SCADA Cyber Security Training

“Security requires a particular mindset. Security professionals—at least the good ones–see the world differently. They cannot walk into a store without noticing how they might shoplift. They cannot use a computer without wondering about the security vulnerabilities. They cannot vote without trying to figure out how to vote twice. They just cannot help it.” -Bruce Schneier, CRYPTO-GRAM, April-May 2008.

The authors had the unique opportunity of attending a very rare event the week of July 20, 2009 in the high desert plains of Idaho Falls, ID. The five-day event, entitled National SCADA Test Bed Advanced Training, was sponsored by Idaho National Laboratory (INL), one of the lead Department of Energy (DOE) laboratories responsible for the National SCADA Test Bed (NSTB) under the DOE NSTB program.
The Advanced Control System Cyber Security Training program focused on energy sector (oil, natural gas, and electric) participants to teach the difficult subject of cyber security, to raise awareness, to make better defenders and to take advantage of the true security professionals in the organization to encourage more security disciples.

The training was attended by 33 industry participants representing 20 energy companies with impressive educational, technical and industry backgrounds. Attendees had the benefit of several focused sessions with leaders in Network Design, Operating Systems, Critical Communication, Application Design, the application of contemporary security mitigation strategies and knowledge of the latest attack vectors.

Participants were provided defensive cyber security skills for their control systems. Through the instructions and their participation in a Red Team (attacker)/Blue Team (defender) exercise, participants gained an understanding of how cyber attacks against control systems could be launched, why and how they work and mitigation strategies that will increase a company’s cyber security posture to thwart potential attacks.

The attending individuals learned about tools and strategies they had only heard of or had tried in an effort to protect their company’s information technology and control systems without verification of its effectiveness. Their attempts to protect their company’s cyber exploits occurred without really having a clear understanding of the availability of very powerful and fairly easy to use open source cyber tools. These tools are readily available on the Internet and in some cases are free of charge, allowing a malevolent perpetrator to develop and implement exploits to cause information stack overflow and Reverse TCP. This was evident from a comment by an attendee representing the oil and gas sector.

“I would highly recommend this class for anyone involved in securing their energy industry IT assets. This class was very informative and definitely an eye opener. One of the items that I found most helpful was the plethora of software tools available for download via the Internet that can be utilized by hackers to cause severe disruption to an environment. However, it was demonstrated how these same tools can be utilized by a proactive IT group to protect their assets.” Allen Lykins - Manager, Network, SCADA and Control Systems Genesis Energy.
Another attendee said, “I wish I had learned (earlier) what power some of these exploits have and how readily available these tools can be. It would have made my job a lot easier to have this level of understanding.”