One of the overwhelming problems that I find in the security space is a lack of understanding as to what SCADA even is. This is part a lack of understanding and part unwillingness on that part of SCADA users to share with the rest of the world. Richard Stiennon has a blog over on ZDNet that is usually very good. Unfortunately there was a mistep in his most recent posting about SCADA.
SCADA is of course the protocol that utilities such as gas, electric, and telecoms use to control the equipment they have to manage. Think of a simple way to check a temperature or voltage reading and report back as well as set values on switches, pumps, etc. It’s easy.
Well, yes and no. And no, I’m not in anyway being condescending . SCADA is an acronymn for Supervisory Control And Data Acquisition. These systems are used by gas, water and power companies to control their respective parts of critical infrastrucutre.
The term SCADA usually refers to a central system that monitors and controls a complete site or a system spread out over a long distance (kilometres/miles). The bulk of the site control is actually performed automatically by a Remote Terminal Unit (RTU) or by a Programmable Logic Controller (PLC). Host control functions are almost always restricted to basic site over-ride or supervisory level capability. For example, a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow an operator to change the control set point for the flow, and will allow any alarm conditions such as loss of flow or high temperature to be recorded and displayed. The feedback control loop is closed through the RTU or PLC; the SCADA system monitors the overall performance of that loop.
Stiennon goes on to talk about, “In the olden days SCADA devices were connected by phone lines and dedicated circuits. Today of course they are connected to IP networks that are often also connected to the Internet.” Um, well, no. SCADA operators still very much use dial up and frame circuits today. There aren’t a lot of IP network connections in Middleoffreakinnowhere, Alaska. SCADA systems in fact use multiple types of protocols to gather information from their remote nodes such as Modbus, IEC 60870-5 and DNP3.
SCADA security is an important field for more than just the obvious points such as critical infrastructure. It is also important to help combat misinformation and lack of understanding that exists today on the subject of SCADA security.
For more on SCADA Security check out the NIST document SP800-82 (.pdf)
[tags]SCADA, SCADA Security, DNP3, Modbus[/tags]
