SCADA, SeCurity & AutomAtion SCADA Security: ... • Training Classes ... Powermetrics Introduces a UPS / Power Supply for SCADA-RTU Applications SCADA Security:

I ns ide Th is I ssue• SCADASecurity:

Challenges&Solutions• SCADABasics(Part2)• SCADASystematSSWD• FiretideWirelessBridges• WirelessProductoftheYear• TrainingClasses

Protecting Critical Infrastructure Includes Secure SCADASupervisoryControlandDataAcquisition(SCADA)systemsaretypicallyusedformonitoringandcontrollinggeographicallyremoteoperations.Inrelativeobscurity,theseextensivecontrolsystemsperformbehind-the-scenes,collectingsensormeasurementsandoperationaldatafromthefield,processinganddisplayingthisinformation,andrelayingcontrolcommandstolocalorremoteequipment.AlthoughSCADAsystemsareemployedaroundtheworldinnumerousindustries,theaveragecitizenisunawareoftheircriticalimportance.However,thisisquicklychanging,asmoreinformationaboutthecybervulnerabilitiesofutilitySCADAsystemsispubliclyavailable.ThereisgoodreasonwhySCADAsystemsaregettingtheattentionofhostilegovernmentsandcompetitors,terroristgroups,disgruntledemployees,andothermaliciousintruders—theyofferthehuge

potentialtoacquireconfidentialdataanddisruptoperations.SCADAsystemscontrolsomeofthemostvitalinfrastructureinindustrialandenergysectors,fromoilandgaspipelinestonuclearfacilitiestowatertreatmentplants.CriticalinfrastructureisdefinedasthephysicalandITassets,networksandservicesthatifdisruptedordestroyedwouldhaveaseriousimpactonthehealth,security,oreconomicwellbeingofcitizensandtheefficientfunctioningofacountry’sgovernment.1Onedoesnothavetolookfarforexamplesofdisruptionsthathavecostorganizationstime,resources,andpossiblylives.AddedtothisisthefactthatmanySCADAsystemsarevulnerable.ItisthereforeimperativethatsystemsecurityandriskmitigationbeattheforefrontofthemindsofallSCADAsystemusers.

The Growing Vulnerability of Control SystemsHistorically,securityconcernsover

Volume 22, Issue 1 • Spring/Summer 2012 A Publication of Sage Designs, Inc.

150 Shoreline Hwy., Suite #8A • Mill Valley, CA 94941-3634 • 1-888-ASK-SAGE (1-888-275-7243) • 1-888-FAX-SAGE • www.SageDesignsInc.com

S C A DA , S e C u r i t y & Au to m At i o n n e w S l e t t e r

Continued on page 4

PowermetricsInc(Cleveland,Ohio)introducesthePM-UPS-12-24-15.ThisUPS/Powersupplyoperatesfrom85-264VACora12voltbattery,andprovidesaregulated24VDCoutputandaregulatedadjustable12VDC-15VDCoutput.Inaddition,theunitincorporatesatemperaturecompensatedtwomodebatterychargerforchargingthe12voltbattery.TheunitisdesignedforpoweringaPLCandradioinRTUapplications.ThebuiltinModbus/RTUinterfaceallowsaremotehosttoenableanddisabletheindividualoutputvoltages;andtoadjustthe12V-15VDCoutputtooptimizeradiooperation.Inaddition,anumberofotherparametersmaybemonitoredandadjustedremotely.Awatchdogtimercanbeprogrammed,eitherthroughtheserviceportorovertheMODBUSinterface,whichcanbeused

toresetthesystemifcommunicationsislostforaprogrammedperiodoftime.ThePLCcanalsosendaModbusinstructiontotheUPStodisabletheinternalAC/DCpowersupplywhichforcestheUPStobatterybackupmodefortestingpurposes.AlthoughthepowersectionofPM-UPSwilloperateasastand-aloneUPS,itisintendedtooperatealongwithamicroprocessorsubsystemwhichprovidesavarietyofcontrolandmonitoringfunctions.Forapplicationsnotrequiringremotemonitoringandcontrol,theunitcanbepurchasedwithoutthemicroprocessorboard.ThemicroprocessorsubsystemcommunicateswithanexternalPLCusingMODBUSprotocoloveranRS485interface.InadditionaUSBserviceportisprovidedtoallowconfigurationofthesystem’sprogrammableparameters.

Powermetrics Introduces a UPS / Power Supply for SCADA-RTU Applications

SCADA Security: Challenges and Solutions

MostoftheseparameterscanalsobesetorchangedusingMODBUScommandsthroughtheRS485interface.TheUPSmaybeinterrogatedbytheremotehosttoreportnineanalogandsevendigitalinputs.Analoginputsincludeoutputvoltagesandcurrents,batteryvoltage,batterychargeanddischargecurrent,remotebatterytemperature,andACvoltage.DigitaloutputsincludeACvoltagepresent,batterychargerstatus,DCoutputsinrange,andwhethertheunitisACpoweredorbatterypowered.ForfurtherinformationcontactSageDesigns.

