Evaluation of the security of the internal networks of the SCADA CNEL EP Area, Manabí business unit through OSSTMM and OPNET

Authors

DOI:

https://doi.org/10.33936/isrtic.v7i1.5558

Keywords:

SCADA, Networks, CNEL, OSTTM, OPNET

Abstract

The technological transformation that society has undergone has generated an increase in global cyber attacks, putting at risk all social and productive sectors of society that make use of information technologies, including the electric sector, where Supervisory Control and Data Acquisition (SCADA) systems are often used. In Ecuador, the electric sector is considered a strategic sector for the country's development and is managed by the Corporación Nacional de Electricidad (CNEL EP). This paper evaluates the security in the SCADA area of CNEL EP in the Manabí Business Unit by applying the Open Source Security Testing Methodology Manual (OSSTMM) and using the OPNET simulator. The most important substations belonging to the SCADA area were selected, and an audit was carried out according to the methodology to determine the current state of security and identify possible vulnerabilities. In turn, with the identified vulnerabilities, two simulated scenarios were designed in a simplified manner using the OPNET tool to establish the impact of exploiting one of these vulnerabilities on the operation of the SCADA area services. After obtaining the results, it was concluded that the level of security in the SCADA area is high, although the existence of uncontrolled interactions in operations was identified and needs to be addressed, given that according to the results obtained, the exploitation of these interactions could significantly affect the functioning of the SCADA area.

Downloads

Download data is not yet available.

References

Albareda Herrera, J. M. (2011). Consideraciones sobre la investigación científica. Vita Brevis. https://books.google.com/books/about/Consideraciones_sobre_la_investigaci%C3%B3n.html?hl=es&id=76OYAwAAQBAJ

Andrade, R. O., & Yoo, S. G. (2019). Cognitive security: A comprehensive study of cognitive science in cybersecurity. Journal of Information Security and Applications, 48. https://doi.org/10.1016/j.jisa.2019.06.008

Asamblea Nacional Constituyente. (2008). CONSTITUCIÓN DE LA REPÚBLICA DEL ECUADOR. Registro Oficial, 449(20), 25–2021. www.lexis.com.ec

Ashraf, S., Shawon, M. H., Khalid, H. M., & Muyeen, S. M. (2021). Denial-of-Service Attack on IEC 61850-Based Substation Automation System: A Crucial Cyber Threat towards Smart Substation Pathways. Sensors 2021, Vol. 21, Page 6415, 21(19), 6415. https://doi.org/10.3390/S21196415

Bello, R., Andrés, W., Medina Becerra, ;, Andrés, F., Lara, M., & Alonso, J. (2020). Metodologías de evaluación del riesgo en ciberseguridad aplicadas a sistemas SCADA para compañías eléctricas. Espacios, 41(07), 27–41.

Calzada Hinojosa, S. J. (2021). CIBERSEGURIDAD EN LA PROTECCIÓN DE INFRAESTRUCTURAS CRÍTICAS ELÉCTRICAS. Revista Telemática, 20(1), 36–46. http://revistatelematica.cujae.edu.cu/index.php/tele

Carreño Pérez, J. C. (2019). Metodología para evaluación de ciber vulnerabilidad en sistemas de transmisión de energía eléctrica “EVULCIB”, estudio de caso subestación eléctrica de 230kV ubicada en la ciudad de Bogotá-Colombia.

CNEL EP. (2022). Historia. https://www.cnelep.gob.ec/historia/

Curbelo Martínez, G., Cortés Cortés, M., & Pérez Fernández, A. del C. (2016). Metodología para el análisis de correlación y concordancia en equipos de mediciones similares. http://rus.ucf.edu.cu/

Díaz, R. M. (2021). Estado de la ciberseguridad en la logística de América Latina y el Caribe 228 DESARROLLO PRODUCTIVO. www.cepal.org/apps

Ferreira Alves, M. (2018). Ciberseguridad en la infraestructura crítica mediante el sistema SCADA en planta de tratamiento de agua de Lima. Revista Escuela de Guerra del Ejército del Perú, 02(03), 48–55.

