Cyber Security Assessment Tools And Methodologies For The .
Cyber Security Assessment Tools andMethodologies for the Evaluation of Secure NetworkDesign at Nuclear Power PlantsA Letter Report to the U.S. NRCJanuary 27, 2012Prepared by:Cynthia K. Veitch, Susan Wade, and John T. MichalskiSandia National LaboratoriesP.O. Box 5800Albuquerque, New Mexico 87185Prepared for:Paul Rebstock, NRC Program ManagerU.S. Nuclear Regulatory CommissionOffice of Nuclear Regulatory ResearchDivision of EngineeringDigital Instrumentation & Control BranchWashington, DC 20555-0001U.S. NRC Job Code:JCN N6116Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation,a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy'sNational Nuclear Security Administration under contract DE-AC04-94AL85000.
Issued by Sandia National Laboratories, operated for the United States Department of Energy bySandia Corporation.NOTICE: This report was prepared as an account of work sponsored by an agency of the UnitedStates Government. Neither the United States Government, nor any agency thereof, nor any of theiremployees, nor any of their contractors, subcontractors, or their employees, make any warranty,express or implied, or assume any legal liability or responsibility for the accuracy, completeness, orusefulness of any information, apparatus, product, or process disclosed, or represent that its usewould not infringe privately owned rights. Reference herein to any specific commercial product,process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarilyconstitute or imply its endorsement, recommendation, or favoring by the United StatesGovernment, any agency thereof, or any of their contractors or subcontractors. The views andopinions expressed herein do not necessarily state or reflect those of the United States Government,any agency thereof, or any of their contractors.
ABSTRACTThis report is a survey of cyber security assessment methodologies and tools—based on industrybest practices—for the evaluation of network security and protection of a modern digital nuclearpower plant data network (NPPDN) and its associated digital instrument and control (I&C)safety systems. These methodologies and tools should be used by U.S. Nuclear RegulatoryCommission (NRC) staff to evaluate network designs using industry standards, regulatoryguidelines, and the technical guidance and acceptance criteria for secure network designdeveloped by Sandia National Laboratories. Additionally, these methodologies and tools can beused by NPPDN network administrators, NRC staff, and nuclear power plant owners andoperators to evaluate security and protection throughout the system lifecycle. This reportincludes a description of the capabilities, limitations, costs, and vendor licensing conditions fortechnologies presented. Where appropriate, this report explains the operational and securityrequirements associated with modern NPPDN and digital I&C safety system design, operation,and maintenance. Additionally, potential repercussions are described that relate to theintroduction of the described methodology or tool into a secure nuclear power plant networkenvironment.i
ii
CONTENTSABSTRACT .iACRONYMS AND ABBREVIATIONS . v1INTRODUCTION . 11.1 Background . 11.2 Scope and Purpose . 31.3 Report Structure . 42CYBER SECURITY ASSESSMENT . 52.1 System Lifecycle . 52.2 System Characteristics . 82.3 Roles and Responsibilities . 92.4 Assessment Methodologies and Tools . 103NETWORK SCANNING . 133.1 Considerations . 133.2 Tools . 144VULNERABILITY SCANNING . 174.1 Categories of Vulnerabilities . 174.1.1 Policy and Procedure Vulnerabilities . 174.1.2 Platform Vulnerabilities . 184.1.3 Network Vulnerabilities . 204.2 Considerations . 214.3 Tools . 245PASSWORD CRACKING . 295.1 Considerations . 295.2 Tools . 306LOG REVIEW AND ANALYSIS . 336.1 Considerations . 336.2 Tools . 347FILE INTEGRITY CHECKING . 377.1 Considerations . 377.2 Tools . 378MALWARE DETECTION. 418.1 Considerations . 418.2 Tools . 429WAR DIALING . 459.1 Considerations . 469.2 Tools . 46iii
10 WIRELESS TESTING . 4910.1 Considerations . 4910.2 Tools . 5011 PENTRATION TESTING . 5311.1 Considerations . 5411.2 Tools . 5512 SUMMARY RECOMMENDATIONS . 5913 REFERENCES. 63APPENDIX A: Summary of Assessment Methodologies and Recommended Frequencies. 65APPENDIX B: Map of Tools and Assessment Methodologies . 69FIGURESFigure 1. Hypothetical digital plant system network architecture. . 2Figure 2. Hypothetical NPPDN with IDS and IPS sensor placements. 33TABLESTable 1. Preferred network assessment activities for high-reliability systems. 14Table 2. Sample network scanning tools. . 16Table 3. Preferred vulnerability assessment activities for high reliability systems. 23Table 4. Sample vulnerability scanning tools. . 26Table 5. Sample password cracking tools. . 31Table 6. Sample log review and analysis tools. . 35Table 7. Sample file integrity checking tools. . 39Table 8. Sample malware detection tools. . 44Table 9. Sample war dialing tools. . 47Table 10. Sample wireless testing tools. 52Table 11. Sample penetration testing tools. . 56iv
ACRONYMS AND ABBREVIATIONSACLaccess control listC&Acertification and assessmentCDAcritical digital assetCIOchief information officerCLIcommand line interfaceCOTScommercial-off-the-shelfCSOchief security officerDCSdistributed control systemDHCPDynamic Host Configuration ProtocolDI&Cdigital instrumentation and controlDNSDomain Name ServiceDoSdenial of serviceDSSdigital safety systemEMPelectro-magnetic pulseFISMAFederal Information Security Management ActGUIgraphical user interfaceHMIhuman-machine interfaceI&Cinstrument and controlICSindustrial control systemIDidentificationIDSintrusion detection systemIEEEInstitute of Electrical and Electronics EngineersIPInternet ProtocolIPSintrusion prevention systemITinformation technologyNERCNorth American Electric Reliability CorporationNICnetwork interface cardNISTNational Institute of Standards and TechnologyNPPnuclear power plantNPPDNnuclear power plant data networkNRCNuclear Regulatory Commissionv