controlsystemswerelimitedtophysicalattacks.SCADAsystemoperatorsrationalizedthatifthemanagementconsoleswereadequatelyisolatedandonlyauthorizedpersonnelhadaccesstothenetwork,thesystemwasintrinsicallysecure.Therewaslittleriskoftamperingsincefewpeoplehadtechnicalexpertiseofthesystemandthedatacommunicationpathsremainedisolated.SCADAhasbeenhiddenbehinditscloakofobscurityforthepastfourdecades,withinformationtechnologymanagersconvincedthatthesesystemswouldneverbeaccessedthroughcorporatenetworksorfromremoteaccesspoints.ThemodernSCADAsystemhasevolved

significantly.Utilitycompaniesrecognizethelowercosts,easieraccessibility,andimprovedefficiencygainedthroughconnectingtheirTCP/IPnetworkstotheirSCADAsystems.Thesenextgenerationsystems,integratedwithcorporatenetworksandtheInternet,facemanychallengesintheirquesttobecomingsecure.Severalfactorshavecontributedtothegrowingvulnerabilityofcontrolsystems,including:1. Thenetworkingofcontrolsystems—

Enterpriseshaveincreasedconnectivitythroughtheintegrationoftheircontrolsystemsandenterprisenetworks.Breachesinenterprisesecuritycanariseifappropriatesecuritycontrolsarenotputinplaceforbothnetworks.

2. Insecureremoteconnections—Accesslinkssuchasdial-upmodemsandwirelesscommunicationsareusedforremotediagnostics,maintenance,andexaminationofsystemstatus.Ifencryptionorauthenticationmechanismsarenotutilized,theintegrityofthetransmitted

1 Myriam Dunn, “Critical Infrastructures: Vulnerabilities, Threats, Responses”, CSS Analyses in Security Policy, Vol. 2, No. 16, June 2007. Typically, each country has their own definition of Critical Infrastructure. For more information on the 17 U.S. sectors visit http://www.dhs.gov/files/programs/gc_1189168948944.shtm.


Sage advice

SCADA Basics Part 2Part2ofacontinuingseriesofarticlesaboutSCADAissueswherewediscussoneofthemanycommunicationsoptionsthatmaybeapartofaSCADAsystem.ThesearticlesdealwithwidelydistributedSCADAsystemsratherthanin-plantsystemswherecommunicationsissuesdifferwidelyfromthosediscussedhere.

Communications OptionsAsanyoneintheremoteSCADAindustrycantellyou,communicationstoyourremotesisthemostchallengingissuefacingtheenduserorsystemsintegrator.Inthebestofcircumstances,anyoftheavailablechoicescanworkwell,providingareliablelinktofieldassetsforpropermonitoringandcontrolofyourprocesses.Intheworstcases,theycanbeaconstantsourceoffrustrationfortechniciansandoperatorsalikeastheyarecentraltothesuccessofaSCADAsystemandoftenthemostdifficultparttotroubleshootandkeepinoperation.

Wired CommunicationsWiredcommunicationsmaysoundlikethebestchoice,butoften,thisisnotthecase.Thereareseveraloptionsforawiredsystemwhichincludedial-upmodems,leasedlinemodems,digitalphonelines,fiberopticcableanddirectwire.Ofthese,owner-installeddirectwireorfiberaretheonlytypesthatprobablyhavenomonthlyfees.Inrecentyears,

theemergenceofdigitalleased-linecommunicationproductsavailablefromthephonecompany,hasgreatlyimprovedthereliabilityofthewiredsystemwhileinthepast,theonlyoptionsotherthaninstallingyourowndirectwireweredial-upandleasedlines.Dial-upandleasedlinesystemsusethesamephonelinesbutdifferinthatleasedlinesarecontinuallyoff-hook

andareoftenbridgedinapointtomultipointtopography.Themodemsforleasedlinesareconsiderablydifferentfromdial-upmodems,astheBell-202standardislimitedto1200baudwhiledial-upcanoperateat28,800(28.8Kbps)to57,600(57.6Kbps)andevenfastersometimes.Theadvantagesoftheleasedlineoptionoverthedial-upare:(1)nodialdelay,(2)easiertoconfiguremodems,and(3)aresomewhatmoresecure.Thebiggestproblemwiththeleasedlineoptionisthatphonecompanytechniciansarenotoriousfordisconnectingthemandleavingyouwithoutcommunicationswithyourremotefordaysorevenweeksatatime.Whileadvanceddigitalphonelinesdon’toftengetaccidentallydisconnectedbyphonetechnicians,entiresystemshavebeenknowntocomedownbecauseoneleadononeremotegoestoground.Theyofferhighdataratesandgoodreliability;however,theircostcanbeprohibitive.Alsokeepinmind

thatallofthesesystemsaresusceptibletofires,baddriversorinfrastructureproblemsnotofyourmaking.Insummary,wiredsystemsusuallycarryamonthlycharge,maybeexpensivetoobtainorinstallandcanbeunreliable,butmaybeanecessarypartofyoursystem.

