Break Points
Is the SCADA Infrastructure Secure?
Jack Ganssle
4/12/2010 12:24 PM EDT
I recently met with a control engineer who works for a large metropolitan water company. He's concerned about another kind of infrastructure " the digital one that monitors and controls factories and other large plants (including water plants, of course). These ubiquitous SCADA systems (supervisory control and data acquisition) often handle extremely high power actuators, like multi-thousand horsepower motors.
Industrial automation equipment often runs for decades or longer. Years ago, when working on a system in a steel mill, I came across a huge motor stamped with a manufacturing date of 1899. It was still in service. The electronics, too, often runs for decades.
That's a testament to great engineering and manufacturing, and is also potentially a great hazard. These systems were largely designed before security became an important issue. Many have been almost haphazardly connected to the Internet in the intervening years, when management sees the 'net as an easy way to monitor remotely and save money.
I have been told (by the NSA) that a Tylenol factory has been hacked. In 2003 a worm shut down all safety monitoring on an Ohio nuke plant for five hours. Vancouver's traffic lights have been compromised. A 14-year-old turned the Polish city of Lodz's trams into his own giant train set, derailing four cars and injuring at least a dozen people. There are many more instances.
Then there's the famous Aurora experiment: in 2007 researchers from the Department of Energy hacked into a replica of a power plant and seriously damaged a generator. I'm told the hack was trivial. And that a lot of plants remain vulnerable.
Now wireless is infiltrating the infrastructure. There are plenty of good reasons to use RF instead of fiber or copper. But how secure are these transmission media? How many of us - the embedded engineers designing these systems - are security experts? Are we letting unintended vulnerabilities sneak into the code?
Some in the SCADA community are gathering in Chicago on May 14th and 15th to brainstorm about these issues at a special meeting. I plan to show up. The organizers are hoping for other embedded folks to show up. If infrastructure security concerns you, consider attending.
Editor's Note: To investigate further what you can do to ensure the security of your connected embedded systems, go to More About Embedded Security.
Jack G. Ganssle is a lecturer and consultant on embedded development issues. He conducts seminars on embedded systems and helps companies with their embedded challenges. Contact him at jack@ganssle.com. His website is www.ganssle.com.
|
|
|
|
|
Rob/Bob
4/12/2010 6:28 PM EDT
Scary. I used to work in a plant in Ontario province that had over a 1000 robots all under the guidance of DeviceNet and ControlNet. Hopefully, the engineers who designed these 2 powerful protocols had the foresight to install "firewalls" against external intruders.
Sign in to Reply
Lundin
4/15/2010 3:00 AM EDT
The question is why you would connect the most security-critical kind of network in the world (a power plant one) with the least secure network in the world (the internet). Such extremely poor engineering should be criminal, if it isn't already.
Sign in to Reply
mac_droz
4/15/2010 4:53 AM EDT
Why can you hack into those systems? Because they are probably interconnected with the Internet. And that means they are badly engineered. The rule is: you want your system to be secure then communicate using your own wires and your own protocols. Period. Do not send "encrypted" packets over commercial lines but build your own infrastructure. Most (if almost not all) attacks are coming from the Internet (wired or wireless) because it's available everywhere and tempts those sad people to show how powerful they are. Many do it from their homes (or cars using Wi-Fi). Would they climb 100 meter pylon to get access to the optic fibre going inside one of the wires? Would they dig a hole in the ground to get access to the wires? I don't think so unless they are some kind of terrorists.
Sign in to Reply
shabah
4/19/2010 8:11 AM EDT
I think we are paying for not building high quality products. Nowadays, companies just want to minimise the costs and in many cases security is the first thing considered as extra (because is costly). Unfortunately we usually pay more at the end to fix the issues.
Most products developed today require careful security analysis to avoid unexpected vulnerabilities.
Sign in to Reply
cmechlin
9/4/2011 4:28 PM EDT
It is not that they are always connecting these systems directly to the Internet, far from it. These systems can be connected to an internal network that is considered "secure" that is connected to another network that is Internet facing. That is why it is so important that these industries begin to employ security best-practices and policies now, such as a Defense-in-Depth methodology. In simplest terms DiD means to utilize many different methods of security at various layers of an industries infrastructure, that way when a bad guy get through the first layer connected to the Internet, there are many more barriers he/she will have to get past to be successful.
Sign in to Reply
seaEE
9/5/2011 12:19 AM EDT
This brings up another interesting question. As one of my former bosses use to tell us, IC's are a chemical reaction, albeit a slow one. What is the life expectancy a typical IC?
Sign in to Reply