Conventional IT Security and Relevant SCADA Issues
Over the years, information system security professionals developed a number of generally accepted best practies to protect networks and computing infrastructures from malicious attacks. However, these practices cannot be applied directly to SCADA systems without accounting for the different requirements of IT and SCADA systems. The following list provides examples of IT best practices and the state of their application to SCADA systems:
- Audit and monitoring logs: After-the-fact analysis of audit trails is a useful means to detect past events. Monitoring, on the other hand, implies real-time capture of data as a system is operating Both techniques are successfully employed in IT systems.Their application to SCADA systems will yield benefits similar to those derived from their use in IT systems. BEcause of the varying ages and sophistication of some SCADA system components, many do not have logging capabilities. The cost of installing, operating, and maintaining extensive auditing and monitoring capabilities in a SCADA application must be weighed a gainst the potential benefits
Introduction To Robotics
Classification Of Robotics
SCADA System Architecture
SCADA System Security Issues Overview
- Biometrics: Biometrics are attractive because they base authentication on a physical characteristic of the individual attempting to access relevant components of a SCADA system. Currently, biometrics are promising, but are not completely reliable. Depending on the charecteristic being examined, throughput problems, human factor issues, and possible compromises of the system. However, the technology is progressing and biometrics should become a viable option for controlling SCADA system access.
- Firewalls: Firewalls can be used to screen messge traffic between a corporate IT network and a SCADA network. Thus, in many instances, a fire wall can protect SCADA systems from penetrations that have occurred on the corporate side. Some issues that have to be considered when applying firewalls to SCADA systems are the delays introduced into data transmissions, the skill and overhead required set up and manage firewalls, and the lack of firewalls designed to interface with some popular SCADA protocols
- Intrusion detection systems: Intrusion detection systems (IDSs) are either host-based or network-based. A host-based IDS can detect attacks against the host system, but does not monitor the network. Alternatively, a netwoek-based IDS views the networ by monitoring network traffic and assesses the traffic for malicious intent. IDSs are useful in protecting SCADA systems, but cannot be universally applied because, at this time, IDSs are not available for some SCADA protocols. As with other safe-guards, IDs might slow down certain SCADA operation and their cost and operation have to be weighed against the potential benefits derived from their use.
- Malicious code detection and elimination: The computational overhead associated with detecting and eliminating malicious code that might infact a SCADA system an seriously affect the real-time performance of SCADA system components. Activities such as running antivirus software, updating virus signature databases, and quarantining or deleting malicious code require time and computing cycles that might not be available on SCADA system components. Updating virus databases from the internet also exposes the SCADA system to additional viruses and attacks from the internet. Again, the cost of antivirus implementations must be qeighed against the perceived SCADA risks and benefits of such software.
- Passwords: In a SCADA environment, a control operator might need to enter a password to gain access to a device in an emergency. If the operator types in the password incorrectly a few times, a conventional password, is to lock out the operator. Locking out the operator is nor a good thing in real-time control encironments. Foe operators on local control devices, passwords might be eliminated or made extramly simple. At the supervisory level, better and longer passwords might be used, two-factor authentication employed, and challenge-response tokens used. In situations where the passwords might be subject to interception when transmitted over networks, encryption should be considered to protect the password from compromise.
- Public-key cryptography: with public-key or asymmetric-key cryprograpy, thre is no need to exchange secret keys between sender and receiver. A public key is available to anyone wishing to communicate with the holder of the corresponding and mathematically related private key. The private key is protected and know only to the receiving party. The main feature of public-key cryptography is that it is virtually imposible to drive the private key from the known publik key. Public-key cryptography also provides the ability for a sender to digitally sign a document and transmit it for anyone to read who can access the snder's public key. This signing guarantees that the document was sent by the owner of the private key of the ublic-key-private-key pair. As one can deduce, key management, including certification that the public key actually belongs to the named person, in an important issue that has to be handled by the organization. Relatively to SCADA operations, public-key cryptosystems require relatively long processing times that are incompatible with the real-time requirements of control systems. Symmetric-key cryptosystems, discussed in the next section, are more suitable for use in the SCADA environment.
- Symmetric-key cryptography: With symmetric-key cryptography, also known as secret-key cryptography, the sender and receiver have to share a common, secret key. This key is used to encrypt the message at the transmitting end and decypt the message at the receiving end. Thus, the secret keys have to be distributed securely from all transmitters to all receivers. This distribution is a concern. One popular solution is to use public-key-cryptography to distribute the secret key and then use symmetric-key cryptography to send the messages.
- Role-based acces control: This type of access control is gaining popularty in goverment and industry sectors because of its ability to accommodate changes in personnel and organizations. In this type of security control, access is based on the role of a person in an organization rather than the identity of the individual. Ir has not yet been widely applied to SCADA systems but holds promise for use at the supervisory level of SCADA operations.
Retyped from book Scuring SCADA System By Ronald L. Krutz. PhD. Wiley.
