SCADA Systems Security
Arjun Venkatraman firstname.lastname@example.org
1. Abstract The purpose of this paper is to define what SCADA systems are and their application in modern industry and infrastructure, to elucidate the reasons for rising concern over the security of these systems, to analyze the fundamental vulnerabilities and to put forth recommendations for the implementation of security in these systems.
2. Introduction: Supervisory Control and Data Acquisition systems are basically Process Control Systems (PCS), specifically designed to automate systems such as traffic control, power grid management, waste processing etc.
3. Application Control systems are used at all levels of manufacturing and industrial processing. A manufacturing plant that employs robotic arms will have a control system to direct robotic arms and conveyor belts on the shop floor. It may use that same system for packaging the finished product and tracking inventory. It may also use a control system to monitor its distribution network. A chemical company will use control systems to monitor tank levels and to ensure that ingredients are mixed in the proper proportions. A Las Vegas casino will use control systems to direct the spray from water fountains in coordination with the lights and music. Control systems are also used in the drilling and refining of oil and natural gas. They are used in the distribution of water and electricity by utility companies, and in the collection of wastewater and sewage. Virtually every sector of the economy employs control systems at all levels. The term "supervisory control and data acquisition" (SCADA), however, is generally accepted to mean the systems that control the distribution of critical infrastructure public utilities (water, sewer, electricity, and oil and gas). SCADA systems are still to come into widespread infrastructural use in India. In this country they are being used primarily for automation in industrial production, and to some extent for specialized process control. Ranbaxy Labs1 and Voltas2 are two of the companies in India using SCADA systems for process control.
However, they are increasingly common in the US, UK, Australia to name a few countries, where they are used in the control of infrastructural systems such as power, water and waste management, traffic control etc. The economy and infrastructure of these countries is increasingly dependant on SCADA systems. 4. Implementation: How do they work? 3 SCADA systems are primarily control systems. A typical control system consists of one or more remote terminal units (RTU) connected to a variety of sensors and actuators, and relaying information to a master station. Figure 1 illustrates this generic, three tiered approach to control system design. Figure 2 shows a typical RTU.
Figure 1: A typical 3-tiered approach to SCADA systems
Figure 2: A generic representation of an RTU
4.1 Sensors and Actuators The philosophy behind control systems can be summed up by the phrase "If you can measure it, you can control it." Sensors perform measurement, and actuators perform control. Sensors get
the data (supervision and data acquisition) and actuators perform actions dependent on this data (control). The processing and determination of what action to take, is done by the master control system (i.e. SCADA).
4.2 Remote Terminal Units (RTUs) 4.2.1 Programmable Logic Controllers Advances in CPUs and the programming capabilities of RTUs have allowed for more sophisticated monitoring and control. Applications that had previously been programmed at the central master station can now be programmed at the RTU. These modern RTUs typically use a ladder-logic approach to programming due to its similarity to standard electrical circuits. A RTU that employs this ladder logic programming is called a Programmable Logic Controller (PLC). PLCs are quickly becoming the standard in control systems. 4.2.2 Analog Input and Output Modules The...
References: Barton Gellman, Washington Post, June 27, 2002; Page A01
Please join StudyMode to read the full document