Connecting SCADA Systems to Corporate IT Networks Using Security-Enhanced Linux

نویسنده

  • Ryan Bradetich
چکیده

Substation networks have traditionally been isolated from corporate Information Technology (IT) networks. Hence, the security of substation networks has depended heavily upon limited access points and the use of point-to-point Supervisory Control and Data Acquisition (SCADA) specific protocols. With the introduction of Ethernet into substations, pressure to reduce expenses and provide Internet services to customers has many utilities connecting their substation networks and corporate IT networks despite the additional security risks. While current SCADA security literature is advocating traditional IT security safeguards, such as strong passwords, encrypted communications, and firewalls, there is no assurance that these mechanisms will provide adequate security to critical real-time control networks. Digital relays and other protection-level Intelligent Electronic Devices (IEDs) can be securely connected to SCADA systems and/or corporate IT networks via a Security-Enhanced Linux SCADA proxy that acts as a “check-valve” to allow or deny access based on preprogrammed security policies. The Security-Enhanced Linux SCADA proxy enables protection and integration engineers to meet defined or defacto security principles for network security, such as those specified in the Trusted Computer Security Evaluation Criteria (TCSEC) “Orange Book” or the newer ISO/IEC “Common Criteria.” For example, the Security-Enhanced Linux SCADA proxy could be configured to allow plaintext, read-only access to some IEDs while enabling authenticated and encrypted full access to others. This paper will show how the Security-Enhanced Linux SCADA proxy can be configured to restrict data access according to company policies and/or roles.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Communication Security for SCADA in Smart Grid Environment

Supervisory Control and Data Acquisition systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Conventionally, SCADA is connected only in a limited private network because SCADA is considered a critical infrastructure, and connecting to the internet may put the society on jeopardy, SCADA operators hold b...

متن کامل

Security issues in SCADA networks

The increasing interconnectivity of SCADA (Supervisory Control and Data Acquisition) networks has exposed them to a wide range of network security problems. This paper provides an overview of all the crucial research issues that are involved in strengthening the cyber security of SCADA networks. The paper describes the general architecture of SCADA networks and the properties of some of the com...

متن کامل

Security Aspects of Information Exchange in It/at Networks Interconnections of Electrical Transmission and Distribution Facilities

SCADA (Supervisory Control and Data Acquisition) networks of electric power transmission and distribution control centers that were isolated are now connecting to corporate networks, to vendors networks, and even with the Internet in order to increase productivity in a global and open electricity market. This model, Automation Technology (AT) networks connected with Information Technology (IT) ...

متن کامل

The Power of Hands-On Exercises in SCADA Cyber Security Education

For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet,...

متن کامل

Design and Implementation of a Secure Modbus Protocol

The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically targe...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007