SCADA Systems
SCADA Field INstrumentation
PLCs and RTUs
Remote Communications Networks
SCADA Host Sofware
SCADA Security
- Audit and monitoring logs: After-the-fact analysis of audit trails is a useful means to detect past events. Monitoring, on the other hand, implies real-time capture of data as a system is operating Both techniques are successfully employed in IT systems.Their application to SCADA systems will yield benefits similar to those derived from their use in IT systems. BEcause of the varying ages and sophistication of some SCADA system components, many do not have logging capabilities. The cost of installing, operating, and maintaining extensive auditing and monitoring capabilities in a SCADA application must be weighed a gainst the potential benefits
Introduction To Robotics
Classification Of Robotics
SCADA System Architecture
SCADA System Security Issues Overview
- Biometrics: Biometrics are attractive because they base authentication on a physical characteristic of the individual attempting to access relevant components of a SCADA system. Currently, biometrics are promising, but are not completely reliable. Depending on the charecteristic being examined, throughput problems, human factor issues, and possible compromises of the system. However, the technology is progressing and biometrics should become a viable option for controlling SCADA system access.
 |
| Image Source: www.geautomation.com |
- Firewalls: Firewalls can be used to screen messge traffic between a corporate IT network and a SCADA network. Thus, in many instances, a fire wall can protect SCADA systems from penetrations that have occurred on the corporate side. Some issues that have to be considered when applying firewalls to SCADA systems are the delays introduced into data transmissions, the skill and overhead required set up and manage firewalls, and the lack of firewalls designed to interface with some popular SCADA protocols
 |
| Image Source: www.rad.com |
- Intrusion detection systems: Intrusion detection systems (IDSs) are either host-based or network-based. A host-based IDS can detect attacks against the host system, but does not monitor the network. Alternatively, a netwoek-based IDS views the networ by monitoring network traffic and assesses the traffic for malicious intent. IDSs are useful in protecting SCADA systems, but cannot be universally applied because, at this time, IDSs are not available for some SCADA protocols. As with other safe-guards, IDs might slow down certain SCADA operation and their cost and operation have to be weighed against the potential benefits derived from their use.
- Malicious code detection and elimination: The computational overhead associated with detecting and eliminating malicious code that might infact a SCADA system an seriously affect the real-time performance of SCADA system components. Activities such as running antivirus software, updating virus signature databases, and quarantining or deleting malicious code require time and computing cycles that might not be available on SCADA system components. Updating virus databases from the internet also exposes the SCADA system to additional viruses and attacks from the internet. Again, the cost of antivirus implementations must be qeighed against the perceived SCADA risks and benefits of such software.
- Passwords: In a SCADA environment, a control operator might need to enter a password to gain access to a device in an emergency. If the operator types in the password incorrectly a few times, a conventional password, is to lock out the operator. Locking out the operator is nor a good thing in real-time control encironments. Foe operators on local control devices, passwords might be eliminated or made extramly simple. At the supervisory level, better and longer passwords might be used, two-factor authentication employed, and challenge-response tokens used. In situations where the passwords might be subject to interception when transmitted over networks, encryption should be considered to protect the password from compromise.
- Public-key cryptography: with public-key or asymmetric-key cryprograpy, thre is no need to exchange secret keys between sender and receiver. A public key is available to anyone wishing to communicate with the holder of the corresponding and mathematically related private key. The private key is protected and know only to the receiving party. The main feature of public-key cryptography is that it is virtually imposible to drive the private key from the known publik key. Public-key cryptography also provides the ability for a sender to digitally sign a document and transmit it for anyone to read who can access the snder's public key. This signing guarantees that the document was sent by the owner of the private key of the ublic-key-private-key pair. As one can deduce, key management, including certification that the public key actually belongs to the named person, in an important issue that has to be handled by the organization. Relatively to SCADA operations, public-key cryptosystems require relatively long processing times that are incompatible with the real-time requirements of control systems. Symmetric-key cryptosystems, discussed in the next section, are more suitable for use in the SCADA environment.
- Symmetric-key cryptography: With symmetric-key cryptography, also known as secret-key cryptography, the sender and receiver have to share a common, secret key. This key is used to encrypt the message at the transmitting end and decypt the message at the receiving end. Thus, the secret keys have to be distributed securely from all transmitters to all receivers. This distribution is a concern. One popular solution is to use public-key-cryptography to distribute the secret key and then use symmetric-key cryptography to send the messages.
- Role-based acces control: This type of access control is gaining popularty in goverment and industry sectors because of its ability to accommodate changes in personnel and organizations. In this type of security control, access is based on the role of a person in an organization rather than the identity of the individual. Ir has not yet been widely applied to SCADA systems but holds promise for use at the supervisory level of SCADA operations.
Retyped from book Scuring SCADA System By Ronald L. Krutz. PhD. Wiley.
 |
| Image Saurce: www.wiley.com |
SCADA Systems
SCADA Field INstrumentation
PLCs and RTUs
Remote Communications Networks
SCADA Host Sofware
SCADA Security
Good one! SCADA system security are deployed for command, control, communication, intelligence, and surveillance purpose.
ReplyDelete