OPCOLE for Process ControlOSoperating systemPBXPrivate Branch ExchangePCSprocess control systemPLCprogrammable logic controllerPSTNpublic switched telephone networkRASremote access serverRGRegulatory GuideRTOSreal-time operating systemRTUremote terminal unitSCADAsupervisory control and data acquisitionSNLSandia National LaboratoriesSPSpecial PublicationSSIDservice set identifierVoIPvoice-over-IPWEPWired Equivalent Privacy protocolWLANwireless local area networkvi
1 INTRODUCTIONCyber security assessment consists of methods and procedures used to assess the effectiveness ofcyber security controls in a digital system. In particular, the assessment methods and proceduresare used to determine if the security controls are implemented correctly, operating as intended,and producing the desired outcome with respect to meeting the security requirements of the assetowner. Cyber security assessment is one of the most reliable methods of determining whether asystem is configured and continues to be configured to the correct security controls and policy.The assessment methodologies and tools described in this document are meant to assist nuclearpower plant owners, operators, and network administrators in keeping their systemsoperationally secure and as resistant as possible to attack. U.S. Nuclear Regulatory Commission(NRC) staff should use the techniques described herein to evaluate secure network designs usingindustry standards, regulatory guidelines, and the technical guidance and acceptance criteria.These assessment activities, if made part of standard system and network administration andassessment, can be highly cost-effective in preventing incidents and uncovering vulnerabilities.1.1 BackgroundNuclear power plant data networks (NPPDNs) and their associated safety systems are beingmodernized to include many information technology (IT) networks and applications. Along withthe advancement of plant data networks (PDNs), instrument and control (I&C) systems are beingupgraded with modern digital, microprocessor-based systems. These systems provide a highdegree of automation to enhance plant operation, reduce operator burden, and improvesituational awareness during normal and off-normal conditions. However, these same systemsintroduce challenges for the nuclear power industry and NRC staff, who are responsible forensuring the new systems meet all reliability, performance, and security requirements.Digital I&C systems, such as process control and safety systems, rely on the NPPDN—theessential backbone of a secure nuclear power plant (NPP) network design. Figure 1 displays ahypothetical NPP’s modern and integrated data and communications architecture. The NPPDNmust be highly reliable, maintainable, and independent to ensure that all digital I&C systems willperform their particular missions. Additionally, that network must also support a necessary databandwidth for conveying system-operational information to the user.Many of the differences between NPPDN architectures and traditional information processingsystem architectures stem from the fact that logic executing on an NPPDN can have a directeffect on the physical world [2]. These differing characteristics include the potential forsignificant risk to the health and safety of human lives, serious damage to the environment, andserious financial issues, such as production losses and negative impact to the nation’s economy.Possible incidents an NPP may face include [2]— blocked or delayed flow of information through NPP networks, which could disrupt NPPoperation unauthorized changes to instructions, commands, or alarm thresholds, which coulddamage, disable, or shut down equipment, create environmental impacts, and/or endangerhuman life1
Figure 1. Hypothetical digital plant system network architecture [1]. inaccurate information sent to system operators, either to disguise unauthorized changes,or to cause the operators to initiate inappropriate actions, which could have variousnegative effects interference with the operation of safety systems, which could endanger human lifeThe trend toward integrating nuclear power I&C networks with business processing andcorporate IT networks reduces isolation for the NPPDN from the outside world. Also, unliketypical information processing systems, the NPPDN’s security objectives follow the priority ofnetwork availability and reliability—a focus on safety and efficiency that may sometimesconflict with security in the design and operation of a more modern IP-based NPP.Sandia National Laboratories (SNL) has prepared for the NRC a letter report describing acomprehensive best practice approach to the design, operation, and protection of safety systemapplications at NPPs [3] and a NUREG publication describing critical design elements of asecure digital NPPDN [1]. Both documents explain security issues associated with a modernNPPDN design and suggest mitigations, where appropriate, to enhance network security. TheNational Institute of Standards and Technology (NIST) published guidelines on network security2