FiretideMesh Node Firetide Backhaul

Wireless Mesh

Firetide HotPort® 7000 SeriesWireless Mesh Nodes

• Reliable, High-Performance Networks in Challenging Wireless Environments

• Street-Level Connectivity• Encryption for End-to-End Security

UtilityCompany

Smart UtilityMeter

DataCollectionUnit

Security Products Magazine 2011 New Product of the Year

Firetide’sMobilityInfrastructurehasbeenselectedasthewinnerofSecurityProductsmagazine’s‘2011NewProductoftheYearAward’inthewirelesstechnologycategory.Firetide’sMobilityInfrastructure,whichincludestheHotPort7000andFMC-2000,deliversreliable,uninterruptedInternetconnectivityfromvirtuallyanymovingvehicleincludingfirstresponders,trains,buses,andmore,enablingarangeofexcitingnewapplicationsthatwerenotpossiblebefore.EssentiallyanystandardEthernetorWi-Fi-enableddevicesuchasiPhones,laptopcomputers,evenvideosecuritycameras,canmaintaincontinuousnetworkconnectivity,evenwhiletravellingathighspeeds.“The New Product of the Year contest gets better every year with a wider array of products and incredible technologic advances,” saidRalphC.Jensen,editor-in-chiefatSecurityProductsmagazine.“This year, participation focused on more product verticals that captured every segment of the security industry. We appreciate the entrants and their willingness to share the newest innovations of security products with us and our readers.”“Winning the Security Products New Wireless Product of the Year is a welcomed reward that highlights Firetide’s dedication in developing the very best in wireless broadband products,”saidBoLarsson,CEOofFiretide.“We have worked tirelessly to create highly reliable and

secure solutions that have a great deal of flexibility in deployment and are cost effectively utilized for a wide range of applications, from security to municipal services to public access. It’s an honor to be recognized by an industry leading security publication.”TheSecurityProductsNewProductoftheYearAwardhonorstheoutstandingproductdevelopmentachievementsofsecurityequipmentmanufacturerswhoseproductsareconsideredtobeparticularlynoteworthyintheirabilitytoimprovesecurity.Toviewallofthisyear’swinners,youcanvisittheSecurityProducts’presentation.About Firetide Inc.Firetideistheleadingproviderofwirelessinfrastructuremeshnetworksthatenableconcurrentvideo,voiceanddataforgovernment,transportationandcommercialapplications.Firetideprovidesreliablehigh-performancewirelessinfrastructuremeshandaccesssolutionsforvideosurveillance,Internetaccess,publicsafetynetworksandtemporarynetworkswhereverrapiddeployment,mobilityandease-of-installationarerequired.HeadquarteredinLosGatos,Calif.withofficesinAsiaPacific,Firetideisaprivatelyheldcompanywithworldwideproductdistribution.www.firetide.com

Security Products Magazine Names Firetide Mobility Infrastructure Family 2011 New Wireless Product of the Year


ClearSCADA Training CourseJune 4-7, 2012 - Mill Valley, CAOctober 22-25, 2012 - Mill Valley, CA (TBA)Day1(8AM–4PM) InstallingClearSCADA,IntroductiontoClearSCADA, Components,UsingViewX,UsingWebX,ClearSCADAHelp

Day2(8AM-4PM) ConfiguringusingViewX,DatabaseOrganization,BasicTelemetryConfiguration,CreatingMimics,CreatingTrends

Day3(8AM-4PM) ConfiguringusingViewX,Templates&Instances,LogicLanguages,Security,CommunicationsDiagnostics

Day4(8AM-4PM) Reports,SystemConfiguration,SystemArchitecture,Questions

Cost: ClearSCADATrainingCourse $1,890

SCADAPack Telepace Studio Training CourseMay 1-3, 2012 - Mill Valley, CAOctober 16-18, 2012 - Mill Valley, CAAn optional SCADAPack 350, SCADAPack 334 or SCADAPack 32 is available at a special price* with the course—an excellent way to get started using SCADAPack controllers.

Day1(8AM-4PM) SCADAPackcontrolleroperation,Series5000I/O,TelepaceStudiointroduction

Day2(8AM-4PM) TelepaceStudioadvancedprogrammingtechniquesandadvancedfunctions

Day3(8AM-2PM) Controllercommunications,ModbusMaster/Slaveprotocol,Diagnostics,Modems

Cost: SCADAPackTelepaceStudioCourse$1,340*OptionalSCADAPack350TrainingKit–adds$1040*OptionalSCADAPack334TrainingKit–adds$1040*OptionalSCADAPack32TrainingKit–adds$1,100

Instructors: ClearSCADA&SCADAPackTelepaceclasseswillbetaughtbyTonySannellla,SageDesigns,aFactory-CertifiedInstructor.TheClearSCADATestdriveswillbeconductedbySageDesignsorafactoryrepresentative.Location:Seeindividualcourseregistrationform.Thoserequiringovernightaccommodationsshouldcallthehoteldirectlyforreservations.

What should I bring?Laptopcomputerwithminimumrequirementsasshownonthespecificcourseregistrationforms,plusnecessarypermissionstoinstallsoftwareonyourcomputer.

What is provided?Lunchandcoffee,softdrinksandsnackseachday.

*Optional Training Kits at special course pricing (Telepace class only): Limit one (1) for every two (2) students per organization. Training Kits will be shipped N/C to training facility, provided your registration is received approximately 4 weeks before the first day of the course, or shipped to you after the course when available. Training kits include a SCADAPack 350, SCADAPack 334 or SCADAPack 32 Controller, Telepace Studio Software, Hardware Manual (on CD-ROM), I/O Simulator board, AC/2 Transformer, & programming cable. Prices do not include applicable California sales taxes.

