Supervisory control and data acquisition (SCADA) is a type of industrial control system (ICS).
Industrial control systems are computer controlled systems that monitor and control industrial processes that exist in the physical world. SCADA systems historically distinguish themselves from other ICS systems by being large scale processes that can include multiple sites, and large distances.
These processes include industrial, infrastructure, and facility-based processes, as described below: •Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. •Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption. What is Stuxnet Worm Stuxnet is a computer worm that targets the types of industrial control systems (ICS) that are commonly used in infrastructure supporting facilities (i. e. power plants, water treatment facilities, gas lines, etc).
Stuxnet is designed to programmatically alter Programmable Logic Controllers (PLCs) used in those facilities.
INTRODUCTION In recent years, there has been an abundance of new technologies in the information systems field. These new technologies have altered the very development process itself. Information systems have gone from being a series of one level databases to three dimensional reality, virtual reality, and multimedia systems. In the early days of information systems, the demands were for ...
In an ICS environment, the PLCs automate industrial type tasks such as regulating flow rate to maintain pressure and temperature controls. (Landesman,) SCADA / Stuxnet Impact SCADA worms like Stuxnet can seize control of physical systems in the real world, like data center facility systems, and cause catastrophic damage. Stuxnet is a shockingly advanced and complex computer worm that was discovered cleverly hiding in control system computers in Iran. Decryption and analysis of Stuxnet revealed that this worm was engineered to infiltrate and alter the operating code of PLCs used in SCADA systems.
The SCADA systems targeted by Stuxnet control the operation of uranium purification centrifuges used in the Iranian nuclear power program. Evidence suggests that Stuxnet was able to cause catastrophic damage to many of the infected centrifuges. It also appears that Stuxnet caused more subtle damage by covertly making slight adjustments to the rotational speed of the centrifuges. These speed changes affected the quality of the resulting purified uranium and rendered batches of reactor fuel unusable. The Iranians have downplayed the effect of Stuxnet on their operations.
But the fact that they are currently unloading fuel from their reactor indicates that there is a serious problem with the fissile material. (Smith, 2011) Vulnerability of SCADA The vulnerability of SCADA systems represents a particularly grave threat to infrastructure of national significance. Vital infrastructure such as electrical grids, refineries, water treatment plants, and chemical processing plants rely heavily on ICS and/or SCADA. The consequences of a successful cyber attack on this infrastructure are potentially dire.
Fortunately, some national governments have recognized that the SCADA cyber vulnerability represents an emerging threat to national security and have taken steps to close security gaps. The US Federal Government, for example, has launched extensive cyber security initiatives and programs to address vulnerabilities in our national infrastructure. US-CERT, a division of the US DHS, has become one of the world’s leading cyber security organizations. SCADA systems are not limited to industries of significance to national security.
There are a number of Information Technology security controls. The three most common are: physical, technical, and administrative controls; however, many organizations break down administrative controls into two separate categories: procedural and legal controls. “Security controls are the means of enforcing security policies that reflect the organization’s business requirements, ...
In fact, variations of these systems can be found in nearly every industrial and commercial environment. Data centers are no exception. Most commonly, data centers utilize SCADA technology to control the automated functions of their critical electrical switchgear. Switchgear in these facilities usually feature multiple, redundant power paths to allow for maintenance and to provide operational resilience in the event of a system component failure. In order to function effectively, this type of switchgear must monitor system conditions such as voltage, amperes, and frequency.
If one of the monitored parameters falls out of a preset tolerance band the switchgear automatically performs an action or series of actions to correct the abnormal condition. For example, in the event of a loss of mains power to the switchgear, standby generators start and a number of circuit breaker position change in order to deliver generator power to the critical load. The system of sensing devices, Programmable Logic Controllers (PLCs), and computers that monitors and controls the switchgear is known as SCA.
Conclusion The federal government and industry groups aren’t standing still when it comes to securing the grid and SCADA dependent systems. And they are helping guide the way to more secure and sustainable power systems. The Department of Homeland Security (DHS) released its Catalog of Control Systems Security Recommendations for Standards Developers that aims to help facilitate the creation of security standards for SCADA, process control, distributed control, and other critical infrastructure systems.
The standards help to detail everything from how such industries can screen personnel to establishing physical security and setting secure configuration management guidelines. North American Electric Reliability Corporation (NERC), for its part, maintains security standards and guidance to roughly 2,000 public and private firms involved in electricity production and distribution in North America. NERC’s Critical Infrastructure Protection (CIP) regulations were designed to help ensure the reliability of bulk power generation and delivery.
A few different types of security events and baseline anomalies that might indicate suspicious activity Different traffic patterns or influx in bandwidth usage can be considered suspicous activity. Or sevices changing port usage, in turn creating variaitons in normal patterns. A sudden increase in overall traffic. This may just mean that your web site has been mentioned on a popular news site, or ...
NERC CIP regulations comprise eight mandatory requirements that establish the minimum acceptable level of risk, and include security log collection and analysis, access control, reporting, intrusion detection/prevention system, among others. “The standards have only been auditable for a couple of years, and we are light years improved from where we were a few years ago,” says Weatherford. Are we where we need to be? No. But neither was PCI DSS when it first came out. Today, PCI DSS is a fairly good standard.