Industrial Network Security Book

Question 1

modbus

Answer 1

Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) in 1979 for use with its programmable logic controllers (PLCs). Modbus has become a de facto standard communication protocol and is now a commonly available means of connecting industrial electronic devices. “Nonroutable”

Question 2

RTU

Answer 2

A remote terminal unit (RTU) is a microprocessor-controlled electronic device that interfaces objects in the physical world to a distributed control system or SCADA system by transmitting telemetry data to a master system, and by using messages from the master supervisory system to control connected objects. “Nonroutable”

Question 3

DNP3

Answer 3

DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. Usage in other industries is not common. “Nonroutable”

Question 4

Fieldbus

Answer 4

Fieldbus is the name of a family of industrial computer network protocols used for real-time distributed control, standardized as IEC 61158. A complex automated industrial system — such as manufacturing assembly line — usually needs a distributed control system—an organized hierarchy of controller systems—to function. “Nonroutable”

Question 5

“Nonroutable” network

Answer 5

refers to those serial, bus, and point-to-point communication links that utilize Modbus/RTU etc. They interconnect devices and provide a communication path between digital devices, and in many cases are designed for remote command and control.

Question 6

“Routable” network

Answer 6

Typically means a network utilizing TCP/IP. Also include routable variants of nonroutable protocols (e.g. Modbus over TCP/IP and DNP3 over TCP/UDP)

Question 7

industrial switch

Answer 7

A switch that can withstand extreme conditions.

Question 8

“enclave” and “zone”

Answer 8

Convenient for defining a closed group of assets, or a functional group of devices, services, and applications that make up a larger system. Communications are limited to only those devices, applications, and users that should be interacting with each other.

Question 9

ESP

Answer 9

“Electronic Security Perimeter”. The boundary between secure and insecure zones.

Question 10

Separation of assets

Answer 10

The separation of assets into functional groups allows specific services to be tightly locked down and controlled, and is one of the easiest methods of reducing the attack surface.

Allows you to configure the firewall more precisely.

Question 11

Advanced Access Control

Answer 11

• Only allow a user to log in to an HMI if the user has successfully badged into the control room.
• Only allow a user to operate a given control from a specific controller.
• Only allow a use to authenticate during that user’s shift.

You can use two factor plus the above access control restrictions.

Question 12

PLC

Answer 12

Programmable logic controller. A specialized industrial computer used to automate functions within manufacturing facilities. PLCs do not typically use commercially available OSs.

Question 13

Ladder Logic

Answer 13

A set of connections between inputs (relay contacts) and outputs (relay coils). Every step is tested in each scan.

Question 14

Relay

Answer 14

A relay is an electrically operated switch. Relays are used where it is necessary to control a circuit by a separate low-power signal, or where several circuits must be controlled by one signal.

Question 15

Sequential Logic

Answer 15

Differs from ladder logic in that each step is executed in isolation and progresses to the next step only upon completion. Very common in batch operations.

Question 16

RTU

Answer 16

Monitor field parameters and transmit that data back to a central monitoring station–typically either a master terminal unit (MTU) that may be an ICS server, a centrally located PLC, or directly into an HMI. Commonly inlcude remote communications capabilities consisting of a modem, cellular data connection, radio, or other wide area communication technology. Commonly installed in locations that may not have easy access to electricity. Use “publish/subscribe” methods. Sometimes integrate PLC functionality into them.

Question 17

IED

Answer 17

Intelligent electronic device. Developed for locations that require not only local direct control functionality and integrate telecommunications support, but also can be installed in areas that involve high-voltage energy sources and the assocated electrical “noise” that is typically present in those environments. IEDs are designed to perform a specific function (i.e. substation automation) with the overall control system whereas RTUs and PLCs are designed for general use (they can be programmed to do a ton of different things)

Question 18

HMI

Answer 18

Human-Machine Interface. Used as an operator’s means to interact with PLCs, RTUs, and IEDs. HMIs replace manually activated switches, dials, and other electrical controls w/ graphical representations of the digital controls used to sense and influence that process. Allow operators to start and stop cycles, adjust set points, and perform other functions to interact with a control process. Do not authenticate to the station for security reasons.

Question 19

Supervisory Workstation

Answer 19

Collects information from assets used within a control system and presents that information for supervisory purposes. Unlike an HMI, a supervisory workstation is primarily read-only.

Question 20

Data Historian

Answer 20

A specialized software system that collects point values, alarm events, batch records, and other information from industrial devices and systems and stores them in a purpose-built database. Unlike an HMI, a data historian generally does not explicitly allow control of the process.

Question 21

tags (data historian..)

Answer 21

Data that are historized and stored within a data historian is referred to as “tags” and can represent almost anything–the current spped of a motor or turbine, the rate of airflow througha HVAC unit, the total volume of a mixing tank, etc.

Question 22

OSIsoft

Answer 22

Holds a dominant position in the data historian market;

Question 23

Business Information Console

Answer 23

Extensions of supervisor workstations. Designed to deliver business intelligence to upper management. In some cases may be a physical console, such as a computer display connected to an HMI or historian within the ICS DMZ, but physically located elsewhere.

Question 24

Closed Loop

Answer 24

Output of the process affects the inputs, fully automating the process. Temperature sensor affects heating element. Provides automated control.

Question 25

Open Loop

Answer 25

The input from the process (e.g. temperature) does not affect the output (heating coil). Provide manual control. Like an assembly line. Sort of…

Question 26

Complex Loops

Answer 26

Might use multiple inputs to perform a function that is inherently more complex. As control complexity increases, control loops may be distributed across multiple controllers requiring critical P2P communications across the network. An HMI usually controls a process consisting of many control loops.

Question 27

Control process

Answer 27

General term used to define larger automated processes within an industrial operation. Many control processes may be required to manufacture a product or to generate electricity. Each control process may consist of one or many control loops.

Question 28

Historizing data

Answer 28

The process of removing data from the real-time environment of an automated industrial process and storing it overtime. Specific ICS components may use their own data historian system to historize the data locally.

Question 29

Data outside DMZ

Answer 29

Best practices recommend that the only component in the DMZ connected to the historian on the business network is a historian. Uses unidirectional gateway.

Question 30

BPCS

Answer 30

Basic process control system is responsible for discrete and continuous control necessary to operate a process within normal operational boundaries.

Question 31

SIS

Answer 31

Safety instrumented systems are deployed as part of a comprehensive risk management strategy utilitizing layers of protection to prevent a manufacturing environment from reaching an unsafe operation condition. Can detect and respond to process event. Vulnerable to DOS attack.

Question 32

HEMS

Answer 32

Home energy management systems. For smart grid. Provide end-user monitoring and control of energy usage.

Question 33

AMI

Answer 33

Advanced metering infrastructure. For smart grid.

Question 34

AMI Headend

Answer 34

The AMI Headend feeds local distribution and metering. Typically connect to large number of smart meters, serving a neighborhood or district, which in turn connect to home or business networks. Often use HEMS.

Question 35

Threats to AMI

Answer 35

• Bill manipulation/energy theft
• Unauthorized access from customer end point
• Interference with utility telecommunications
• Mass load manipulation (use of c2c to manipulate bulk power use)
• DOS