Search

Premium Membership ♕

Save 10% on Pro Membership Plan with coupon DEC10 and study specialized LV/MV/HV technical articles and papers.

Home / Technical Articles / Thinking About Security Considerations in SCADA Systems (2)
Thinking About Security Considerations in SCADA Systems (2)
Thinking About Security Considerations in SCADA Systems (2)

Continued from previous part: Thinking About Security Considerations in SCADA Systems (1)


SCADA Threats

In this part of technical article, I will focus on various types of threats which must be considered in order to plan the security management of a SCADA system. Some of them (first two) were described in the previous part, so focus will be on physical threats, threats via communication and threats to software management.

Threats may be of following types:

  1. Environmental threats (previous part)
  2. Electronic threats (previous part)
  3. Physical threat
  4. Threat via Communication and information networks
  5. Threats to Software Management and documentation

3. Physical security

In general, SCADA system equipment should be located inside secured areas having the same degree of security deemed appropriate for the supported systems. However, the electronic nature of these systems provides opportunities for compromise from both inside and outside the secured area that must be addressed.

– 3.a –

HMI devices for controllers that provide access to the entire SCADA system shall use password   protected  screen  access  with  multiple  levels  of  access  control,  and automatic logout routines with short time settings.

Password policies for screen savers shall be in compliance with established Do D policies (CJCSI 6510.01D).

– 3.b –

Equipment enclosures and pull and junction boxes should be kept locked or secured with tamper resistant hardware. Doors and covers should be provided with tamper switches or other means of detecting attempted intrusion, connected to the site security system.

Tamper detection devices should be designed to detect the initial stages of access such as removal of fasteners, unlatching of doors, etc.

– 3.c –

Raceways and enclosures for SCADA circuits external to the secured area should be designed to  resist entry by unauthorized persons. Access to  field wiring circuit conductors can  potentially provide “back-door” entry  to  controllers for damaging over-voltages or transients.

Outside raceways should consist of rigid steel conduits with threaded and welded joints and cast junction boxes with threaded hubs and tamper proof covers.

– 3.d –

Conduits exiting the secured area should also be sealed to prevent them from being used to introduce hazardous or damaging gases or fluids into enclosures within the secured area.

Go Back To SCADA Threats Index ↑


4. Communication and information networks

Connections from SCADA systems to networks extending beyond the  C4ISR facility or between facilities on a common site introduce the threat of attacks.

– 4.a –

These attacks are of several types:

  1. Unauthorized user access (hacking).
  2. Eavesdropping; recording of transmitted data.
  3. Data interception, alteration, re-transmission.
  4. Replay of intercepted and recorded data.
  5. Denial of Service; flooding the network with traffic.

– 4.b –

The best defense against these threats is to entirely avoid network connections with other networks within or external to the facility.

If they must be used, data encryption techniques should be applied to all network traffic.

The following additional means of enhancing security should also be considered:

  1. Physically disconnect when not in use; applicable to dial-up connections for vendor service.
  2. Use fiber optic media which cannot be tapped or intercepted without loss of signal at the receiving end.
  3. One-way traffic; alarm and status transmission only with no control permitted.

Go Back To SCADA Threats Index ↑


5. Software management and documentation

With the modern complexity and exposure to intentional software damage that can occur in modern industrial controls systems, it is a good practice to implement a Software Management and Documentation System (SMDS).

– 5.a –

A SMDS system is software which resides on a dedicated computer on the plant network that monitors all activities of  the control system. Such a system should be required for the control system in an important and complex military facility.

It allows the facility administrator to do the following:

  1. Control who may use any SCADA application software and what actions can be performed
  2. Maintain  a   system-wide  repository  for  historical  storage  of  the  application configuration files
  3. Identify exactly who has modified a control system configuration or application parameter, what they changed, where they changed it from, and when the change was made
  4. Assure that the control system configuration thought to be running the facility actually is
  5. Support application restoration following a catastrophic event
  6. Generate views into the Software Management System for more detailed analysis of configuration changes

– 5.b –

Software Management and Documentation systems are available now from the major suppliers of industrial control systems.

Having such a system provides the following additional benefits:

  1. Avoids maintaining incorrect or incompatible software versions
  2. Assures that there are not multiple versions of software on file
  3. Prevents multiple users from causing a conflict somewhere on the system
  4. Prevents legitimate changes from being reversed or overwritten
  5. Supports the availability of the system at its maximum

5.c

Among the specific software that such a system would secure are:

  1. PLC programs
  2. HMI screens
  3. SCADA configurations
  4. CAD drawings
  5. Standard Operating Procedures (SOP’s) (6) Network Configurations

Go Back To SCADA Threats Index ↑

Premium Membership

Get access to premium HV/MV/LV technical articles, electrical engineering guides, research studies and much more! It helps you to shape up your technical skills in your everyday life as an electrical engineer.
More Information
Bipul Raman - Author at EEP-Electrical Engineering Portal

Bipul Raman

Bipul Raman (@BipulRaman) is a Technology Enthusiast, Programmer and Blogger. Read more at : https://www.bipul.in
Profile: Bipul Raman

Leave a Comment

Tell us what you're thinking. We care about your opinion! Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let's have a professional and meaningful conversation instead. Thanks for dropping by!

twenty six  +    =  thirty one

Learn How to Design Power Systems

Learn to design LV/MV/HV power systems through professional video courses. Lifetime access. Enjoy learning!

EEP Hand-Crafted Video Courses

Check more than a hundred hand-crafted video courses and learn from experienced engineers. Lifetime access included.
Experience matters. Premium membership gives you an opportunity to study specialized technical articles, online video courses, electrical engineering guides, and papers written by experienced electrical engineers.