Gamboa Suárez, J. L. (2020). IMPORTANCIA DE LA SEGURIDAD INFORMÁTICA Y CIBERSEGURIDAD EN EL MUNDO ACTUAL.

García Pierrat, G., & Vidal Ledo, M. J. (2016). Title: Informatics and security: an important topic for managers (Vol. 22).

Garcia-Alfaro, J., Romero-Tris, C., & Rubio-Hernan, J. (2014). Simulaciones Software para el Estudio de Amenazas contra Sistemas SCADA.

Gonzáles, G. (2020). Investigación documental: características, estructura, etapas, tipos, ejemplos. https://www.lifeder.com/investigacion-documental/

González Tandazo, N. (2016). EVALUAR LAS VULNERABILIDADES DE SEGURIDAD EXISTENTES EN LA RED DEL SISTEMA SCADA DE LA EERSSA. Universidad de Cuenca.

Gordón Revelo, D. S. (2017). Análisis de estrategias de gestión de seguridad informática con base en la metodología open source security testing methodology manual (osstmm) para la intranet de una institución de educación superior .

Hernández Sampieri, R., Fernández Collado, C., & Baptista Lucio, P. (2014). Metodología de la investigación.

ISECOM. (2010). OSSTMM.3.

Medina Becerra, F. A., Tirano Vargas, J. A., & Vargas Barrera, D. A. (2019). Metodología para la Ejecución de Evaluación de Ciber-Vulnerabilidades en los Sistemas ICS-

SCADA de los Agentes del Sistema Interconectado Nacional. Revista Infometric@-Serie Ingeniería, 1(1).

Mejía Jervis, T. (2020). Investigación explicativa: características, técnicas, ejemplos. https://www.lifeder.com/investigacion-explicativa/

Njova, D. (2021). Evaluating of DNP3 protocol over serial eastern operating unit substations and improving SCADA performance. University of South Africa.

Pazmiño Vallejo, L. M. (2015). Calidad de la gestión en la seguridad de la información basada en la norma ISO/IEC 27001, en instituciones públicas, en la ciudad de Quito D.M.

Rahman, M. A., Pakštas, A., & Wang, F. Z. (2009). Network modelling and simulation tools. Simulation Modelling Practice and Theory, 17(6), 1011–1031. https://doi.org/10.1016/J.SIMPAT.2009.02.005

Rodríguez Penin, A. (2007). Sistemas SCADA: guía práctica - Aquilino Rodríguez Penin - Google Libros. https://books.google.com.ec/books?id=Sai-a0WQw24C&printsec=frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f=false

Ruiz, M., & Ulloa, C. (2013). Diseño y Evaluación de Redes usando OPNET.

Wilcoxon, F. (1945). Some Uses of Statistics in Plant Pathology. Biometrics Bulletin, 1(4), 41. https://doi.org/10.2307/3002011

Downloads

Published

2023-05-31

How to Cite

[1]
Tapia Rivas, L.A. and Demera Centeno , V. 2023. Evaluation of the security of the internal networks of the SCADA CNEL EP Area, Manabí business unit through OSSTMM and OPNET. Informática y Sistemas. 7, 1 (May 2023), 24–33. DOI:https://doi.org/10.33936/isrtic.v7i1.5558.

Issue

Vol. 7 No. 1: January - June (2023)

Section

Regular Papers

License

Copyright (c) 2023 Luis Alonso Tapia Rivas, Viviana Demera Centeno

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Articles submitted to this journal for publication will be released for open access under a Creative Commons Attribution Non-Commercial No Derivative Works licence (http://creativecommons.org/licenses/by-nc-nd/4.0).

The authors retain copyright, and are therefore free to share, copy, distribute, perform and publicly communicate the work under the following conditions: Acknowledge credit for the work specified by the author and indicate if changes were made (you may do so in any reasonable way, but not in a way that suggests that the author endorses your use of his or her work. Do not use the work for commercial purposes. In case of remixing, transformation or development, the modified material may not be distributed.

Most read articles by the same author(s)