TM Training Classes

Download the Registration form at: http://www.sagedesignsinc.com/events/index.htm

Please send me the Registration Form ClearSCADA: ❑ June 4–7, 2012 – Mill Valley, CA ❑ October 22–25 2012 – Mill Valley, CA SCADAPack Telepace: ❑ May 1–3, 2012 – Mill Valley, CA ❑ October 16-18, 2012 – Mill Valley, CA

Name(please print): Title:Company: Phone:Address: Fax:

Email:City/State/Zip:

* * * Registration Deadline: 2 weeks before 1st day of course * * *Allregistrationsaresubjecttocancellationfees.Aconfirmationnoticewillbesenttoallregistrantsonorbeforethedeadlinedate.

Schedule Your Own

Free Hands-On Test DriveCalltoScheduleaTestDriveCall 1-888-ASK-SAGEemail:[email protected]

(20 Contact Hours)(28 Contact Hours)

ClearSCADA SCADAPack

150 Shoreline Hwy. #8A, Mill Valley, CA 94941-3634 � Phone: 415-331-8826 . 1-888-ASK-SAGE . Fax: 415-331-8969 . 1-888-FAX-SAGE � www.SageDesignsInc.com

S C A D A W i s e B a s i c s

November 9, 2011 December 7, 2011 8AM — 1PM 8AM — 1PM SpringHill Suites by Marriott Holiday Inn Hotel & Conference Center 10593 Fairway Drive 9000 W. Airport Drive Roseville, CA 95678 Visalia, CA 93277 This ½-day course is designed for the non-technical person who wants to understand basic SCADA principles.

• PLCs vs. RTUs • Radio Systems • Host SCADA Software • Open Architecture Systems • SCADA Protocols

(3.5 Contact Hours)

S C A D A P a c k B a s i c s

November 9, 2011 December 7, 2011

Noon — 5 PM Noon — 5 PM SpringHill Suites by Marriott Holiday Inn Hotel & Conference Center 10593 Fairway Drive 9000 W. Airport Drive Roseville, CA 95678 Visalia, CA 93277 This ½-day course is designed for the mildly technical person who owns SCADAPack Controllers, but will never write programs.

• Tour of New Telepace Studio Software • Indicator Lights on SCADAPack Controllers • Communication Port Setup and Diagnostics • Boot Modes • Dowloading and Monitoring Programs

(3.5 Contact Hours)

What should I bring? Your thinking cap only. The SCADAPack Basics Course offers limited hand-on portions, equipment provided.

What is provided? Lunch (from Noon-1PM), coffee, soft drinks and snacks during course day.

To Register: Call 1-888-ASK-SAGE to reserve your seat. Then complete the information below and send to us

via fax to 1-888-FAX-SAGE or by email [email protected]. A confirmation will be emailed to you.

Name (please print):

Title:

Company:

Phone:

Address:

Fax:

City/State/Zip: Email:

Lunch choice (Nov 9) – A, B or C:

Lunch Choice A = Chicken Pesto Ciabatta, Choice B = Creole Chicken Wrap or Choice C = Penne Pomodoro (vegetarian)

Lunch choice (Dec 7) – A, B or C:

Lunch Choice A = Chicken Cordon Bleu, Choice B = Marinated Beef Tenderloin or Choice C = Pasta Primavera (vegetarian)

□ Roseville (November 9, 2011) — o r — □ Visalia (December 7, 2011) □ SCADAWise Basics Course (Morning Class only, lunch from 12-1PM) $ 450.00 (non-taxable services)

□ SCADAPack Basics Course (Afternoon class only, lunch from 12-1) $ 450.00 (non-taxable services)

□ Both SCADAWise Basics & SCADAPack Basics Courses (all day rate) $ 795.00 (non-taxable services)

METHOD OF PAYMENT: Purchase Order, Prepaid Check, Visa or Mastercard. Payment should be made to Sage Designs, Inc.

Course fees are due on or before the first day of class. No Shows or Cancellations made less than 6 business days prior to the first day of training will be billed at the full amount and

are not refundable. A confirmation notice will be sent to all registrants on or before the deadline date.

□ Purchase Order Billing: After telephoning your intent to register, fax/email Purchase Order addressed to Sage Designs, Inc.

Total to be invoiced against PO #____________________ is $_________________.

□ Prepaid Check: After telephoning your intent to register, mail a check addressed to Sage Designs, Inc. along with a copy of this form. Total Prepaid Check Amount: $________________.

□ Visa or MasterCard Billing: After telephoning your intent to register, fax or email this form. Total to charge on the first day of course $_________.

Visa or Master Card Acct #: ____________________________________________ Expires (MO/YR):_______ Cardholder Name (please print): _________________________________________ Phone: _____________________ Cardholder Authorization Signature: ____________________________________ email: ______________________ Cardholder Billing Address: _________________________________________________________________________ City:_____________________________________________ State: _____ Zip: ________________________________

* * * Registration Deadlines: November 2, 2011 (Roseville) and November 30, 2011 (Visalia)* * *


FiretideFWB-205outdoorwirelessEthernetbridgesprovidelow-cost,high-capacityconnectivitybetweentwolocations.FWB-205utilizestheMIMOtechnologytoprovideincreasedthroughputandperformanceforabackhaullink.FWB-205issoftware-configurabletooperatein5and4.9GHzandcandeliverupto150MbpsofUDPthroughput.

Complete Infrastructure SolutionFWB-205productlineisanaturalexpansionofFiretide’scorewirelessinfrastructuretechnology.Firetide’sexpertiseinlarge-scalewirelessmeshnetworksforvideo,dataandvoiceapplicationsinharshenvironmentsensuresthatitsbridgesareoptimizedtoprovidethehighestperformance,securityandreliabilityintheindustry.

