Challenges in Protecting SCADA Systems
Andrew Wright,
Cisco Systems
10am May 5
3405 Siebel Center
Abstract
Supervisory Control And Data Acquisition (SCADA) Systems are computer
control networks that are used throughout our nation's electric, gas,
oil, water, and waste water infrastructures to monitor and control
remote field devices such as circuit breakers, pressure valves, and
flow control valves. Most SCADA systems in place today use relatively
old computing and communication technologies: 80386 processors and
1200 baud communication lines are common. These networks have little
protection from cyber attack other than their proprietary and esoteric
nature. Recent accidental events such as the 2003 northeast blackout
have illustrated the delicate interdepencies between different
infrastructures, and thus elevated concerns about cyber attacks on
SCADA systems. While SCADA systems and protocols are beginning to
migrate to IP-based solutions, the sheer number and cost of such
systems in deployment guarantees they will be part of our nation's
critical infrastructure for many years to come.
Cisco is participating in an effort sponsored by the American Gas
Association (AGA) to develop a cryptographic protocol to protect SCADA
communication lines. This effort is aimed at developing a retrofit
solution to protect existing SCADA systems that are already in place.
The constraints of a retrofit solution render existing cryptographic
protocols such as SSL impractical, and impose some challenging
requirements on the design of a suitable protocol.
This talk will give an overview of SCADA systems, describe the
constraints of a retrofit protection solution, and discuss the issues
involved in designing a suitable protocol. Several interesting
problems arise that have received little attention from the cryptography
community, and we will describe these problems in detail.