Securing Smart Grid, SCADA, and Other Industrial Control Systems

Thursday, October 11, 2012

Ben Rothke


Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems

The Stuxnet computer worm of mid-2010 was a huge wake-up call for the energy industry. It also catapulted SCADA from an obscure term to the forefront of industrial security.

But nearly two years later, it is unclear if the energy sector is adequately prepared for sophisticated information security threats.

For those looking to get a handle on how to effectively secure critical infrastructure networks, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems is an excellent reference.

In the book's forward, Dr. Anton Chuvakin writes that "one of the most mysterious areas of information security is industrial system security." The reality is that industrial system security can be effectively secured, and the book shows the reader exactly how to do that. In 11 densely written chapters, the book covers all of the necessary areas in which to secure critical infrastructure systems.

The first three chapters provide an introduction to industrial security, SCADA, and control systems. Chapter four then goes into detail about industrial network protocols. The obscurity of these protocols was thought to be a boon to SCADA systems in the past in that attackers were oblivious to their inner workings.

In today's world, however, those who intend to attack can learn how to do it.

The book concludes with a chapter on common pitfalls and mistakes. This is a particularly valuable chapter because many companies look for quick and easy approaches to information security but do not provide adequate staff, budget, or time to get the job done.

Firms that make those mistakes are likely to be victims of a security breach.

For those looking for a solid overview of the topic, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems is an excellent reference.

Cross-posted from RSA

Possibly Related Articles:
Industrial Control Systems
SCADA Stuxnet Network Security Book Review Industrial Control Systems
Post Rating I Like this!
Dr. Steve Belovich I've worked in the SCADA and industrial controls area for a long time in the steel and chemical industries.

The real problem started when people unwisely started connecting vulnerable PCs to programming ports of SCADA and IC equipment. Now, that vulnerable (= non-secure) PC/laptop/etc. became an access port to controlling what the SCADA / IC system would do. From that point on, it's straightforward to hack the SCADA/IC equipment because that equipment now "trusts" the connected device.

For safe and secure programming of SCADA / IC gear, a TCB or even a "custom box" should always be employed. That way, you are not inheriting the innate security vulnerabilities of PCs and your SCADA/IC equipment is only allowed to "trust" the special programming gear.
Beatriz Herrera Cuervo SCADA systems provide communication and control data in real time to obtain high performance that help you to make decisions. We are able to obtain data, control it and integrate all the necessary information for the operation and supervision and make it available to everyone within the organization and for external systems. The IDbox system ( is one example to integrated business platform capable of obtaining, processing and analyzing data. They are obtained from various sources such as PLCs, recorders, SCADA, ERP, ESBs, files, etc. using UDP protocols and data-diode that ensures a communication cut preventing physical external attacks. Data are sent to users in real time and can be analyzed immediately. The system also provides the users with synoptic schemes, alarms, warnings, calculations, etc., that can be configured and adapted for each industrial plant.
There is a market research that compares various similar information systems used in industrial plants for monitoring, analysis and storage of data.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.