Concurrent Voice, Video, DataFWB-205bridgeisoptimizedtoprovidehigh-capacityandlow-latencyconnectivityfordemandingdata,voiceandvideoapplications.Point-to-pointconnectivityiscriticalformunicipalities,publicsafety,industrialinstallationsandcampusenvironments.Inadditiontothesemarkets,thisproductservestheneedsofwirelessInternetserviceprovidersandtelecomoperatorsFWB-205providestruebridgingfunctionalityandisagnostictothetypesofclientorprotocolsonthenetwork.FWB-205supportstransparentoverlayofmultiplesubnet(VLANs)overthepoint-to-pointlink.Italsoprovidesseamlesstransportofmulticastandbroadcasttrafficoverthepoint-to-pointlink,includingIPTVdistribution,videoondemand,videosurveillanceandvideoconferencing.Inaddition,topreventbandwidthabuse,FWB-205providesadvancedtoolssuchasmulticastratelimits.

Privacy and SecurityFWB-205supportstheindustry’shighestlevelofsecuritytoensureprivacyforcommunicationsandreduceliabilityforserviceproviders.LikeallcomponentsoftheFiretidewirelessmeshandaccessinfrastructure,FWB-205offersWPA2-PSK(Wi-FiProtectedAccess)encryptionforanunmatched,solid,andtrustednetwork.

Flexibility of DeploymentDeployedasastandalonesolution,theFWB-205linkismanagedviaabrowser-basedmanagementinterface.CustomerscanalsointegratetheFWB-205linksintoalargerFiretidemeshnetworkmanagedbyHotViewPro™networkmanagementsoftware.Designedforaneasy“out-of-the-box”installationexperience,theunitpairisshippedpreconfiguredandwithallaccessoriesincluded.TheFWB-205isbundledwithtwoexternal3-in-1MIMOantennasfor4.9and5GHz.Anintegratedantennaalignmenttoolprovidesstep-by-stepguidanceinachievingmaximumsignal

Firetide Point-To-Point Bridges - Make Any Network Device Wireless informationisvulnerable.

3. Standardizedtechnologies—Organizationsaretransitioningtostandardizedtechnologies,suchasMicrosoft’sWindows,inordertoreducecostsandimprovesystemscalabilityandperformance.Theresultismorepeoplearmedwiththeknowledgeandtoolsabletoattackasystem,andanincreaseinthenumberofsystemsvulnerabletoanattack.

4. Availabilityoftechnicalinformation—Publicinformationaboutinfrastructuresandcontrolsystemsisreadilyavailabletopotentialhackersandintruders.Designandmaintenancedocumentsandtechnicalstandardsforacriticalsystemcanallbefoundontheinternet,greatlyjeopardizingoverallsecurity.2

WithsomuchridingonSCADAsystems,itshouldcomeasnosurprisethatshortlyafterSeptember11,2001,governmentofficialsfoundevidenceofterroristgroupsvisitingwebsitesthatoffersoftwareandprogramminginstructionsforthedigitalequipmentthatrunpower,water,transportandcommunicationsgrids.Furthermore,ithassincebeenproventhattheinnercontrolsofcriticalinfrastructuresystemshavebeenthetargetofcyberattacks.Forexample,in2006awaterfiltrationplantnearHarrisburg,Pennsylvaniahaditssecuritysystemhacked.Malicioussoftwarethathadthecapabilityofdisruptingthewatertreatmentoperationswasplantedfromanoutsidesourceintothecomputersystem.3

Mostrecentlytoshakethecybersecurityworldwasthe“Stuxnet”malware,discoveredinJune2010.OnNov29,2010,Iran’spresidentMahmoundAhmadinejadpubliclydisclosedthattheStuxnetcyber-threathadaffectedhiscountry’suraniumenrichmentefforts.Itisbelievedthatthecodewasdesignedtosabotagenuclearplants,specificallytargetinganindividualcompany’sconfigurationsoftwareandcontroldevices.ThisintelligentwormwasprimarilyspreadviaUSBsticksbutwasfoundtoalsoinfectsystemsthroughnetworksharesandSQLdatabases.AccordingtoSymantec,thewormwouldsearchforspecificmodelsoffrequencyconverterdrivesmadebytwofirms.Oncethewormfoundtherightconfiguration,itsabotagedoperationsbyintroducingsubtlechangestothespeedofthefrequencydrivesoverseveralweeks,

whiledisplayingnormalreadingstomaintainitsstealth.TheStuxnetmalwarebeganinfectingsystemsinJanuary2009andreportsindicatethatmorethan100,000computersystemshavebeeninfectedworldwide.Historicdatafromtheearlydaysoftheattackshowedthat58.85%ofinfectionsoccurredinIran,18.22%occurredinIndonesia,and8.31%occurredinIndia.4Althoughnoseriousdamagewascausedtoanyutilitysectors,thissophisticatedmalwarehighlightstherisksmodernSCADAsystemsfacewithrespecttoconnectivity,insecureremoteconnections,standardizedtechnologies,andreadilyavailabletechnicalinformation.Cybersecurityisatopicforutilityexpertsandmanufacturersthatcannolongerbeignored.5

