SCADA Security for Power Girds and Utilities
SCADA is a technology that focuses on the automation of utilities.These utilities include items such as chemical, power, gas, water, oil and other items along these lines.The security among these types of infrastructures is imperative to the safety and security of the general public.With possible exposure to hackers or terrorist, business continuity and public safety could be jeopardized.
Initiatives such as the Open SCADA Security Project are providing open forums and networking among professionals.This organization is similar to OWASP and is currently bringing the aforesaid professionals together.
Although much of SCADA’s security is physical, the information technology behind the operations of SCADA can be the driving focal point of cyber security.With electronics such as Programmable Logic Controls (PLCs), Remote Terminal Units (RTUs), Intelligent Electronic Devices (IED) and Distributed Control Systems (DCS) (just a few devices), cyber attacks can be carried out against these devices without proper protection.
While the U.S. has see demonstrations on how this could have a direct impact on national security, network administrators and IT personnel should be directly involved in the implementation of how utilities directly connect to and how they are protected against hackers.
Underlying Problems and How to Protect these Areas
Many companies that use SCADA devices may not have properly trained information technology professionals securing their network. With modern PLCs, DHCP (Dynamic Host Control Protocol) can issue an ip addresses instantly which in turn makes the PLC an open node on the internal network. Because of this, security measures such as a firewall that is VPN capable, patches and updates for workstations and servers, an Access Control List of restricted users, application software updates and firmware updates are necessary. These aforesaid recommendations include all aspects of information technology and networking technology regardless if the network is wired or wireless.
Small organizations that have equipment such as the PLCs or other equipment listed above may often use basic Windows Home Edition; have no patches, service packs or firewalls in place. Larger businesses may have maintenance personnel who install this equipment on a network and don’t make the IT personnel aware of update requirements. Direct communication with all personnel along with security training should be implemented by utility companies or service companies. Several videos are available on the internet that show SCADA controlled equipment being hacked. This type of interruption of services could be detrimental to basic needs of communities and have a direct impact on security. Information Technology professionals need to be trained in the security needs of SCADA projects. Companies often train maintenance and operational personnel on SCADA and neglect the true needs of cyber security. Companies such as InfoSec Institute and SANS offer SCADA training for Information Technology Professionals.