Until recently the term “security,” when applied to SCADA communication systems, meant only the process of ensuring message integrity in the face of electrical noise and other disturbances to the communications. But, in fact, “security” also has a much broader meaning. Security, in the broader sense, is concerned with anything that threatens to interfere with the integrity of the business.
Our focus here will be to examine issues related more narrowly to SCADA security.
In an earlier section we discussed the role of the OSI reference model (ISO 7498-1) in defining a communications architecture. In similar fashion, ISO 7498-2, Information Processing Systems, Open Systems Interconnection, Basic Reference Model – Part 2: Security Architecture, issued in 1989, provides a general description of security services and related mechanisms that fit into the reference model, and it defines the positions within the reference model where they can be provided.
It also provides useful standard definitions for security terms.
- Authentication: the corroboration that an entity is the one claimed
- Access control: the prevention of unauthorized use of a resource
- Data confidentiality: the property that information is not made available or disclosed to unauthorized individuals, entities, or processes
- Data integrity: the property that data has not been altered or destroyed in an unauthorized manner
- Nonrepudiation: data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the unit and protect against forgery, e.g., by the recipient
Note that ISO 7498-2 provides standard definitions and an architecture for security services but leaves it to other standards to define the details of such services. It also provides recommendations on where the requisite security services should fit in the seven-layer reference model in order to achieve successful, secure interoperability between open systems.
Security functions can generally be provided alternatively at more than one layer of the OSI model. Communication channels that are strictly point-to-point – and for which no externally visible device addresses need to be observable — can employ encryption and other security techniques at the physical and data-link layers. If the packets need to be routable, messages either need to be encrypted at or above the network layer (the OSI recommendation), or the security wrapper needs to be applied and removed at each node of the interconnected network.
This is a bad idea because of the resultant complexities of security key management and the resultant probability of security leaks.
SOURCE: Daniel E. Nordell