Connecting SCADA Systems to Corporate IT Networks Using Security-Enhanced Linux

Substation networks have traditionally been isolated from corporate Information Technology (IT) networks. Hence, the security of substation networks has depended heavily upon limited access points and the use of point-to-point Supervisory Control and Data Acquisition (SCADA) specific protocols. With the introduction of Ethernet into substations, pressure to reduce expenses and provide Internet services to customers has many utilities connecting their substation networks and corporate IT networks despite the additional security risks. While current SCADA security literature is advocating traditional IT security safeguards, such as strong passwords, encrypted communications, and firewalls, there is no assurance that these mechanisms will provide adequate security to critical real-time control networks. Digital relays and other protection-level Intelligent Electronic Devices (IEDs) can be securely connected to SCADA systems and/or corporate IT networks via a Security-Enhanced Linux SCADA proxy that acts as a “check-valve” to allow or deny access based on preprogrammed security policies. The Security-Enhanced Linux SCADA proxy enables protection and integration engineers to meet defined or defacto security principles for network security, such as those specified in the Trusted Computer Security Evaluation Criteria (TCSEC) “Orange Book” or the newer ISO/IEC “Common Criteria.” For example, the Security-Enhanced Linux SCADA proxy could be configured to allow plaintext, read-only access to some IEDs while enabling authenticated and encrypted full access to others. This paper will show how the Security-Enhanced Linux SCADA proxy can be configured to restrict data access according to company policies and/or roles.