LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SCADA system vulnerabilities

SCADA system vulnerabilities

Posted Jun 12, 2008 8:59 UTC (Thu) by nim-nim (subscriber, #34454)
Parent article: SCADA system vulnerabilities 

The question is not whether control systems can or can not be totally isolated. We're way past
the point a completely isolated system would work given current economic requirements.

Industrial processes can be geographically distributed. That means MAN or WAN because no
company is going to pay people to go on-site physically to push buttons or read analog dials
anymore (and the MAN/WANs can be built using the same physical infrastructure as public
networks). Likewise production orders are now issued by computerized processes on the business
layer, not phoned to plant operators, so business network/control network bridging is
mandatory too. Companies that manage a good business layer/control layer integration have a
huge competitive advantage over competitors that fail to do it.

The question today is what is the right security interface between control networks and
business networks. Many organisations have this interface designed by industrial people with
little IT security culture.

(Log in to post comments)

SCADA system vulnerabilities

Posted Jun 13, 2008 17:32 UTC (Fri) by pascal.martin (guest, #2995) [Link] 

This is generally true. The context varies somwhat from 1 system to the other, and (even more)
depending on the type of remote interaction:

- Data acqusition remote units (i.e acquiring sensor data locally and transmitting it to the
scada system): I have yet to see the internet used for that purpose. Not even the corporate
network was deemed acceptable by the customers I dealt with. The 2 nain reasons: availability
(corpae IT people don't mind 1/4 hour downtime on portions of the corprate network) and real
time performance. All customer pay us a lot of money to install dedicated network (this is
often the most expensive portion of a scada system).

- Remote user terminal in the field: also use a dedicated netwok, often with firewalls due to
the access control issue (nobody in the terminal area).

- Interface with corporate systems: this the growing trend, including customer information on
the web. This usually involve multiple layers of firewalls & dmz.

I sometime wish our customers contact specialized network security companies (which is a
problem on is own: how to identify the really competent ones?).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds