1: General Context
Industrial control systems which are also known as ICS are generally used for controlling the various Industrial processes. These systems include many complex connections and the architecture for running the production in the Industry. These generally include Programmable Logic Controllers (PLC), Supervisory Control and Data Acquisition (SCADA) along with distributed control systems known as (DCS). The best standards and practices have been deployed by many organisations for the security of these devices.
2: System Selection
Siemens Simatic S7-400 PLC’s are generally in the Manufacturing Industry which regulates the motors, actuators, and sensors. Its believed that these are the security systems which couldn’t be attacked but their security has been under threat due to the attack of malicious worm known as Stuxnet. Stuxnet not only attacks PLC but also targets SCADA Systems which are essential for running the electromechanical processes. Stuxnet has been described as the threat which has the ability to reprogram the PLC and hide the program changes from the user. This is a critical situation which can destroy the real world plant Industry.
3: Justification
The selected system of S7 PLC with respect to the Stuxnet attack is highly suitable for Industrial Control Systems domain as this Siemens device plays a crucial role in carrying out the daily production targets of an organisation and therefore the security of these devices is essential in order to run the smooth production activities.
To justify the importance of its security there is an example of a Stuxnet attack on the Iranian nuclear facilities. This attack destroyed the 1000 centrifuges of the plant which is approx. 10 %.The number of operational centrifuges was reduced to 3900 from 4700 due to the severity of this attack which led to huge loss of the production. Idha National Laboratory(INL) closely monitors the security holes in the company’s(Siemens) Process Control Systems and the flaws in the control systems were discussed by the Siemens at the Press Conference in Chicago. This case study project will describe how the Industrial Control system gets targeted, methods by which the PLC code block gets infected, the type of actual code which is used by this worm and the description of rootkit which is considered as the advanced technology to hide the code.
Several business organisations and skilled societies have provided the best standard and practices in order to establish a security management program for the control systems. The prevention utilises a multi-layered approach known as defense in depth. This includes various policies, procedures, awareness training, measurement of controls, system monitoring, segmentation of networks, risk analysis, and security assessment methods.
This project will provide a background of Simatic PLC and other control systems, Stuxnet architecture, Injection technique, Attack Phase, hiding code activities, the behavior of infected PLC, Rootkit concept, in addition to this we will focus our study on the practices and methods for the Industrial control system protection to mitigate this effect.
...(download the rest of the essay above)