Critical Infrastructure & Cyber Security Protection (SCADA)

Area of Interest: Cyber Security

Australia’s Critical Infrastructure (CI) is diverse, complex and inter-dependant, and relies on distributed networks that run everything from electricity power plants to gas pipelines and hospitals to highways. Nowadays our infrastructure is more physically and digitally interconnected than ever before and thus faces a variety of risks to its security and ability to function. As these risks include manmade acts of terror and cyber-attacks, Critical Infrastructure security is the backbone of our national security and economic prosperity.

Infrastructure operations are increasingly reliant on automated Industrial Control Systems (ICS) which incorporate such devices as supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLC’s), human machine interfaces (HMI’s), remote telemetry units (RTU’s) and distributed control systems (DCS’s). While these systems had their beginnings without the benefits of open connectivity to other systems, the incorporation and benefits of such connectivity is increasingly utilised. With this though, comes the increased possibility of the unauthorised or unintended use or damage to the very systems we depend upon in our everyday lives.

This course covers and provides practical experience with the complexity of modern information technology equipment and the components in control systems and legacy systems, the threat environment, and attackers’ capabilities as well as techniques for securing these systems.

This onsite professional development course offers technical, architectural, and managerial solutions to the problem of protecting industrial infrastructure. It is designed to accommodate the broad spectrum of backgrounds and potential abilities for a Company's Engineering, IT and Technical Management team members. To do this we will be running concurrent streams where you will be able to select between hands on labs that are either centred around the control system or IT hardware and software.

This course combines presentations, group discussions and a high proportion of guided hands-on labs. These labs will enable you to gain hands on experience through with a series of VM-based machines using both real hardware and digital twin technologies. Towards the end there will be a Red\Blue exercise using real hardware and software controlling the infrastructure on our training table. The final half day is the chance to take the gained knowledge and implement it in protecting this training table infrastructure. We will all finally test the effectiveness by the final Red Insider exercise where everyone tries to become the disgruntled employee wanting to take down the infrastructure.

If you had not had direct experience with the hardware and software of an industrial plant it is advised that you select labs designed to provide an understanding of these system. The alternative steam is intended to provide those that do not typically get involved with IT systems the opportunity to learn more about configuring them. If you typically do not get involved with either of these, we would generally advise you to select the industrial plant stream given that is the primary focus of this course.

There are many combined sections of the course in which we will be working together on the same exercise.

It is noted that the maximum number of attendees to this course is restricted by hardware and licensing constraints. Although you can select the labs that are of interest to you, numbers are limited depending on the practical and your selections will be allocated on a first in approach.

Day 1 - Thursday 21 Aug :

• Introduction to Industrial Control Systems (ICS), CIA Triad and its Implications
• ICS Penetration Testing and Implications, ICS Hardware, Refresher on Numbering Systems, IP Addressing, Subnets and Routing.
• Background to Kali Linux and what can it be used for. Demonstration of possibilities to gain privilege to several Windows operating systems.

Day 2 - Friday 22 Aug:

• Practical Workshop Session: Intro into PLC systems and programming (Rockwell). Allen Bradley PLC programming to get an understanding of how it operates. Loss and recovery.
• Practical Workshop Session: PLC systems & programming (Siemens). Digital twin of a high-end Siemens PLC. Standardised PLC languages in IEC61131-3 standard.

Day 3 - Monday 25 Aug:

• Wireless and Mobile Security. Wireless LANs - risks and vulnerabilities. Testing wireless infrastructure using Kali tools. Demonstration of wireless vulnerabilities using Raspberry Pi.
• Secure Wireless Infrastructure: Setting up a secure Wireless Enterprise Industrial Infrastructure. Firewalling, routing and switching for a secure wireless infrastructure.

Almost everybody is now using wireless and mobile systems for both personal use and work yet there are still many successful attacks. This workshop focuses on people who use, design, test, implement or who are responsible for secure wireless/mobile operation and who require understanding of the key cybersecurity issues in this framework.

Day 4 - Tuesday 26 Aug:

• Practical Network Security Policy Implementation. This workshop addresses the configuration and testing of a security policy implemented on a firewall/router/switch infrastructure involving filters, proxies and Public Key Infrastructure and Digital Certificate implementation as used in VPNs.
• Virtual Private Networks, Design and setting up of VPN tunnels using Kali’s WireGuard open-source engine, OpenVPN or the industrial IKEv2 VPN using hardware crypto processors. This will involve VPN architecture which crosses different domains of trust in both wired and wireless networks as well as testing their operation with servers, firewalls and mobile client devices such as laptops and mobile phones.

Poor implementation and testing of security policy contributes to many disasters. VPNs are used almost universally for all head office, branch office, supplier and cloud-based communication. Despite the cryptographic systems used for these VPNs, vulnerabilities exist and attacks can be successful largely because of lack of practical experience in the setting up these systems.

Day 5 - Wednesday 27 Aug:

• IoT (Internet of Things) Security: Many of the devices used in a home environment are finding their way into business or industrial environments. These include Wi-Fi switches, Wi-Fi lights, Wi-Fi thermostats, Bluetooth Doorlocks, CCTV video systems and similar devices. A lot of the security issues result from the way TCP and UDP are used as well as the lack of good end-to-end encryption.
• IIoT (Industrial IoT) refers to use of these devices in industrial situations. This workshop will experiment with an IoT Authentication Framework including new developments in how to secure IoT and IIoT networks.

