The practical considerations related to SCADA architecture, most SCADA RTUs have a simple architecture. This allows for a straightforward implementation of the verification function. The SCADA manufacturers are best suited to implement the verification function as they have an intimate knowledge of their architecture and the development tools necessary to modify the kernel. The external verifier can be a trusted device in the central control center. A SCADA operator must be responsible for keeping an updated copy of RTU image on the external verifier.
There are hundreds of different SCADA manufacturers and this could require unique implementations for different SCADA manufacturer devices. There is a concern that the communications infrastructure may add delays to the challenge response protocol between external verifier and the SCADA remote field device. In order to avoid false positives in detecting malicious code, the threshold for detect on must be increased to account for any such delays running the checksum function. This can be achieved by generating baseline figures for the delays on the communication channels.
In case where the variance in communication delay is high, the checksum function can be executed multiple times to ensure that there are no false positives. It is important to note that this primarily applies to PCS systems where the field devices reside in a remote location.
Most SCADA systems are real-time distributed systems that are constantly running. The real-time application must be taken offline as running the checksum function in parallel could affect the process. If the real-time application allows it, it may be possible to stop the real-time application once a day for maintenance and run the verification function.
Labels:
SCADA
SCADA