Cyber situational awareness for the electric power industry

Today we begin a series of articles about supervisory control and data acquisition (SCADA) systems and the need for increased security in national critical infrastructure using such systems. I have chosen the electric power industry as a focus because it is pervasive and indisputably critical to our national security. To set the stage for the series, here is an executive summary of the material to come in subsequent columns.

SCADA security in the electric power industry suffers from widespread misconceptions and a breakdown in communications between administrators and security experts. In brief,

1. Attacks on electric power plants and the distribution grid may not result in the catastrophic scenarios painted by the promoters of panic, but any interruption in electric power delivery can cause widespread infrastructure disruption.

2. SCADA systems controlling electric generators and distribution systems are not, in fact, isolated by air gaps from the Internet.

3. On the contrary, vulnerability analysis teams have systematically and repeatedly demonstrated that power companies are unaware of the reality of their interconnectedness and vulnerabilities.

4. There are documented cases of industrial espionage, sabotage, denial of service, and malware attacks on electric power grid SCADA systems.

5. SCADA systems have been considered too stable to bother updating with current patches; as a result, they are consistently vulnerable to exploits of current (and even ancient) vulnerabilities.

6. Many SCADA systems were developed without consideration of security, secure coding, or integration of security dimensions of software quality assurance.

7. Government and academia have significant projects in place to advance SCADA security, but acceptance by industry is modest at best. Academics engaged in SCADA security research are doing a good job of reaching other academics through peer-reviewed presentations at academic conferences; they are less successful in reaching managers at power companies.

8. Pressure is rising in the public sphere, in government circles, among security practitioners, and within the electric power industry to come to grips with the need for improved cyber security.

The electric power industry must coordinate its efforts to implement well-established standards for protecting computer systems and networks in all its SCADA systems and related networks. In addition, the industry should implement cyber situational awareness solutions to integrate multiple inputs from SCADA and network sensors that will permit intelligent, agile response to attacks and effective forensic analysis of those attacks.

Readers interested in fundamental readings about critical infrastructure and information security would do well to go back almost 20 years to the ground-breaking report of the System Security Study Committee, Commission on Physical Sciences, Mathematics, and Applications, National Research Council published in 1991.

Learn more about this topic

Iran was prime target of SCADA worm

Highly dangerous zero-day Windows Trojan targets espionage

Stuxnet renews power grid security concerns

Copyright © 2010 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022