Professional Documents
Culture Documents
Supervisory control and data acquisition (SCADA) systems control and monitor the majority of the utility networks today. The increased number
of attacks on computer systems and computer networks has resulted in an increased concern of security issues in inter-networked industrial
automation systems.
Internal and external saboteurs pose a big monitors the equipment essential for power prompted many researchers to focus their
threat that could disrupt power delivery. To delivery. It is used, among other things, for attention to this critical and often overlooked
give us a better understanding of the nature fault detection, equipment isolation and part of public infrastructure [3], [12]. The 2003
of the vulnerabilities to supervisory control and restoration (protection), load and energy power blackout in Canada and parts of the
data acquisition system (SCADA) systems and management, automated meter reading, USA served as a wake-up call to what could
highlight the need to defend and protect the and substation control. happen in the event of a successful attack
SCADA systems from ongoing cyber threats, to power grid [15].
Many of the SCADA systems being used by
we investigate the vulnerabilities and ways
today’s utilities were developed many years SCADA background
to protect them which are unique to SCADA
ago; before the Internet and there were
systems. We achieve this by studying SCADA The geographically dispersed electric power
no public or private computer networks.
communication systems as well as taking system grid is commonly controlled by a
a survey of common SCADA vendors; we The only security threat to the utilities and
SCADA system consisting of at least one
focus our attention to SCADA on the electric SCADA systems was physical destruction
computer running appropriate application
power grid. We find that SCADA vendors do [11]. Nobody foresaw advances in the utility
software. The components of the SCADA
not implement adequate security measures industr y in equipment automation and
system are interconnected by varying types
in their products, and we recommend that a deregulation which would require SCADA
of communications media.
security policy be put in place to ensure the systems to be interconnected. The need
security of the vital public infrastructures. for remote connectedness of these control Ideally, the SCADA communications are
devices opened up the whole interconnected intended to be interconnected to every
To assist in the management and control system to new and challenging vulnerabilities part of the utility as illustrated in Fig. 1. The
of the country’s critical infrastructures, such majority of the SCADA’s main controls are in
that every computer network in the world is
as the electrical power grid, automation the control center where operators man the
facing today– cyber-attacks [3], [18]. Utilities,
processes like SCADA were developed
governments, and other stake-holders are SCADA computers.
and implemented – complete with remote
teaming up together to tackle these latest
communications. The complexity of the Access to the control room is usually limited
threats.
interconnected controls adds new challenges to the few controllers who work on the control
for the deliver y of secure and reliable Although the biggest threat to electric utilities machines. SCADA systems have a wide
services by these systems. The electrical is still physical destruction, the number variety of functions which are crucial to the
power system SCADA system controls and of cyber attacks to SCADA systems has day-to-day running of the electrical power
be the responsibility of the client. class C2 rating. Secure communications Contact Edward ChikuniPolytechnic University
and encryption should be considered for of Namibia, echikuni@polytechnic.edu.na
Summary and conclusions
vital data, and access to IEDs and RTUs or Maxwell Dondo, Defence R&D Ottawa,
We have looked at several aspects of should be restricted. maxwell.dondo@drdc-rddc.gc.ca v