Securing Your Water System

Examining the relationship between SCADA systems and water security

Infrastructure Security Article December 09, 2003
Printer-friendly version

In recent times, governments throughout the world have identified critical infrastructure as potential targets for terrorism. While physical measures have been taken to secure these infrastructures, one area of concern remaining is the potential attack on the information and process control systems belonging to the critical infrastructure.

Many private companies controlling vital public utilities such as power, gas or water, who never considered they would ever be prone to cyber attacks are now having to implement measures to improve the security of their whole organization. The reality is that many companies have become highly dependent on digital information systems that have been tightly integrated into their business.

Many SCADA systems that monitor and control critical infrastructure such as power generation and transmission, water and wastewater and pipelines over a wide area network, run on industry standard computers and networks. As such, these systems run a higher risk of being hacked into by cyber terrorists.

Hypothetically, by hacking into a SCADA network monitoring water gates in a dam and taking control of the SCADA system, a cyber terrorist could wreak havoc by opening and closing the gates at will.

While SCADA systems have been around for a few decades, cyber attacks have only become a prominent threat in recent times. As such, many SCADA systems, which have been deployed in the past, have little or no security built in. In addition, SCADA systems are often a part of a company's engineering division and as a result, are seldom covered by their corporate security policy.

Securing SCADA networks is relatively easy and should be considered as part of the company's overall security policy, requiring security measures and policies to be implemented on multiple levels, including:

1. Defining a security policy;

2. Securing the SCADA network and operating environment;

3. Securing the SCADA application; and

4. Detecting unauthorized intrusions.

Defining a security policy

Security policies are becoming essential in today's corporate network. A security policy is a living document that allows an organization and its management team to draw very clear and understandable objectives, goals, rules and formal procedures that help to define the overall security position and architecture.

As a starting point, an organization should have a corporate security policy and ensure that its SCADA network falls under the jurisdiction of this policy. Failure to have a security policy not only exposes the company to cyber attacks but may also lead to legal action.

A security policy should cover the following key components:

* Roles and responsibility of those affected by the policy;

* What actions, activities and processes are allowed and which are not?; and

* What are the consequences of non-compliance?

The following areas of vulnerability should be considered:

* Network and operating environment security;

* Application security;

* Intrusion detection; and

* Regulating physical access to the SCADA network.

Securing a SCADA network

Corporate networks linked to the Internet or that use wireless technology may be more easily accessible to cyber terrorists and hackers. An organization can heighten its level of network security by isolating its SCADA network thereby restricting channels of external access. In many organizations, isolating the SCADA network from the Internet or Intranet is difficult because of requirements such as monitoring plants from a remote location.

In the latter case, measures can be taken to secure your network and operating environment from unauthorized access to the SCADA systems. These include firewalls and virtual private networks (VPN).

Implement a secured firewall

A secured firewall is imperative between the corporate network and Internet. The single point of traffic into and out of a corporate network, it can be effectively secured and monitored. A corporate network should have at least one firewall and a router separating it from the external network that is not within the company's dominion. When examining the firewall solution, consider if and how the firewall supports any security services that you may need. A Microsoft Internet Security and Acceleration Server VPN can be used to set up the firewall.

On larger sites it is also recommended to protect the control system from attack from within the SCADA network. This may be implemented by providing an additional firewall between the corporate and SCADA network. To maximize access and minimize the configuration required to maintain this firewall, a terminal server can be used to act as a gateway. Only traffic from the terminal server can pass into the SCADA network and a secured terminal server removes the ability for external applications to be used to attack the control system.

Minimize network access points

A key factor in ensuring a secure network is the number of contact points. While firewalls have secured access from the Internet, many existing control systems have modems installed to allow remote users access to the system for debugging. These modems are often connected directly to controllers in the substations. The access point, if required, should be through a single point which is password protected and where user action logging can be achieved.

Virtual private network

One of the main security issues facing more complex networks today is remote access. With a VPN, all data paths are secret to a certain extent, yet open to a limited group of persons, for example, to employees of a specific company. VPN is a secured way of connecting to remote SCADA networks.

Based on the existing public network infrastructure and incorporating data encryption and tunneling techniques, it provides a high level of data security.

Application security

In addition to securing the network, securing access to SCADA system components will provide a further defense layer.

Authentication and authorization

Authentication is the software process of identifying a user who is authorized to access the SCADA system. Authorization is the process of defining access permissions on the SCADA system and allowing users with permission to access respective areas of the system. Authentication and authorization are the mechanisms for single point of control for identifying and allowing only authorized users to access the SCADA system, thereby ensuring a high level of control over the system's security.

To provide effective authentication the system must require each user to enter a unique user name and password.

Users must be able to be created, edited and deleted within the system while the system is active to ensure that individual passwords can be maintained. In addition it is highly recommended that password aging be implemented. Password aging ensures that operators change their passwords over a controlled time period, such as every week, month or so on.

To provide authorization the system must be able to control access to every component of the control system. The system must not provide a "back door" with which to bypass the levels of authentication specified in the application.

Secured data storage and communication

Critical data pertaining to a SCADA system must be securely persisted and communicated. It is recommended that critical data like a password be stored using an encryption algorithm. Similarly, remote login processes should use VPNs or encryption to communicate the user name and password over the network.

Critical data like user name and password must be persisted in a secured data repository and access rights monitored and managed using secured mechanisms like Windows authentication and role based security.

Audit trails

It is recommended that audit trails on critical activities like user logins or changes to system access permissions be tracked and monitored at regular intervals. Securing your SCADA application may make it more challenging for external hackers to gain control of the system, however it won't prevent internal employees with malicious intent. Regularly tracking and monitoring audit trails on critical areas of your SCADA system will help identify unscrupulous activities and consequently take necessary corrective actions.

Intrusion detection

Firewalls and other simple boundary devices currently available lack some degree of intelligence when it comes to observing, recognizing and identifying attack signatures that may be present in the traffic they monitor and the log files they collect. This deficiency explains why intrusion detection systems (IDS) are becoming increasingly important in helping to maintain network security.

An IDS is a specialized tool that knows how to read and interpret the contents of log files from routers, firewalls, servers and other network devices. Furthermore, an IDS often stores a database of known attack signatures and can compare patterns of activity, traffic or behavior it identifies in the logs it's monitoring against those signatures so it can recognize when a close match between a signature and current or recent behavior occurs.

About the author: 
Abhishek Bhattacharjee was senior technical architect for Citect. Stephen Flannigan and Jens Nasholm are both product marketing managers for Citect. For more information, visit
Overlay Init