07-05-2013, 03:30 PM
SCADA Security
SCADA Security.ppt (Size: 197.5 KB / Downloads: 115)
My Interest In SCADA; This Talk
I grew up around industrial facilities (for example, my Dad was a stationary engineer who helped run an industrial steam facility for a major airline)
My terminal degree is in Production and Operations
SCADA-related incidents have continued to pop up in the news, sustaining my interest over time
One note: The technical level of this talk has been tailored to insure that it doesn’t provided a detailed “cookbook” that can be used by the bad guys to attack SCADA systems, while still providing sufficient technical detail/evidence to highlight some of the issues that need to be addressed.
Given the venue, we’re not going to talk about policy stuff today (but security policies are important).
So What the Heck IS “SCADA?”
SCADA is “Supervisory Control and Data Acquisition” – realtime industrial process control systems used to centrally monitor and control remote or local industrial equipment such as motors, valves, pumps, relays, etc.
SCADA is used to control chemical plant processes, oil and gas pipelines, electrical generation and transmission equipment, manufacturing facilities, water purification and distribution infrastructure, etc.
Industrial plant-scale SCADA is often referred to as a “Distributed Control System” or DCS
SCADA nuzzles up to embedded system issues, too.
Nation-States Aren’t the Only Ones Interested in SCADA Security
‘A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities. ‘Some of the probes suggested planning for a conventional attack, U.S. officials said. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of equipment such as pipelines. More information about those devices -- and how to program them -- turned up on al Qaeda computers seized this year, according to law enforcement and national security officials.’