Security in SCADA Systems
Concern for the security of SCADA systems is growing. Some examples are the new regulations, best practices, institutions, etc., dedicated to the security of these systems.
The Control Systems Cyber Security Awareness report from 2005 (US-CERT) analyzed how, between 2002 and 2004, 66% of security incidents involving SCADA systems were due to external attacks, while 22% were due to accidents, 3% to internal errors or malfunctions, and the rest to unknown causes. To give you an idea, between 1982 and 2001, only 29% of security incidents had been classified as external.
This spectacular increase is mainly due to what we have already mentioned in a previous entry dedicated to CIIP: at the beginning of the 21st century, SCADA systems have begun to work with standard technologies and protocols known to all; as they are usually geographically distributed, they connect to supervision and control centers using standard technologies and protocols; and, in turn, these centers are usually connected to the corporate network of the company or institution that owns the process, and through this network, to the Internet.
For this reason, concern for the security of SCADA systems has been growing. Some examples are the new regulations, best practices, institutions, etc., dedicated to the security of these systems. In addition, within the protection of critical information infrastructures (CIIP), the protection of industrial control systems is a key point. There has even been talk of cyberterrorism after the incidents in Estonia in 2007 and the amount of technical information about the products of different manufacturers of SCADA systems that have been found after the arrests of different terrorists in recent years.
Although in Spain we already have the CNPIC and it is a start, other countries such as the United States have a great advantage working on these issues. There, the US-CERT and the Control Systems Security Program were created within the DHS (Department of Homeland Security), which is dedicated exclusively to the security of SCADA systems.
In this link you can find the latest news related to security within the industrial area (attacks and vulnerabilities discovered), and you can find a multitude of information, articles and news to start delving into these topics: http://www.us-cert.gov/control_systems
Especially interesting, within the Top10 tab, is the Secure Architecture Design resource.
Although there are still no universally accepted standards and regulations, but rather initiatives at the national and/or sectoral level, there are certain basic principles that we all agree should be the foundations of industrial security today:
- Security awareness and training.
- Definition of policies and procedures.
- Secure architecture design.
- Remote access control.
- Vulnerability and risk analysis.
- Incident response.
- Configuration and update management.
- Monitoring and control.
- IT governance.
- Change management.
