Not in Kansas anymore: Securing SCADA
Security researchers warn that attacks against Supervisory Control and Data Acquisition Systems, otherwise known as SCADA systems, could cripple critical infrastructure services. SCADA networks encompass computers and applications that perform key functions in providing essential services and commodities such as electricity, natural gas, gasoline, water, waste treatment, and transportation--all part of the nation's critical infrastructure. The first step in safeguarding our critical infrastructures is in identifying system vulnerabilities.
 |
| Click for more content from ESD April 2012. |
System vulnerabilities
Digital Bond, a consulting firm specializing in control system security, has found that the latest vulnerabilities mostly exist in free or low-cost Windows-based engineering work-stations that are used as graphical user interfaces to back-end control systems. SCADA systems such as Siemens are deployed widely in critical infrastructures.
Siemens reported just last year that a Stuxnet worm was released for the purpose of stealing industrial secrets, disturbing operations and infecting some 14 nuclear plants. The worm leveraged a previously unknown Windows vulnerability (now patched) that allowed it to spread from computer to computer, typically via USB sticks. In today's times, it has become increasing apparent that attacks on vulnerable SCADA systems can wreak havoc.
Cambashi analyst Christine Easterfield agrees, "with the growth of embedded software--in every new control system, device and industrial machine--there is a potential vulnerability at each interface. And with more interconnection, often using the Internet, for remote monitoring and business system integration, the risk of malware attack gets more real and more serious." Easterfield continues, "but this is just one dimension--you need to consider operational procedures, staff, and other factors. For example, staff need to be trained in secure practices and made aware of the risks to which they may expose critical systems." Critical SCADA systems such as in oil and gas, nuclear, energy or any mission critical application are typically configured in a master/slave architecture to achieve fault tolerance. For instance, PcVue designed its SCADA to run in a distributed architecture of several stations including redundant ones. Its redundancy mechanisms include such capabilities as load balancing and hot, warm or cold standby redundancy methods. This allows the operator to not only able to handle the redundancy of the real-time, alarm and historical data of your distributed application but also manage the redundancy of the communication with the devices and of the physical network.
"We see the use of these redundancy mechanisms for applications requesting a high availability and security of the data and as part of a disaster recovery strategy. As an example we can mention Iberdrola, one of the world's largest utilities and leading player in the global renewable energy sector, that uses tens of pairs of redundant PcVue stations to manage, monitor, control, distribute and archive hundreds of thousands data points from wind farms across the US," said Emmanuel Ecochard, VP of US Operations, PcVue, Inc.
Blue Pillar, a provider of energy assets management software, confirmed Cambashi's operational procedures and staff concerns and believes that with the exception of the IT staff, the operational and energy management staff does not even have energy asset security on their radar as a security concern. The reality is that they either rely 100% on physical security or they have to rely on the unsecured and open industrial automation implementations running Modbus TCP-IP throughout their networks.
According to Kyle Zeronik, Blue Pillar's VP of Information Technology, it is critical to secure the SCADA from top to bottom. "We secure critical power infrastructures right down to securing the messaging within our architecture to limit the conversations to only the devices with appropriate credentials and authorizations. We manage site-site communication including Internet security and encrypted messages transmitted over secure channels. Device level communications is managed via 256Bit AES (FIPS-197 certified) encryption."
Advanced integration needs
Today the threat to control systems has changed dramatically. There are now more advanced integration needs than ever before for energy management, operational testing, and even maintenance, which are requiring more sophisticated automation to be implemented into traditionally under-automated equipment. More industrial automation means historically un-automated equipment now being exposed via unsecured network protocols such as Modbus, OPC, and others.
According to Blue Pillar, advanced integration needs have become an over-arching security theme in the automation and controls industry and it needs to be addressed in the fabric of the solution; not as a bolt-on after-thought on every level (physical, logical, electrical, etc.).
Let's face it, SCADA networks provide great efficiency. They are widely used because they enable the collection and analysis of data and control of equipment such as pumps and valves from remote locations and have been initially developed from inception with capabilities to seamlessly integrate with numerous equipment and systems. Although SCADA networks were also designed to maximize functionality, very little attention was paid to security. While performance, reliability, flexibility and safety of distributed control/SCADA systems are robust, too often the security of these systems is often weak. Cambashi's Easterfield summed it up saying "critical infrastructure architectures must handle all the issues--from embedded software vulnerability to elimination of domino-effect failures."
Domino effect failures are common in the industrial controls sector due to the amount of connections between systems and equipment. It can make some SCADA networks potentially vulnerable to disruption of service, process redirection, or manipulation of operational data that could result in public safety concerns and/or serious disruptions to critical infrastructures.
Loading comments... Write a comment