Proactive Cyber Security is Smart BusinessEnsuringcybersecurityincontrolsystemsmayatfirstseemlikeadauntingtask,asitrequiresacommitmentfromtheentireorganization.UppermanagementneedstorecognizethenumerousbenefitsofasecureSCADAsystem.Theseadvantagesincludeensuringsystemuptime,reliabilityandavailability.Implementinggoodcybersecurityissmartbusinessbecauseasecuresystemisatrustedsystem,andcustomerretentionandloyaltyisbuiltaroundtrust.Vendors,systemintegrators,ITandcontrolengineersallshareintheresponsibility.TherearemanyresourcesavailablenowtohelpcriticalinfrastructureSCADAsystemsenhancetheirsecurity.Forexample,thestandardISA99–IndustrialAutomationandControlSystemsSecurity,establishesbestpractices,technicalreports,andrelatedinformationtodefineproceduresforimplementingandassessingelectronicallysecuresystems.Compliancewiththisstandardcanimprovemanufacturingandcontrolsystemelectronicsecurity,helpidentifyandaddressvulnerabilities,andreducetheriskofcompromisedconfidentialinformationandsystemdegradation.6

Governmentregulationsalsoexistandcontinuetoevolvewiththegoalofsecuringcriticalinfrastructureindustries.Themostambitiousforinfluencinggovernmentpolicyisthenon-profitNorthAmericanElectricReliabilityCorporation(NERC)–CriticalInfrastructureProtection(CIP)standard.KnownasNERC-CIP,thisstandardhasitsrootsintheElectricityModernizationActwhich

Continued from page 1

Continued on page 6


FWB-205and Video

SurveillanceCamera

FWB-205

FWB-205

Remote Office

Remote Office

Head Office

5 GHz Broadband Link

4.9 GHz Surveillance Link

Firetide Wireless BridgeTypical Deployment Scenario

FWB-205

FWB-205and Video

SurveillanceCamera

FWB-205

FWB-205

Remote Office

Remote Office

Head Office

5 GHz Broadband Link

4.9 GHz Surveillance Link

Firetide Wireless BridgeTypical Deployment Scenario

FWB-205

2 United States General Accounting Office, “Critical Infrastructure Protection, Challenges and Efforts toSecure Control Systems”, GAO-04-354, March 2004.3 Philip Leggiere, “Infrastructure Security, Securing SCADA”, HSToday, www.hstoday.us, September 2008.4 Jarrad Shearer, “W32.Stuxnet”, Symantec, www.symantec.com, September 17, 2010.

Continued on page 7


Security

Instruments & Controls

BaseRadio

SCADAPack

Field Devices

SCADAPackSmart RTU

AccutechWirelessInstrumentation

RemoteCommunication Network

BusinessSystems

Control Room

BackboneIP Network

ClearSCADASoftware

TrioData Radio

RemoteMaintenance

RemoteWeb Users

BusinessApplication Servers

Remote Assets

A complete integrated sensor to enterprise solution that will go beyond addressing the most

challenging remote monitoring and control application and help you efficiently manage and operate

a secure and reliable water infrastructure.

Telemetry Solutions for Water & Wastewater

200MM

100MM 70MM

50MM

25MM

15MM

9MM

35MM

Telemetry & Remote SCADA Solutions

> ClearSCADA Software

> Trio Data Radios

> SCADAPack Smart RTUs

> Accutech Wireless

Instrumentation

www.controlmicrosystems.com



ispartoftheUSEnergyPolicyActof2005.WithintheEnergyPolicyActof2005,thereisasection,whichdictatesthattheNERC-CIPstandardrequiresallpowerplantsandelectricutilityfacilitiestodevelopnewcybersecuritysystemsandproceduresinaccordancewitha3-yearimplementationplan.ThereareeightdifferentCIPstandardscoveringeverythingfromSecurityManagementControlandCriticalCyberAssets,toIncidentReportingandRecoveryPlans.Eachoneoftheeightstandardsdefinesaseriesofspecificrequirements.Thestandardsare:• CIP-002-1:CriticalCyberAsset

Identification• CIP-003-1:SecurityManagement

Controls• CIP-004-1:PersonnelandTraining• CIP-005-1:ElectronicSecurity

Perimeter• CIP-006-1:PhysicalSecurityof

CriticalCyberAssets• CIP-007-1:SystemsSecurity

Management• CIP-008-1:IncidentReportingand

ResponsePlanning• CIP-009-1:RecoveryPlansforCritical

CyberAssetsNowthatwe’reseeingcongressionalactionandgovernmentpenaltiesfornon-compliance,SCADAcybersecurityisbeingtakenmoreseriously.7

Encryption and AuthenticationInordertomeetCIP-005-1andCIP-007-1standards,encryptionandauthenticationarecriticalelementsinacomprehensivecybersecuritysolution.TypicalSCADAsecuritymeasuresconsistofphysicallysecuringthehardwareandtransmissionmedia,andemployingcommoncybersecuritydefensessuchaspasswordprotectionandanti-virusutilities.Communicationsecuritymeasuresarehardertoenforcesincemoderndayhackerscaneasilyidentifyconfidentialphonenumbers,decodeproprietaryprotocols,andbypassfirewallsandgateways.EncryptionandauthenticationarehighlyeffectivemethodstoreducesomeofthesecyberthreatstoSCADAcommunications.TherearetwoopenstandardsforSCADAcommunicationsavailableonthemarkettodaythatweredevelopedtoprovidesecuritythroughencryptionandauthentication:• IEEE6189suite—AlsoknownasAGA

12incorporatedinIEEE1711,thesestandardssecureSCADAequipmentcommunication.

