This article examines the state of security related to process-control
systems and what can be done to secure them.
What is SCADA?
There are two types of process-control systems in view—distributed control
systems (DCS) and supervisory control and data acquisition (SCADA). DCS are
typically used for single-point processing and are employed in a limited
geographic area. On the other hand, SCADA systems are used for large-scale,
distributed management of critical infrastructure systems and are often
geographically dispersed.
For example, in a power utility, DCS may be used for generation of power, while
SCADA is used for the distribution and transmission of power. The basic SCADA
configuration shown in Figure 1, consists of a supervisory control station and
multiple controller stations, either local or remote. Through the use of the
control station, operators can monitor status and issue commands to the
appropriate devices. Control stations consist of devices that collect data or
effect control of equipment. These devices are either remote terminal units (RTU),
intelligent electronic devices or programmable logic controllers (PLC).
Figure 1: Process Control System
The security problem
Because of the limited attention paid to security, both DCS
and SCADA systems are perceived as being largely unsecured
and vulnerable to attack, as noted by a Government
Accountability Office report last year. The report included
many examples of attacks on control systems including:
- A cybersecurity breach in 1994 of the Salt River
Project, a major water and electricity provider in
Tempe, Ariz.
- SQL Slammer worm infection of the Davis-Besse nuclear
power plant in Oak Harbor, Ohio, in 2003. The plant's
process computer failed, requiring more than six hours
for recovery. Control-system traffic was also blocked on
five other utilities.
These examples highlight some of the exposures related to
SCADA systems that can lead to further liabilities. However,
to tackle the SCADA security challenge, we must better
understand and define the problem. There are three primary
issues related to SCADA security that have emerged in recent
years: unsecured data transmissions, open public network
connections and technology standardization.
Unsecured data/command transmissions
Many older SCADA systems weren't designed with information
security in mind. This omission has led to systems with
unsecured data transmission. Most of the older SCADA systems
will still transmit both data and control commands in
unencrypted clear text. This allows potential attackers to
easily intercept and issue unauthorized commands to critical
control equipment.
Furthermore, the lack of authentication in the overall
SCADA architecture means that attackers with physical access
to the network can gain a foothold to launch
denial-of-service or "man-in-the-middle" attacks,
both of which can lead to disruption and safety concerns.
Open public network connections
SCADA systems have long been regarded as operating in a
secure environment because of their closed network, which
isn't exposed to external entities. Also, the communication
protocols employed were primarily proprietary and not
commonly published. This "security by secrecy"
approach has led to a false sense of security that doesn't
stand up to the test of an audit.
Furthermore, the notion that SCADA networks are closed
systems is no longer true. Recent advances, such as
Web-based reporting and remote operator access, have driven
the requirement to interface with the Internet. This opens
up physical access over the public network and subjects
SCADA systems to the same potential malicious threats as
those corporate networks face on a regular basis.
Standardization of technologies
Typically, compliance with industry standards and
technologies is regarded as a good thing. However, in the
case of newer SCADA systems, recent adoption of commonly
used operating systems and standards make for a more
vulnerable target. Newer SCADA systems have begun to use
operating systems such asWindows or Unix variants that are
commonplace in corporate networks. While this move offers
benefits, it also makes SCADA systems susceptible to
numerous attacks related to these operating systems. SCADA
systems also face patch management challenges as
vulnerabilities for these operating systems are uncovered.
Securing SCADA
Against the backdrop of these emerging threats, security
managers at institutions that use SCADA are beginning to
address the challenges involved in securing these systems.
Much of what needs to be done is simply implementing sound
information-security practices. Here are a few key
initiatives to address lingering security issues:
- Secure network communications: Implement strong
encryption over the SCADA network communications,
ensuring that both monitored data and control commands
are encrypted.
- Turn on security: Implement security features
with devices on your network, especially authentication.
Use secure protocols whenever possible.
- Know your SCADA network: Identify all
connections to external networks including wireless
networks, corporate LANs and WANs, and the Internet.
Further secure your network by eliminating all
unnecessary connections to external networks.
- Harden your SCADA environment: Remove all
unnecessary services from the hosts on your network.
Also, just as you would in your corporate network
environment, ensure that all systems are patched and up
to date.
- Conduct regular security audits: Ensure that
security practices and procedures, such as incident
response, are defined and implemented. Penetration
testing of the network environment should also be
prudently conducted with inspection for potential back
doors into the SCADA network.
- Implement real-time threat protection: With the
increasing number and complexity of attacks, it's
insufficient to simply patch your systems or maintain
access/service control. One alternative is to implement
real-time threat protection in the form of network
intrusion-prevention systems. Unlike standard
packet-filter firewalls, these systems perform
application-layer inspection to identify attacks that
are carried in the payload and block the offending
traffic in real time.
Andre Yee is president and CEO of NFR
Security Inc., a Rockville, Md.-based vendor of
real-time threat protection products, including an
intrusion-prevention system with patent-pending Confidence
Indexing.
