Author Daniel Ehrenreich, SCCE
Supervisory Control and Data Acquisition (SCADA) experts are well aware that there is no single measure (“no silver bullet”) that provides absolute cyber defense. Utilities are considered critical infrastructures, as they directly affect the welfare and health of the population. They must take all precautions and deploy applicable technologies to be prepared for unexpected events, and in spite of using legacy and outdated hardware, operating system and communications they must be ready for these challenges. With the growth of cyber-attack capabilities by hackers who are directed by countries and hostile organizations, protecting SCADA systems, especially the legacy types have become a challenging task. Realizing the threats caused by maintenance mistakes, operator errors and malfunctions, an effective approach is needed which is capable to assure the Safety and Reliability of these infrastructure.
In the past the cyber security of SCADA systems mostly relied on using air-gap isolation, firewalls, unidirectional gateways (diode), Demilitarized Zone (DMZ) for network segmentation, etc. The recent industry trend refers to use of Anomaly Behavior Analysis using Big Data techniques, performing the function of Industrial Intrusion Detection System (IIDS). One may ask; why this method delivers more effective cyber defense than those provided by other cyber defense technologies. There are several reasons for that:
Capable collecting raw data from SCADA servers and historian databases and perform fast analysis
Effective for detecting internally and externally generated cyber attacks, targeted to the SCADA system
Does not rely on defense methods based on published signatures and known vulnerabilities.
Capable detecting cyber attacks, operator mistakes and unusual situations caused by a malfunction
Analyzing both communication anomalies and process-control anomalies, based on learned baseline
Does not interfere with the SCADA operation and does not overload SCADA server processes
Effectively deal with Denial of Service (DoS), Distributed DoS and Zero-Day attacks on the system
Effective for protecting modern as well as legacy type SCADA systems using range of RTUs and PLCs
These IIDS use strong computers, are scalable and expandable as your system and needs grow
Easy for installation and deployment, does not require costly training, operates automatically
Capable analyzing and detecting not optimal SCADA process, and generate saving opportunities
Interoperable with Security Information and Event Management (SIEM) from a range of other vendors
Equally effective for large scale Energy Management as well as power distribution systems (EMS, DMS)
Capable operating with large scale Distributed Control Systems (DCS) controlling power plant operation
The IIDS software us upgradeable and remotely updateable through service contract with the vendor
While today’s cyber attacks are done by professional entities operated by hostile countries and commercial organizations the cyber defense challenges have become more complex. The conclusion is, that special attention is required and systematic investment shall be allocated to achieve continuous, safe and reliable operation of the water and sewage infrastructure for the well-being of the people in the country.