Chapter 2 - Supervisory Control and Data Acquisition

Abstract

Supervisory control and data acquisition (SCADA) systems provide for the supervisory control, management, and monitoring of process control, and manufacturing automation systems through the collection and analysis of real-time data. These systems evolved out of isolated pneumatic and analog control systems, and are simply not equipped to play a part in today's Internet-connected Web 2.0 world. Even traditional network security procedures such as port scanning can wreak havoc within a SCADA network. A firewall by-and-of-itself is not the Holy Grail, and simply installing one to isolate the SCADA network from the enterprise network and walking away do not fix all the problems. Typical high-level weaknesses found in SCADA systems in use today are that they do not require any authentication, authorization, or encryption. The first step in SCADA risk mitigation is establishing a SCADA network security policy. Second would be bringing all SCADA component software and firmware up to current stable revision levels. Next would be to eliminate the security issue with what has been regarded as the weakest link in SCADA—the interconnection to the corporate network. Significant risk mitigation can be obtained by installing a firewall between the SCADA network and the corporate network. However, care must be taken in the selection of the firewall architecture. Put simply, current popular solutions are not able to mitigate the risk that the SCADA network is exposed to when connected to the corporate network. The most effective firewall architecture at this time is a circuit-Level gateway that first breaks the client server model, and then applies IPS signatures for known attacks.