2 posts • joined 22 May 2007
SCADA - Security by Obscurity
- SCADA lifecycles are extremely long and deployed systems are rarely patched;
- Many SCADA end-users are on tight budgets and won’t hear about a defence in depth security protocol or even patching;
- Most systems don’t have any kind of protocol in place to even support patching – and the ones who must run 24x7 are particularly difficult to patch (no test servers exist; the hardware perhaps isn’t even made anymore – quite a bit of this stuff is out there running on Unix, Windows NT, Linux, BSD, DOS, OS/2 (really!) and even Windows 3.1 (really, really!!);
- The whole controls world loves things with 20+ year lifetimes – it is horribly expensive to upgrade;
- These people operate in a distinct environment from IT – a control system has up-time as its No.1 priority to support process operability and safety – security is absolutely not a top priority (I’m not saying here it should not be a priority, but even if you were monitoring your network and you had an unexpected traffic spike or whatever you can’t just go shutting things down);
- It is quite normal for a SCADA system to be supported by one or more third-party firms (e.g., System Integrator) – we go to sites, we plug in our laptops, do our bit for King and Empire and go home – this is a two-way street for picking up malware, trojans, bots or whatever (certainly the good integrators do their homework and have fairly clean laptops – but I’ve seen viruses come in from Fortune 500 company control networks) – one of the reasons to have to plug-in with our own kit is that run-time versions are deployed and engineering versions may not even exist with a lot of clients.
Also, SCADA is just the beginning. Out there every little thing you can think of in automation - not just critical infrastructure - can hang off a network.
Why Ethernet? Use a Field Bus
My concern is that people are using Ethernet when there are numerous rugged industrial buses such as PROFIBUS, ControlNet not to mention just segmenting your network (no matter what bus you use) and de-rating the network load AND putting monitoring in your PLC or PAC code to look for devices falling off the bus and letting the SCADA operator know.
This system was just badly engineered. Everyone knows that PLCs and PACs have flaky Ethernet stacks. They hate too much chatter and disappear from the network from time-to-time. The automation software for SCADA isn't much better.
If it is critical, I would look at wiring/networking it in such a matter to make it just a little bit rugged.