Supervisory Control And Data Acquisition

Until quite recently, SCADA systems were traditionally “walled off” from other systems operating independently from the network. Prior to the awareness of possible attacks, this seemed to provide all the protection the SCADA system required. However, over time they have become integrated into larger company networks as a means of leveraging their valuable data to increase plant efficiency. The result of this development is that now their security is often only as strong as the security of the overall network.

The process of protecting SCADA networks starts with the creation of a written security policy. Failure to have a policy in place exposes the company to attacks, loss of revenue and legal action. The security policy should also be a living document, not a static policy created once and then shelved. The management team needs to draw very clear and understandable objectives, goals, rules and formal procedures to define the overall position and architecture of the plan. It should also cover the following key components:

• Roles and responsibilities of those affected by the policy
• Actions, activities and processes that are allowed, and those that are not allowed
• Consequences of non-compliance

Source and more info: pandct

On a couple of standard, off-the-shelf Dell computers, Jason Larsen and Steve Schaeffer enter a few keystrokes and then turn to see the havoc they’ve created.

To their left, red dots on a big-screen display blink on, then off. They’ve just shut down the equivalent of a city power grid.

“It’s very doable,” Larsen says with an almost mischievous grin. “If you want to do something, you can cause some problems.”

With his ponytail, black T-shirt and tendency to slip into geek-speak, Larsen fits the stereotype of a computer hacker.

Fortunately, he’s one of the good guys.

As lead cybersecurity researcher at the Idaho National Laboratory here, Larsen - with help from fellow researchers like Schaeffer - spends his days trying to hack into networks like the ones that run the nation’s electricity grids, water and oil pipelines and chemical plants.

As they demonstrated recently to a visiting reporter, often it’s not that hard. And such acts could soon become more common in the real world, they warned.

“I would tell you it’s a simple and safe bet that we will see more” attacks on Supervisory Control and Data Acquisition (SCADA) networks, said Mike Assante, chief strategist for critical infrastructure at the Idaho National Lab.

Founded in 1949 in the barren desert plains of southeastern Idaho, the lab is spread over about 890 square miles, an area nearly three-fifths the size of Rhode Island. It got its start testing nuclear power reactors and today has 52 of them, most built as test units.

Source and more info: oxfordpress