• IEC62351suite—SecureAuthenticationforDNP3communicationisbasedonthisstandard.

Encryptionistheactofmanipulatinginformationuntilitappearsalmostmeaninglesstothecasualobserver.Decryptionistheprocessthattakesplacetorestoreanencryptedmessagebacktoitspreviousreadablestate.InatypicalSCADAsystem,messagesaresentusingagivenprotocolformat,suchasMODBUSorDNP3.Anyonewhocanseethemessagesbeingtransmittedcandecodethemandseewhatinformationisbeingtransferredfromdevicetodevice.OnanencryptedSCADAcommunicationsystem,messagesaretransformedintoaseeminglygarbledsequenceofbytes.Shortmessagesarestuffedwithextrarandomdatatomakeitdifficulttoestimatethesizeortypeofthemessagesbeingtransmitted.Acasualobservercandeterminelittlemorethanthefactthatamessagehasbeensentfromonedevicetoanother.EncryptionmakesspyingonandtamperingwithSCADAnetworksmuchmoredifficult.Likemanyformsofphysicalorelectronicsecurity,encryptionusesakey.Thistypeofkeyisasecretsequenceofdatathatdetermineshowtheinformationbeingsentbetweendevicesisobscured(encrypted).KeepingthiskeysecureisafundamentalpartofSCADAsecurity.Itisthereforeimportanttoreiteratethatemployingadiverserangeofsecuritymeasureswillalwaysprovemoreeffective.Theotherlayersofsecurity,likephysicallocks,operatingprocedures,andseparatelysecuredcorporateandSCADAnetworksarenecessarytoprotectencryptionkeys,andthesystemasawhole.AuthenticationistheprocessbywhichonepartofaSCADAsystemprovesitsidentitytoanother.ASCADAdevicereceivingacriticalmessage,suchasacommandtoperformcontrolsorrespondwithdata,canchallengethesendingdevice’sidentity.Thesendingdevicemustthenprovidethechallengeresponse.Ifthereceivingdeviceissatisfiedwiththechallengeresponsethenitwillactontheoriginalcommand.Likeencryption,authenticationrequiresthecommunicatingSCADAdevicestohaveamutuallyknowsecretkey.Whereasencryptionusesitskeyto

transformentiremessagesintoanencrypteddatastream,authenticationchallengesandchallengeresponsesusetheirkeystocreatespecialdigitalsignatures.Themathematicsusedinauthenticationissimilartothatofencryption,butasmalleramountofdataneedstobemanipulated.ThismeansthatauthenticationiscomputationallyfarcheaperthanencryptionandtypicallyusesthestructureoftheoriginalSCADAprotocolforbettercommunicationefficiency.AuthenticationpreventsmaliciouspartiesfromcontrollingasecuredSCADAdevice,butitwillnotstopthemfrominterceptingmessagesandreadingtheircontent.Achieving Your Secure SCADA with Schneider ElectricAsdescribedabove,governmentismandatingthedeploymentofsecuritytechnologyforSCADAsystemsinsomeutilitysectors,whileforthemomentleavingothersfreetochoosewhethertheydeploysecurityornot.Withthegrowingvulnerabilitiesofcontrolsystemsandthepotentialforharmandcivildisruptioninabreachedcriticalinfrastructuresystem,SCADAusersareadvisedtoformulateanddeployasecurityplanthatmeetstheirindividualandimmediateneeds.Evenwithinasecuritymandatethereisscopeforchoiceabouthowtoimplementthesecuritysystem:authenticationorencryption,orboth.SchneiderElectric’sSCADAPackEcontrollersprovidebothIEEE6189messageencryptionandDNP3secureauthentication.TheEcontrollersnowprovideDNP3communicationstothelatestDNP3-2009standardaswell.Anewuser-friendlysecurityadministratorisavailableformanagingDNP3secureauthenticationandAGA12encryption

securityandismultigroupawaresoitcanbeusedtomanagesecurityconfigurationsformultiplecontrollersinasystem.TheSCADAPackEConfiguratorsoftwarefurtherenhancessystemsecurityasitcooperateswiththeEcontrollerstoauthorizeconfigurationsoftwareinstallation,authorizeusers,andpreventsystemmanipulation.Thistechnologyaddressesthevulnerablesecuritygapthatcommonlyexistsbetweencontroldevicesandtheirmanagementsoftware.ThispowerfullineofprogrammablelogiccontrollerswithremoteterminalunitfunctionalityisdesignedspecificallyfortelemetryandremoteSCADAwaterandwastewaterapplications.Withimprovingoverallsystemvisibilityandsecurityatitscore,Econtrollersmaintainnoholesindataevenwhencommunicationlinksgodownandallowenduserspeaceofmindintheirsystemdata’sintegrityforbillableapplicationsorcriticaloperations.In2011,wewillseeutilitiestakeamoreproactiveapproachtoprotectingtheirSCADAinfrastructurewiththeadoptionofencryptionandauthenticationtechnologiestomeetcompliancestandardsandavoidthemonetaryfinesandreputationaldamagethatasecuritybreachcancause.— by Metin Ozturk & Phil Aubin, Schneider Electric, Telemetry & Remote SCADA Solutions

Continued from page 4

5 For control system security program information and incident reporting, visit Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at www.ics-cert.org.6 The International Society of Automation, “ISA99, Industrial Automation and Control System Security”, http://www.isa.org/MSTemplate.cfm?MicrositeID=988&CommitteeID=6821.7 Philip Leggiere, “Infrastructure Security, Securing SCADA”, HSToday, www.hstoday.us, September 2008.

