Skip to main content

SCADA SYSTEM SECURITY ISSUES

SCADA SYSTEM SECURITY ISSUES
What are some of the security issues that scada system has?
(source: Wikipedia)

The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks—see references. Consequently, the security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to cyber-attacks.

In particular, security researchers are concerned about:

• the lack of concern about security and authentication in the design, deployment and operation of some existing SCADA networks
• the belief that SCADA systems have the benefit of security through obscurity through the use of specialized protocols and proprietary interfaces
• the belief that SCADA networks are secure because they are physically secured
• the belief that SCADA networks are secure because they are disconnected from the Internet.

SCADA systems are used to control and monitor physical processes, examples of which are transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as the basis of modern society. The security of these SCADA systems is important because compromise or destruction of these systems would impact multiple areas of society far removed from the original compromise. For example, a blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source. How security will affect legacy SCADA and new deployments remains to be seen.

There are two distinct threats to a modern SCADA system. First is the threat of unauthorized access to the control software, whether it be human access or changes induced intentionally or accidentally by virus infections and other software threats residing on the control host machine. Second is the threat of packet access to the network segments hosting SCADA devices. In many cases, there is rudimentary or no security on the actual packet control protocol, so anyone who can send packets to the SCADA device can control it. In many cases SCADA users assume that a VPN is sufficient protection and are unaware that physical access to SCADA-related network jacks and switches provides the ability to totally bypass all security on the control software and fully control those SCADA networks. These kinds of physical access attacks bypass firewall and VPN security and are best addressed by endpoint-to-endpoint authentication and authorization such as are commonly provided in the non-SCADA world by in-device SSL or other cryptographic techniques.

The reliable function of SCADA systems in our modern infrastructure may be crucial to public health and safety. As such, attacks on these systems may directly or indirectly threaten public health and safety. Such an attack has already occurred, carried out on Maroochy Shire Council's sewage control system in Queensland, Australia. Shortly after a contractor installed a SCADA system there in January 2000 system components began to function erratically. Pumps did not run when needed and alarms were not reported. More critically, sewage flooded a nearby park and contaminated an open surface-water drainage ditch and flowed 500 meters to a tidal canal. The SCADA system was directing sewage valves to open when the design protocol should have kept them closed. Initially this was believed to be a system bug. Monitoring of the system logs revealed the malfunctions were the result of cyber-attacks. Investigators reported 46 separate instances of malicious outside interference before the culprit was identified. The attacks were made by a disgruntled employee of the company that had installed the SCADA system. The employee was hoping to be hired full time to help solve the problem.

Many vendors of SCADA and control products have begun to address the risks posed by unauthorized access by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks as well as external SCADA monitoring and recording equipment. Additionally, application whitelisting solutions are being implemented because of their ability to prevent malware and unauthorized application changes without the performance impacts of traditional antivirus scans. Also, the ISA Security Compliance Institute (ISCI) is emerging to formalize SCADA security testing starting as soon as 2009. ISCI is conceptually similar to private testing and certification that has been performed by vendors since 2007. Eventually, standards being defined by ISA99 WG4 will supersede the initial industry consortia efforts, but probably not before 2011.

The increased interest in SCADA vulnerabilities has resulted in vulnerability researchers discovering vulnerabilities in commercial SCADA software and more general offensive SCADA techniques presented to the general security community. In electric and gas utility SCADA systems, the vulnerability of the large installed base of wired and wireless serial communications links is addressed in some cases by applying bump-in-the-wire devices that employ authentication and Advanced Encryption Standard encryption rather than replacing all existing nodes.

In June 2010, VirusBlokAda reported the first detection of malware that attacks SCADA systems (Siemens' WinCC/PCS7 systems) running on Windows operating systems. The malware is called Stuxnet and uses four zero-day attacks to install a rootkit which in turn logs in to the SCADA's database and steals design and control files. The malware is also capable of changing the control system and hiding those changes. The malware was found by an anti-virus security company on 14 systems, the majority of which were located in Iran.

Comments

  1. Very informative blog. This blog share some important issues with SCADA system security. All point are very important regarding security. Thanks for sharing

    ReplyDelete

Post a Comment

Popular posts from this blog

PARTS OF A POWER TRANSFORMER

What are the name of the basic parts of a Power Transformer? We can not deny the fact that only a handful of electrical engineering students are presently familiar with power transformers especially on what it looks like. Unlike a transformer we found in our homes, a power transformer’s appearance and construction is somewhat more complicated. It is not just a simple winding with a primary and secondary terminal although basically any transformer has one. The function that a power transformer plays in an electrical system is very important that an electric utility can not afford to loss it during its operation. Our discussion here will focus more on the basic parts and functions of a power transformer that are usually tangible whenever you go to a substation . Although not all power transformers are identical, nonetheless they all have the following listed parts in which the way of construction may differ.

ELECTRIC MOTOR FRAME SIZE STANDARD SPECIFICATIONS

ELECTRIC MOTOR FRAME SIZE STANDARD SPECIFICATIONS How is electric motor frame size being specified? Motor frame dimensions have been standardized with a uniform frame size numbering system. This system was developed by NEMA and specific frame sizes have been assigned to standard motor ratings based on enclosure, horsepower and speed. The current standardized frames for integral horsepower induction motors ranges from 143T to 445T. These standards cover most motors in the range of one through two hundred horsepower. Typical example of where you can locate the frame is shown in Fig 1.2.D – Frame No. The numbers used to designate frame sizes have specific meanings based on the physical size of the motor. Some digits are related to the motor shaft height and the remaining digit or digits relate to the length of the motor. The rerate, or frame size reduction programs were brought about by advancements in motor technology relating mainly to higher temperature ratings of insulating mate...

ELECTRIC MOTOR NAMEPLATE SPECIFICATIONS

How do we interpret an electric motor nameplate? Motor standards are established on a country by country basis.Fortunately though, the standards can be grouped into two major categories: NEMA and IEC (and its derivatives). In North America, the National Electric Manufacturers Association (NEMA) sets motor standards, including what should go on the nameplate (NEMA Standard MG 1-10.40 "Nameplate Marking for Medium Single-Phase and Polyphase Induction Motors").