SCADA (Supervisory Control and Data Acquisition)
What is SCADA?
There are two types of process-control systems in view—distributed control systems (DCS) and supervisory control and data acquisition (SCADA). DCS are typically used for single-point processing and are employed in a limited geographic area. On the other hand, SCADA systems are used for large-scale, distributed management of critical infrastructure systems and are often geographically dispersed.
Supervisory control and data acquisition (SCADA) networks contain computers and applications that perform key functions in providing essential services and commodities (e.g., electricity, natural gas, gasoline, water, waste treatment, transportation). As such, they are part of the nation’s critical infrastructure and require protection from a variety of threats that exist in cyber space today. By allowing the collection and analysis of data and control of equipment such as pumps and valves from remote locations, SCADA networks provide great efficiency and are widely used. However, they also present a security risk. Action is required by all organizations, government or commercial, to secure their SCADA networks as part of the effort to adequately protect the nation’s critical infrastructure.
Securing the SCADA Network
Against a backdrop of newly emerging threats, security managers at organizations that use SCADA are beginning to address the challenges involved in securing these systems. Much of what needs to be done is simply implementing sound information-security practices.
The following are TSI’s recommendations to address some lingering security issues:
Security of network communications: Implementation of strong encryption over the SCADA network communications, to ensure that both monitored data and control commands are encrypted.
Turning on security: Implementation of security features with devices on the network, especially authentication. Using secure protocols whenever possible.
Knowing your SCADA network: Identifying all connections to external networks including wire-less networks, corporate LANs and WANs, and the Internet. Also, securing the network by eliminating all unnecessary connections to external networks.
Hardening of the SCADA environment: Removing all unnecessary services from the hosts on the network. Also, just as in the corporate network environment, ensuring that all systems are patched and up to date.
Conducting regular security audits: Ensuring that security practices and procedures, such as incident response, are defined and implemented. Penetration testing of the network environment should also be prudently conducted with inspection for potential back doors into the SCADA network.
Implementing real-time threat protection: With the increasing number and complexity of attacks, it's insufficient to simply patch the systems or maintain access/service control. One alternative is to implement real-time threat protection in the form of network intrusion-prevention systems. Unlike standard packet-filter firewalls, these systems perform application-layer inspection to identify attacks that are carried in the payload and block the offending traffic in real time.
How do we do it?
At the core of all of our security services is an appreciation of the various security layers that play a role in security mission-critical real-time control systems. Each of these layers of defense represents categories of system components that must all be secured and hardened to the highest level so that each system can compensate for inherent deficiencies in the layers below it.
TSI’s Layered Security Approach:
1. Perimeter Control
a. Internet or Corporate Perimeter Defense
2. Employees, Policies, Procedures
a. Business Contengency, Disaster Recovery
3. Network Architecture
a. Firewalls, Routers, Switches, VPNs
4. Network Operating Systems
a. Active Directory, Domaine Security, etc.
5. Host Security
a. Server and Workstation Operating Systems
6. Application Security
a. EMS, Database, Web, etc.
7. Unique Security Requirements for what is be-in protected.
a. Client Based Service, Plant Equipment
Each of our SCADA Security Service offerings either expose vulnerabilities in these systems, or ex-plo it weaknesses in current defenses to show how an adversary could gain access to, and potentially take control of these environments.
Why TeleDesign Security?
Securing SCADA (Supervisory Control and Data Acquisition) Systems, DCS (Distributed Control Systems), EMS (Energy Management Systems), Process Control Systems, Telecom systems, Net-work Management Systems, and any real-time, high-availability environment requires experienced security professionals who have years of SCADA and security experience. Our focus and dedication to the Energy, Utility, Transportation, Petroleum and Critical Infrastructure sectors ensures our teams have relevant experience, understand the unique needs of these industries, and can make a large impact in securing these systems without adversely impacting operations.
At TeleDesign Security we have experts in SCADA and Network Security on staff, and we can conduct a complete analysis of your corporate and industrial networks. This audit process exposes the holes in your network security, and we provide you with knowledge transfer on how to close these gaps and protect your SCADA and plant systems from outside attacks, as well as internal network attacks. We have also been contracted to conduct vulnerability assessment and penetration tests for several Energy, Utility, Banking and other Critical Infrastructure customers.
The following is a list of some of our expert consulting services that reflect our unique standing in the information security industry:
- Network Security Architecture Review, Recommendation and Implementation
- Vulnerability Assessment Services
- Penetration Testing Services
- Telecom Security Audit of all brand of PBXs, Converged Systems and VoIP
- Incident Response process development and Incident Response deployment
- Regulatory Compliance Audit, Analysis and Recommendation
- Cyber Forensics Investigations, Including Litigation Support and Expert Testimony
- Knowledge Transfer and Training