Cyber Security for Luna DTS systems

Distributed Temperature Sensing (DTS) systems have become a well accepted and powerful tool in various markets like in the electrical energy industry, in fire detection and downhole well monitoring. Following a general trend, the initially isolated stand-alone DTS systems become recently more and more integrated into complex Supervisory Control and Data Acquisition (SCADA) systems.

Taking current Smartgrid initiatives for instance, the DTS system has certainly grown out of pure temperature sensing. With these demands in mind, Luna has been looking closer to Cyber Security for SCADA systems.

Supervisory control and data acquisition (SCADA), process control system (PCS), distributed control system (DCS), etc. generally refer to the systems which control the critical infrastructures such as electric power generators and power grids, subway systems, dams, telecommunication systems, natural gas pipelines, fire protection systems, and many others.  Simply stated, a control system gathers information and then performs a function based on information it received.
Control systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of an oil field.
Control system technology has evolved over the past 30 years as a method of monitoring and controlling large processes.  30 years or even 15 years ago, security was not generally on anyone’s priority agenda, as these control systems were stand alones, not connected to the outside world via the Internet.  Over the years, these systems have gone from proprietary, stand-alone systems, to those that use off-the-shelf hardware (e.g. standard PC components) and software (e.g. Microsoft Windows or Linux).  However, more commonly used hardware and software increased concern of vulnerabilities and attacks.

Several recent incidents in industry have proved that the risks coming from security breaches are no longer fiction, and the resulting consequences can be severe:

  • In 2005 “a round of internet worm infections knocked 13 of DaimlerChrysler’s US auto manufacturing plants offline for almost an hour, stranding some 50 000 auto workers as infected Microsoft Windows systems were patched” [1].
  • In 2006 a nuclear power plant in the US had to be shut down after a “data storm” on its internal control system network stopped the control of two cooling water pumps.  The storm was apparently caused by a malfunctioning PLC [2].
  • A report in 2007 stated that “US critical infrastructure [is] in serious jeopardy”, and that the US “electrical service, transportation, refineries and drinking water are at serious risk from very simple hacker attacks” [3].
  • “Researchers [at the US Sandia National Laboratories] who launched an experimental cyber attack caused a [power] generator to self-destruct…” [4].
  • Former Homeland Security Secretary Michael Chertoff stated that “al Qaeda already has some cyber-attack capability”.  He expects al Qaeda to develop more cyber-attack skills that would allow them to attack infrastructure that is less well protected, perhaps in the transportation and energy sectors: “It’s only a matter of time.” [5]

A survey conducted by the Conseil Européen pour la Recherche Nucléaire (CERN) [6] revealed that devices are often vulnerable even to very simple attacks from freely available tools like Netwox [7] or Nessus [8].  32% of the tested systems completely crashed as a response to the Netwox test, and 21% were crashed by Nessus.  Furthermore, Nessus reported significant security holes in 18% of the systems.

Luna’s series of DTS systems resp. OTS controllers offer a standard Ethernet interface which allows integrating them into control networks.  Several standard network protocol interfaces to SCADA systems are available, including MODBUS/TCP [9], IEC 60870-5-104 [10] and DNP3 [11], as well as more sophisticated protocols like Energistics’ WitsML standard [12] used in the Oil and Gas industry.

Due to the well-known risks summarised above, Luna has paid special attention to the structure and cyber security of the DTS system design and its interfaces:

  • System design – The Luna DTS controller is based on a DSP which runs the data acquisition and data reduction.  The software is not based upon an operating system, and has been extensively tested and verified by the VdS (Association of German asset insurers).  A separate processor is used for the network connectivity.  This approach ensures a decoupling of the data reduction from the network.
  • Linux based system – The network processor runs the Linux [13] operating system.  Linux is well-known as extremely stable operating system for which almost no malware like viruses or Trojans exist.  All unnecessary parts (e.g. hardware or network protocol drivers which are not needed) have been stripped from the operating system, which does not only reduce its memory and processing demands, but also greatly reduces the possibility of being hit by a yet unknown bug.  The system has been extensively tested with standard security tools, including Netwox and Nessus, and did not show any vulnerabilities or security issues.
  • Built-In Firewall – The DTS controller offers a built-in firewall, based upon the standard Linux iptables [14] infrastructure, which can easily be configured separately for each protocol.  The firewall can be used to block the access to a specific protocol by an intruder on a very low level, thus ensuring that the attacker can neither read any data, nor perform an action like resetting the device’s outputs.
  • Protocol Encryption – For all protocols, the DTS controller offers optional encryption using the industry-standard Transport Layer Security (TLS, RFC 5246 [15]) protocol.  Using TLS, both the connecting system and the DTS controller can be configured to present a cryptographic certificate to prove their identity.  If any of the checks fails, the connection is simply rejected.  The encryption can be used with both self-signed certificates as well as with certificates issued by a Certificate Authority (CA).  After a successfully authenticated connect, the data exchange is encrypted, thus preventing an attacker from sniffing any data on the wire.

The combination of the aforementioned measures result in a system which is considerably more secure than comparable devices.  However, due diligence is of course necessary if the DTS controller shall be included in an infrastructure as to protect the other devices in the SCADA network [16].

[6] Lüders, S.: Control Systems under Attack. 10th ICALEPCS Int. Conf. on Accelerator & Large Expt. Physics Control Systems. Geneva, 10 – 14 Oct 2005.
[16] U.S. Department of Energy: 21 Steps to Improve Cyber Security of SCADA Networks.