Control systems are the brains of the monitoring and control of the bulk electric system and other critical infrastructures, but they were designed for performance and functionality, not security. Most Control Systems assume an environment of implicit and complete trust. The protocols, devices and communication media do not support the ability to adequately prevent cyber attacks against our critical infrastructures.
Currently, hundreds of SCADA protocols exist, some of protocols are capable to support more than just control functions and telemetry. SCADA protocols were designed with noisy serial communication environment and use cyclic redundancy codes (CRC) or similar technology. It is present for detection and correction of errors. The message sender will calculate the CRC and compare it to the value received with the message.
Another characteristic for SCADA protocols is the inability to provide validation or authentication services. This is the primary reason why SCADA systems assume an implicit trust level. For instance, when a message is received by an RTU then the source of the message is checked. And if that source is known then the request is enacted. The trends of protocol are a concern as well. DNP3 is becoming the de facto standard in the electric distribution world and DNP is an open standard.
Labels:
SCADA
SCADA