Skip to main content

SCADA SYSTEM CYBER SECURITY – A COMPARISON OF STANDARDS TECHNICAL PAPER

SCADA SYSTEM CYBER SECURITY – A COMPARISON OF STANDARDS TECHNICAL PAPER
Authored by: Teodor Sommestad, Göran N. Ericsson, Senior Member, IEEE, Jakob Nordlander

ABSTRACT - Cyber security of Supervisory Control And Data Acquisition (SCADA) systems has become very important. SCADA systems are vital for operation and control of critical infrastructures, such as the electrical power system. Therefore, a number of standards and guidelines have been developed to support electric power utilities in their cyber security efforts. This paper compares different SCADA cyber security standards and guidelines with respect to threats and countermeasures they describe. Also, a comparison with the international standard ISO/IEC 17799 (now ISO/IEC 27002) is made. The method used is based on a comparison of use of certain key issues in the standards, after being grouped into different categories. The occurrences of the key issues are counted and comparisons are made. It is concluded that SCADA specific standards are more focused on technical countermeasures, such as firewalls and intrusion detection, whereas ISO/IEC 17799 is more focused on organizational countermeasures.

INTRODUCTION - SCADA (Supervisory Control And Data Acquisition) systems have been in use more than 30 years, and have become more advanced and complex as computer technology has advanced. They are today vital for operating critical infrastructures, such as electric power systems. The development of SCADA system started before the wide-spread use of Internet, in a period of time when the need for IT-security mostly consisted of protecting the physical access to the computers of the system. During the last ten years, the number of connections to SCADA systems and the use of internet-based techniques have increased rapidly. SCADA systems have also moved from using proprietary protocols and software to using the same standards and solutions as administrative IT systems. This trend is also likely to continue as Electric Power Utilities (EPUs) move towards the vision of a smart grid. As a consequence, SCADA systems are now being exposed to threats and vulnerabilities they have never been exposed to before, and to a much greater extent than earlier. In addition, conventional security solutions are not always applicable to SCADA systems, since performance and availability requirements differ for administrative IT systems and SCADA systems.

CONCLUSIONS - This paper has presented a quantitative evaluation of SCADA standards and the comparison to ISO/IEC 17799. It can be concluded that with this ranking method, more than every fourth countermeasure mentioned in the SCADA standards concern cryptography or authentication. Furthermore, the threats most frequently mentioned are those relating to malicious code or denial of service attacks, which together make up 50 percent of the total occurrences of keywords associated with threats. There is also a strong focus on countermeasures in the SCADA standards, hence less focus on threats. Moreover, it was found that compared to SCADA standards ISO/IEC 17799 focus more on management and organizational issues, and less on technical issues. These results suggest that electric power utilities solely using standards similar to ISO/IEC 17799 for security management should complement its efforts by adapting this to SCADA specific security requirements. In particular should firewalls, system administration tools, antivirus, and intrusion detection be considered.

Comments

  1. Really it was good news for SCADA cyber security. I am bit relaxed after reading your post. Thanks for sharing.

    ReplyDelete
  2. sdlc phases

    7 Phases Of SDLC:
    • Requirements Gathering
    • Analysis
    • Design
    • Development
    • Testing
    • Deployment
    • Maintenance

    scada system

    https://leadergroup.com/

    ReplyDelete

Post a Comment

Popular posts from this blog

PARTS OF A POWER TRANSFORMER

What are the name of the basic parts of a Power Transformer? We can not deny the fact that only a handful of electrical engineering students are presently familiar with power transformers especially on what it looks like. Unlike a transformer we found in our homes, a power transformer’s appearance and construction is somewhat more complicated. It is not just a simple winding with a primary and secondary terminal although basically any transformer has one. The function that a power transformer plays in an electrical system is very important that an electric utility can not afford to loss it during its operation. Our discussion here will focus more on the basic parts and functions of a power transformer that are usually tangible whenever you go to a substation . Although not all power transformers are identical, nonetheless they all have the following listed parts in which the way of construction may differ.

ELECTRIC MOTOR FRAME SIZE STANDARD SPECIFICATIONS

ELECTRIC MOTOR FRAME SIZE STANDARD SPECIFICATIONS How is electric motor frame size being specified? Motor frame dimensions have been standardized with a uniform frame size numbering system. This system was developed by NEMA and specific frame sizes have been assigned to standard motor ratings based on enclosure, horsepower and speed. The current standardized frames for integral horsepower induction motors ranges from 143T to 445T. These standards cover most motors in the range of one through two hundred horsepower. Typical example of where you can locate the frame is shown in Fig 1.2.D – Frame No. The numbers used to designate frame sizes have specific meanings based on the physical size of the motor. Some digits are related to the motor shaft height and the remaining digit or digits relate to the length of the motor. The rerate, or frame size reduction programs were brought about by advancements in motor technology relating mainly to higher temperature ratings of insulating mate...

ELECTRIC MOTOR NAMEPLATE SPECIFICATIONS

How do we interpret an electric motor nameplate? Motor standards are established on a country by country basis.Fortunately though, the standards can be grouped into two major categories: NEMA and IEC (and its derivatives). In North America, the National Electric Manufacturers Association (NEMA) sets motor standards, including what should go on the nameplate (NEMA Standard MG 1-10.40 "Nameplate Marking for Medium Single-Phase and Polyphase Induction Motors").