testing [4, 5] and a guide to industrial control system (ICS) security [2]. Additionally, NISTSpecial Publication (SP) 800-53, Recommended Security Controls for Federal InformationSystems, includes an appendix with security controls, enhancements, and supplemental guidancefor industrial control systems [6]. In this document, we build on the foundations of thesepublished reports to describe cyber security assessment methodologies and tools for theevaluation of secure network design at NPPs.1.2 Scope and PurposeThe purpose of this document is to provide guidance on cyber security assessment for NPPs.This report presents and describes cyber security assessment methodologies and tools for theevaluation of secure network design for the operation, maintenance, and protection of a modernNPPDN. This survey does not directly address the assessment of the physical security of digitalsystems, although physical access should always be addressed as part of a cyber security riskanalysis. Instead, it considers physical protection only with respect to the use of cyber-basedassets, such as badge systems, turnstile controls, and network video, used to accommodatephysical security.The main focus of this document is to disseminate basic information about methodologies andtools to NPPDN network administrators, NRC staff, and NPP owners and operators. Thisinformation can be used to evaluate network-based cyber security as it applies for the entireNPPDN. This includes any pre-evaluation and installation of newly designed cyber-basednetwork segments that may be installed in the NPPDN, including digital safety systems. Withrespect to the safety system, any tools or methodologies that may have a detrimental effect on thecyber-based operation of the safety system will be called out as a warning throughout thisdocument. Safety system cyber elements, such as digital safety systems, can be evaluated by anyapplicable tools and methodologies described in this document, but it is suggested the evaluationtake place in a lab environment, prior to installation. This will ensure that the security evaluationdoes not create a detrimental impact on any aspect of operations. Any post-installation securityassessments should be evaluated with respect to potential detriment to the ability of the systemunder test to perform its operational function. This document is by no means all-inclusive. NRCstaff, NPP owners, operators, and NPPDN administrators should consult the references providedin this document, as well as vendor product descriptions and other sources of information. Eachunique NPPDN will require a determination of the most appropriate approach for assessmentbased on the particular NPP’s mission, security objectives, and compliance requirements.This survey is intended to identify methodologies and tools that support industry best practiceapproaches for the evaluation of secure network designs using technical guidance and acceptancecriteria developed by SNL (e.g., [1, 3]). Where possible, this report describes the capabilities,limitations, costs, and vendor licensing conditions for each tool presented. In order for NRC staffand NPP designers and operators to make informed decisions regarding the methodologies andtools used to plan, build, maintain, and ass
Cyber security assessment consists of methods and procedures used to assess the effectiveness of cyber security controls in a digital system. In particular, the assessment methods and procedures . assessment, can be highly cost-effective in preventing incidents and uncovering vulnerabilities. 1.1 Background Nuclear power plant data networks .
the 1st Edition of Botswana Cyber Security Report. This report contains content from a variety of sources and covers highly critical topics in cyber intelligence, cyber security trends, industry risk ranking and Cyber security skills gap. Over the last 6 years, we have consistently strived to demystify the state of Cyber security in Africa.
What is Cyber Security? The term cyber security refers to all safeguards and measures implemented to reduce the likelihood of a digital security breach. Cyber security affects all computers and mobile devices across the board - all of which may be targeted by cyber criminals. Cyber security focuses heavily on privacy and
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
Cyber crimes pose a real threat today and are rising very rapidly both in intensity and complexity with the spread of internet and smart phones. As dismal as it may sound, cyber crime is outpacing cyber security. About 80 percent of cyber attacks are related to cyber crimes. More importantly, cyber crimes have
Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber
DHS Cyber Security Programs Cyber Resilience Review (CRR) Evaluate how CIKR providers manage cyber security of significant information services and assets Cyber Infrastructure Survey Tool (C-IST) Identify and document critical cyber security information including system-level configurations and functions, cyber security threats,
Cyber security in a digital business world 68% of cyber security leaders will invest more in security as their business model evolves. 44% are using managed security services 21% report that suppliers and business partners were the source of a cyber attack in the last 12 months www.pwc.co.nz/gsiss2017 Cyber security in a digital business world
risks for cyber incidents and cyber attacks.” Substantial: “a level which aims to minimise known cyber risks, cyber incidents and cyber attacks carried out by actors with limited skills and resources.” High: “level which aims to minimise the risk of state-of-the-art cyber attacks carried out by actors with significant skills and .
