The future of SCADA-control security

By Gregory Machler, CSO |  Security, SCADA

If you're a CXO overseeing a critical infrastructure that contains SCADA (supervisory control and data acquisition) controls, a chief concern is how to protect the infrastructure against terrorist attacks. Changes in control software will continue to accelerate until the most critical infrastructure weaknesses (oil refineries, electrical power plants, water treatment facilities) are addressed worldwide. But it may take years to replace all of the controls.

In order to address some of these concerns, networking vendors are deploying solutions to monitor network traffic between the management systems of these controls to determine the validity of its state. They can plan on implementing authentication and access controls on the sessions that communicate with the controls. As a newer generation of controls is deployed, authentication and authorization features will be built into the controls themselves. All access can be logged to determine if there is any tampering.

[Experts: Pressure SCADA developers]

But there are other concerns associated with the electrical power, refinery, chemical plant, water treatment, and nuclear power industries that deploy these new controls. There will be a great need for custom simulation software for specific vertical industries like the ones listed above. Simulations will be needed to determine what will happen if a new set of policies (control states) are implemented.

The control settings (policies) need comprehensive testing. It will be too difficult to determine all of the various states of the controls and their interaction with other controls via spreadsheets. The dangers could be catastrophic, such as chemical or waste spills, so the software will need to be very sophisticated to manage the various good and bad control permutations.

This SCADA simulation software reminds me of the live/dead analysis that goes on within Energy Management Systems used by electrical power companies to manage their multi-state electrical grids. Live/dead analysis simulates the response to an electrical line change to a portion of the grid. The change can then be implemented if the simulation shows it is safe.


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question