27 July 2010

Why SCADA Networks Are Vulnerable To Attack - Part 4: Controlling What You Use

Security doesn’t happen by accident – it must be built into or added to a network. Some of the key security building blocks for wired and wireless networks include encryption, authentication, intrusion detection, controlled access to network resources, and wireless airtime and bandwidth control.

Sensor and control networks are typically missing most of these building blocks. Designed to optimize response time, the short packets cannot easily accommodate the larger packet sizes associated with high security encryption.

Some controls networks, LONWORKS® for example, include an authentication mechanism, but in practice it is infrequently implemented because its use complicates key management in multi-vendor networks. Intrusion detection, for wired or wireless control networks, is typically not available, nor is firewalling or endpoint compliance – certainly not at the sensor/actuator level, and sometimes not even at the controller level.

Quick fixes to address these limitations are not easily incorporated because the protocols employed are often embedded inside microprocessors that lack the processing power and memory to support the necessary security algorithms, buffers, and certificates.

Fortunately most control networks today interface with an IP-based network for management, monitoring, and/or control. And it is at this interface that you can click the ruby slippers and apply proven security techniques like policy-enforcement firewalling to
prevent the control network from launching Denial-of-Service (DoS) attacks or non-compliant devices from accessing the network.

If the control network is IP-based then the protective measures can be applied to the control devices themselves – if not, then protection can only be applied to data traversing the interface between the sensor/actuator network and the IT systems to which it is connected, i.e., the latter can be protected against the former. Either way, greater security will be obtained than if no protective measures were applied between the control devices and the network with which it is connected.

The range of available security features that may be applied depends on the control network architecture, and includes:

The protective measures afforded by these techniques can be applied prophylactically to reduce some or most of the control system’s vulnerabilities.

With regard to cost, if Wi-Fi based sensors and actuators are used, the protective measures built into the wireless LAN infrastructure can be applied at little or no additional expense. If IP-based sensors and actuators are used, there will be some incremental expense but the devices themselves will not have to replaced because they already have the essential building blocks for higher security in place. If a non-IP based control network is used then the benefits will vary.

The table below summarizes how the security features described above can be employed to enhance the security of commonly used in control networks (features specific to wireless networks are left blank when applied to wired control networks)


SCADA, smart grid, and energy management systems sit at the heart of industry and commerce.
This blog series was intended to highlight that defending these systems against attack must become a high priority because you can't use what you can’t control.

The control networks on which these systems depend today have unintended vulnerabilities.
These vulnerabilities can be corrected in whole, part, or not at all depending on the architecture and technology of the underlying network.

Consideration should be given to retrofitting security systems into existing IT infrastructure to address security concerns, removing control networks for which there are no corrective measures, and ensuring that any new control-related infrastructure is designed with protective measures built-in from the outset.

For more information on security solutions that you can apply today please visit Aruba's Web site.