine that generates validated and customized responses to cyber incidents.

12:00

Lunch

1:00

Panel: Critical Challenges Facing PCS Security
Moderator: Zachary Tudor, Program Director, SRI International
Panelists: Thomas Culling, Technology Lead, Process Automation Systems Digital Security, Chevron Energy Technology Company
David Moore, Technical Specialist, Shell Pipeline Co. LP
Blake Larsen, Director of Information Technology, Western Refining
Eric Cosman, Engineering Solutions Architect, The Dow Chemical Company 

In this session I3P red teamers present a realistic cyber attack scenario. Following the scenario presentation, the panel of industry experts will address the following issues:

• Preventive technologies and procedures that might have thwarted this attack.
• Strategies to ensure business continuity.
• Technological gaps in PCS survivability.
• Future actions - technological, behavioral and policy-based – that are needed to safeguard PCS.

2:00

Setting the Stage for Interactive Demos
Ray Parks, Sandia National Laboratory

2:20

Break

2:40

Technology Demonstrations – Shenandoah Room

See the following security tool prototypes in action:
Matrikon’s enhanced Network Security Manager product line based on RiskMAP technology to link PCS risks to business risks.

The DEADBOLT adaptive-testing tool suite. The demonstration will feature typical developer workflow and showcase DEADBOLT's capabilities and integration into Eclipse, an open source development environment favored by embedded OS vendors such as QNX and Wind River.

The Security-Hardened Attack Resistant Platform (SHARP) tool. SHARP protects a mockup of a process control system. First see how the mockup can be attacked using cyber methods while it is not protected by SHARP. Then see how the inclusion of SHARP protects against these attacks.

The Access Policy Tool (APT) for finding errors in security policies. Step through various visual components of APT: network visualization, inspection of policy rules and global access polices, and reporting of access paths that violate the policy. See how small errors in rules can cause large deviations from policy; find the rules that contribute most to non-compliance, and experiment with changes that fix the problems.

The Security Services Suite (SecSS) situational awareness tool for PCS networks. Experience SecSS running in a virtual environment specifically designed to test scalability and impact in large networks. See the main components of the architecture and the output produced by remote sensors monitoring the PCS network.

The Resilient Operations Back-Up SwiTch (ROBUST) tool for survivability and recovery. Review the design and future evaluation plans for ROBUST, a tool that provides guidance on the architectural and operational changes needed to make sure your facility survives a cyber incident. Meet the Sandia development team and provide feedback on the features and functionality you would like to see in ROBUST.

4:20

Break

4:30

Discussion and Concluding Remarks
Robert K. Cunningham, MIT Lincoln Laboratory

5:00

Adjourn