SUPERVISORY

CONTROL AND DATA ACQUISITION (SCADA) SYSTEMS

Supervisory Control And Data Acquisition (SCADA) Systems

OVERVIEW

Supervisory Control and Data Acquisition (SCADA) systems are used world-wide to manage and control facilities and operations, such as electric utilities, gas and oil production facilities, transportation systems, and chemical plants. SCADA systems exhibit a high degree of interconnectivity a failure of one system could lead to the collateral failure of many others. For example, a widespread loss of power could impact transportation systems, financial transactions, telecommunications, other energy systems, emergency response capabilities, and port security. SCADA systems are significantly different than IT systems. SCADA systems must respond in deterministic time, cannot be taken off line for backups or updates, cannot lock out operators if passwords are entered incorrectly under stress, do not have large amounts of storage that can be used for encryption and virus checking, and are usually based on older technologies. The majority of SCADA systems were designed for performance, reliability, safety, and rapid response times. Performance, as opposed to security, has been the priority. The principal threats to SCADA systems are from natural disasters, insiders, unintentional actions, and external hackers, in that order. Of grave concern is that a future concerted attack on a SCADA system will not be satisfied with shutting down an operation or closing a valve, but will seek to inflict large scale damage such as burning out generators, releasing toxic substances, opening flood gates, and causing explosions. This type of attack is feasible because of the large number of SCADA system default passwords still in use and published on the Internet, lack of SCADA-related security policies, high connectivity of SCADA systems with IT systems, vulnerable unsecured access points such as modems, and lack of wireless security.

CYBRINTHS SCADA SECURITY SERVICES

Cybrinth, Inc. is uniquely positioned to implement SCADA system security for any enterprise in our nations critical infrastructure. SCADA security begins with imparting security awareness to SCADA supervisory and control system personnel focusing on the combined real-time and IT environment. Cybrinth personnel are familiar with the unique requirements of plant supervisory control and data acquisition and can migrate conventional IT security paradigms to the SCADA environment. Cybrinth can conduct SCADA-oriented risk assessments, vulnerability analyses, and develop mitigation techniques for SCADA operations. Some of the areas addressed by Cybrinth include: Isolation of the SCADA network using encryption, authentication, segmented network technologies, and biometrics Development of incident response and remediation plans Application of firewalls and incorporation of patch management Application of configuration management to SCADA and network software and hardware Development and testing of business continuity and disaster recovery plans Installation and operation of intrusion prevention and detection systems Cybrinth will ensure that SCADA systems meet the following requirements of adequacy and security: Adequacy The capacity to meet operating specifications within major component ratings in the presence of scheduled and unscheduled outages of system components or facilities. Security The capability to withstand system disturbances arising from faults or unauthorized internal or external actions without further loss of facilities, compromise of human safety, or loss of production.

CYBER SECURITY SOLUTIONS WORLDWIDE

D2176/0608

1615 L Street NW | Suite 320 | Washington, D.C. 20036 | P/ 202.212.6880 | F/ 202.212.6881 | www.cybrinth.com Jacksonville, FL | Washington, D.C. | Abu Dhabi, UAE | London, UK