Much has been talked about and written on this topic. Not many have had hands-on experience in testing and evaluation of the security with live IoT equipment.

Or

Day 5 - Wednesday 27 Aug:

• Practical Workshop Session: HMI systems and their programming. Interconnection of HMI and PLC. Introduction to SCADA systems and programming. Connect SCADA to the PLC we have been programming. Interaction of SCADA and PLC.
• Practical Workshop Session continued: A further look into SCADA including historian and SQL systems and programming.

We look further into SCADA and some of the systems that can sit behind it. Form up some queries and modify some data going to a database.

Day 6 - Thursday 28 Aug:

• Multi-Factor Authentication. Initial work will involve configuring Active Directory for Domain and MFA operation. This will include enterprise grade MFA systems such as RSA hard and soft tokens and consumer grade MFA systems such as Google Authenticators.
• Additional topics will include use of mobile phones with both the RSA and Google systems as well as use of a RADIUS Server and PAM (Pluggable Authentication Module) to handle the Google Authenticator component of MFA. Setting up of a biometric facial recognition MFA system combined with Active Directory as third factor authentication devices typical of those used business, airports etc.

This workshop addresses the implementation and testing of a range Multi-Factor Authentication systems including physical, soft and biometric devices commonly used for access to cloud services.

Or

Day 6 - Thursday 28 Aug:

• Morning: Practical Workshop Session: Intro into Modbus RTU and TCP protocols. Manipulation of Modbus by MITM interception and modification.
• Afternoon: Red-Blue Exercise. The Red team are attacking to bring down the essential services while the Blue team has been brought in to save the day.

Day 7 - Friday 29 Aug:

• Cyber-Security Attack Topics: Reverse Shell and Ransomware privilege escalation and root access attacks: MSFvenom, EternalBlue, Mousejack, MITM Vulnerabilities, Heartbleed SSL interception data leakage and USB cable attacks.
• Social Media Scam attacks - PDF Attacks, Client-side exploits involving key-stroke logging and Facebook mining tailored attacks using AI systems.

The Metasploit Framework is commonly used by pen testers and involves the setting up of listeners that create an environment (referred to as a Meterpreter) to manipulate compromised machines. In these workshop sessions we will see how this framework within Kali Linux can be used to attack (or indeed test the security of) Windows machines through to ransomware attacks which encrypt client databases.

Ideal for: This course is useful for IT and Engineering graduates in the Cyber Security profession managing or securing Industrial Control Systems or those in intermediate Security roles within Defence and utility security managing SCADA and other Industrial Control Systems on all types of platforms.

Prerequisite: Students should have a basic understanding of Cyber Security gained in the workplace or through the UNSW Canberra Cyber Security Boot Camp or SANS SEC401 or similar. A knowledge of basic networking principles such as OSI/ Internet stack and TCP/IP will also be helpful.

Resources for Attendees

There is no textbook that attendees need to obtain. A variety of resource material will be made available to the attendees as needed throughout the course.

CAMERON SANDS is a career automation professional who has worked in industrial and commercial automation roles for more than 30 years. His extensive experience includes work in the traditional critical infrastructure of electrical generation and distribution, sewage and potable water treatment and distribution, oil and gas, banks, communications and datacentres, transportation systems, food manufacturing, hospitals, and defence. His specialist expertise includes programming industrialised systems such as programmable logic controllers (PLC’s), supervisory control and data acquisition (SCADA), human machine interfaces (HMI’s), servo drives, industrial vision systems, automated/laser guided vehicles (AGV’s/LGV’s), industrial robotics as well as transfer systems for data to, around and from the plant. He also has experience in the typically non-industrial areas of building management systems (BMS’s), security, access control and CCTV systems. A major part of his time is spent on site commissioning his projects. He is a certified professional electrical engineer and has completed post graduate studies in cyber security and computer forensics as well as having trade qualifications in electrical, data, solar and security. He is a member of the Australian Standards Committee for Australia’s primary electrical standards and has been teaching at several universities since 2012.

RAY HUNT did a Masters degree in Electrical Engineering (Christchurch) and PhD (Adelaide) and has worked in the airline industry designing international networks. He has also taught in a variety of Universities in Australia, New Zealand, Asia, Vancouver and London. Over the last 20 years he has provided numerous training courses and consultation for industry and Governments including Defence, NZ and Police (NSW) in the areas of networks and cybersecurity. He has visited Asia over 70 times in the last 25 years. Specifically, these have included numerous workshops for British Aerospace (Australia), Reuters and AT&T (Hong Kong), Ministry of Defence and Fujitsu (Singapore), Royal Holloway College, London and Vodafone (New Zealand) as well as a variety of related workshops in Bangkok, Taiwan and Kuala Lumpur.

Current Positions:

Visiting Associate Professor, Royal Holloway College, University of London

Adjunct Associate Professor, Flinders, Adelaide, Australia

Adjunct Associate Professor, University of Canterbury, New Zealand

Also check out other Workshops in Canberra, Business events in Canberra, Nonprofit events in Canberra.