Industrial Network Security Book Flashcards
modbus
Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). Modbus has become a de facto standard communication protocol and is now a commonly available means of connecting industrial electronic devices. “Nonroutable”
RTU
A remote terminal unit (RTU) is a microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or SCADA system by transmitting telemetry data to a master system, and by using messages from the master supervisory system to control connected objects. “Nonroutable”
DNP3
DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. “Nonroutable”
Fieldbus
Fieldbus is the name of a family of industrial computer network protocols used for real-time distributed control, standardized as IEC 61158. A complex automated industrial system — such as manufacturing assembly line — usually needs a distributed control system—an organized hierarchy of controller systems—to function. “Nonroutable”
“Nonroutable” network
refers to those serial, bus, and point-to-point communication links that utilize Modbus/RTU etc. They interconnect devices and provide a communication path between digital devices, and in many cases are designed for remote command and control.
“Routable” network
Typically means a network utilizing TCP/IP. Also include routable variants of nonroutable protocols (e.g. Modbus over TCP/IP and DNP3 over TCP/UDP)
industrial switch
A switch that can withstand extreme conditions.
“enclave” and “zone”
Convenient for defining a closed group of assets, or a functional group of devices, services, and applications that make up a larger system. Communications are limited to only those devices, applications, and users that should be interacting with each other.
ESP
“Electronic Security Perimeter”. The boundary between secure and insecure zones.
Separation of assets
The separation of assets into functional groups allows specific services to be tightly locked down and controlled, and is one of the easiest methods of reducing the attack surface.
Allows you to configure the firewall more precisely.
Advanced Access Control
- Only allow a user to log in to an HMI if the user has successfully badged into the control room.
- Only allow a user to operate a given control from a specific controller.
- Only allow a use to authenticate during that user’s shift.
You can use two factor plus the above access control restrictions.
PLC
Programmable logic controller. A specialized industrial computer used to automate functions within manufacturing facilities. PLCs do not typically use commercially available OSs.
Ladder Logic
A set of connections between inputs (relay contacts) and outputs (relay coils). Every step is tested in each scan.
Relay
A relay is an electrically operated switch. Relays are used where it is necessary to control a circuit by a separate low-power signal, or where several circuits must be controlled by one signal.
Sequential Logic
Differs from ladder logic in that each step is executed in isolation and progresses to the next step only upon completion. Very common in batch operations.
RTU
Monitor field parameters and transmit that data back to a central monitoring station–typically either a master terminal unit (MTU) that may be an ICS server, a centrally located PLC, or directly into an HMI. Commonly inlcude remote communications capabilities consisting of a modem, cellular data connection, radio, or other wide area communication technology. Commonly installed in locations that may not have easy access to electricity. Use “publish/subscribe” methods. Sometimes integrate PLC functionality into them.
IED
Intelligent electronic device. Developed for locations that require not only local direct control functionality and integrate telecommunications support, but also can be installed in areas that involve high-voltage energy sources and the assocated electrical “noise” that is typically present in those environments. IEDs are designed to perform a specific function (i.e. substation automation) with the overall control system whereas RTUs and PLCs are designed for general use (they can be programmed to do a ton of different things)
HMI
Human-Machine Interface. Used as an operator’s means to interact with PLCs, RTUs, and IEDs. HMIs replace manually activated switches, dials, and other electrical controls w/ graphical representations of the digital controls used to sense and influence that process. Allow operators to start and stop cycles, adjust set points, and perform other functions to interact with a control process. Do not authenticate to the station for security reasons.
Supervisory Workstation
Collects information from assets used within a control system and presents that information for supervisory purposes. Unlike an HMI, a supervisory workstation is primarily read-only.
Data Historian
A specialized software system that collects point values, alarm events, batch records, and other information from industrial devices and systems and stores them in a purpose-built database. Unlike an HMI, a data historian generally does not explicitly allow control of the process.
tags (data historian..)
Data that are historized and stored within a data historian is referred to as “tags” and can represent almost anything–the current spped of a motor or turbine, the rate of airflow througha HVAC unit, the total volume of a mixing tank, etc.
OSIsoft
Holds a dominant position in the data historian market;
Business Information Console
Extensions of supervisor workstations. Designed to deliver business intelligence to upper management. In some cases may be a physical console, such as a computer display connected to an HMI or historian within the ICS DMZ, but physically located elsewhere.
Closed Loop
Output of the process affects the inputs, fully automating the process. Temperature sensor affects heating element. Provides automated control.
Open Loop
The input from the process (e.g. temperature) does not affect the output (heating coil). Provide manual control. Like an assembly line. Sort of…
Complex Loops
Might use multiple inputs to perform a function that is inherently more complex. As control complexity increases, control loops may be distributed across multiple controllers requiring critical P2P communications across the network. An HMI usually controls a process consisting of many control loops.
Control process
General term used to define larger automated processes within an industrial operation. Many control processes may be required to manufacture a product or to generate electricity. Each control process may consist of one or many control loops.
Historizing data
The process of removing data from the real-time environment of an automated industrial process and storing it overtime. Specific ICS components may use their own data historian system to historize the data locally.
Data outside DMZ
Best practices recommend that the only component in the DMZ connected to the historian on the business network is a historian. Uses unidirectional gateway.
BPCS
Basic process control system is responsible for discrete and continuous control necessary to operate a process within normal operational boundaries.
SIS
Safety instrumented systems are deployed as part of a comprehensive risk management strategy utilitizing layers of protection to prevent a manufacturing environment from reaching an unsafe operation condition. Can detect and respond to process event. Vulnerable to DOS attack.
HEMS
Home energy management systems. For smart grid. Provide end-user monitoring and control of energy usage.
AMI
Advanced metering infrastructure. For smart grid.
AMI Headend
The AMI Headend feeds local distribution and metering. Typically connect to large number of smart meters, serving a neighborhood or district, which in turn connect to home or business networks. Often use HEMS.
Threats to AMI
- Bill manipulation/energy theft
- Unauthorized access from customer end point
- Interference with utility telecommunications
- Mass load manipulation (use of c2c to manipulate bulk power use)
- DOS
