Monitoring SCADA network Security
The topic was SCADA security and the first thing every presenter talked about was the definition on what we call SCADA security (we will not discuss on what is called a Critical Infrastructure). Firstly I would like to set some root considerations… What we call SCADA security is sometimes controversial. This is because we are used to refer to “SCADA security” when talking about “SCADA network security” and many SCADA equipment vendors claim “our SCADA is very secure”… yes, ok (maybe not so ok) but we are talking about the whole picture, i.e., the SCADA network is the addition of legacy SCADA elements (normally not replaced in 15 years) together with standard ICT elements (changed each 3-5 years).
The open session was divided into 3 sub-themes: security in HMI (Human Machine Interface, the utility operation application), SCADA network security and security in the remote units (RTUs). In the network security session, I heard a very interesting thing pointed: a set of recommendations given by the national agencies for their utilities companies which included :
1) the use of uni-directional links (called data diodes) for the connection between the corporate network and the control network
2) the need of a thoroughly design of critical networks separation and the use of SCADA FWs and
3) the need of monitoring what is really happening related to cybersecurity as well as the need of technical audits in the networks.
We presented the need of security network monitoring in the Critical Infrastructures control networks and the difference between the security monitoring in ICT networks and in SCADA networks, both from the assessment and the monitoring tools perspective, topics on which we are currently involved. Our main considerations were: assessment tools must be non-intrusive and monitoring tools must deal with the lack of events in many SCADA equipment and the change of security requirements when talking about availability and resilience.
And lastly, one thing to be considered, according to the US DHS (Department of Homeland Security) representative: 40% of new industrial equipment sold in 2009 in US is wireless. The reduction of installation costs are boosting the use of wireless technology, security should be a must in that technology… but that is another topic that we will deal with another day.