SCADAMaster Station

ConfigurationSoftware

Secure SecureCommunicationNetwork

SCADAPack E Controllers

Telemetry & Remote SCADA Solutions


In2005,SweetwaterSpringWaterDistrictinGuerneville,CAinstalledanewSCADAsystemforwaterdistribution.Thisisatoughapplicationforradios,withhills,mountains,anddenseredwoodforestsprovingchallengingfortheradiosystem.Thecompletedsystemhasovertimeproventoberobustandreliable,requiringlessmaintenanceandhigherreliabilitythanmighthavebeenanticipated.Agooddesign,coupledwithcarefulsystemintegration,hashelpedachievethishighreliability.TheSCADAsystemprovidesforcontrolandmonitoringof10remotesites.Tankleveldataissenttopumpsites,andpumpsitesreacttothetankleveldatabyoperationofthepumpstokeepthetanksfull.TheSCADAsystemprovidesmonitoringatthecentralofficeofequipmentstatus,processdata,alarmdata,anddatacollection.TheSCADAsystemconsistsof11SCADAPackprogrammablelogiccontrollers(PLC),monitoringapproximately13remotesites.TeledesignSystemsTS4000radiosateachPLCsiteprovidelicensedfrequencycommunicationsat467MHz.Thisfrequencyisabletocutthroughthethickredwoodforeststhatsurroundmanysites.ASCADAPackVision10operatorinterfaceprovidedlocallyateachPLCsiteprovideslocalcontrolandmonitoring.SomePLCsitescommunicateviaBell202modemandburiedcabletoothernearbysites.TheFrontEndProcessorPLCandtheSCADAcomputerarelocatedatthecentraloffice.TheSCADAcomputerisfull-featured,andprovidesformonitoringandcontrol,alarming,alarmdial-out,andremoteaccess.ThePLC’s,radios,andoperatorinterfaceswereallprovidedthoughSageDesigns.ControloftheSCADAsystemisdistributedthroughouttheSCADAsystem.Thismeansthattanklevelcontrolatapumpingsitedoesnotrequirethemastersite(DistrictOfficesite)tobefunctionalforthelevelcontroltobeoperational.Thetanklevelcontroldoesnotrequireeventhataradiorepeaterbefunctional.Thisdistributionofcontrolprovidesforrobustnessbyavoidingsinglepointsoffailure.Radiocommunicationscontrolisdistributed

Robust SCADA System at Sweetwater Springs Water Districtalso.Thereisnotonemasterradiositethatprovidesforradiocommunicationsthoughouttheradiosystem.Thereisnosinglepointoffailureintheradiosystem.Thedetailsofthisfeatureareinthefollowingparagraphs.Theradiosystemconsistsofremotesites,repeatersites,combinationremoteandrepeatsites,andonemastersite.Thepumpsitesgenerallyhavedirectionalantennaspointingtotheirassociatedtanksite.Thetanksiteshaveantenna(omni-directionalordirectional)thatallowcommunicationsbothwiththeirassociatedpumpsite,aswellasarelaysiteand/orthemastersite(centralofficesite).ThereisalsoamainrepeatersiteonMountJacksonthatisusedbymuchoftheradiosystem.Quiescenttelemetrywasdeployedonthisprojectasspecified.QuiescenttelemetryisamethodofSCADAcommunicationsinwhichtheremotesitesarenotpolledbyamastersite.Withquiescenttelemetry,eachremotesitetransmitsdatatothemastersiteonanas–neededbasis,sendingalarmsandchange-of-stateinformationonanas-neededbasis,andalsosendinganalogdataperiodicallyasneededwhenaspecifiedchangeofanalogsignalisdetectedbythePLC.Thisissometimescalledreport-by-exception.Quiescenttelemetryismoredifficulttodeploythanthetypicalpollingsystem,butdoesoffersignificantadvantages.ThedisadvantagetoquiescenttelemetryisthatthelogicforcommunicationsisspreadovertheSCADAsystem,andtransmissionscanoriginatefromalmostanyremotesite,makingstartupandtroubleshootinglessstraightforwardandpossiblyincreasingtheamountoftimethatstartuprequires.Thisdisadvantageofquiescenttelemetryismitigatedbyonevaluablefeature:TheremotediagnosticfeatureavailablewiththeTeledesignSystemsTS4000radiosallows“pinging”ofeachremoteandrelaysitefromthemastersite,whichprovidesinformationonthecommunications

routing,signalstrengths,andsuccessandfailureofthepinging.Theremotediagnosticfeaturealsoallowstracingofradiopacketsreceivedatanyradio.Withthisradiodiagnostictool,fromonecentrallocationtheusermayobtainavaluablepictureofthehealthandperformanceoftheentireradiosystem.Therearealsosomesignificantadvantagestotheuseofquiescenttelemetry.Becausedataistransmittedonlyonanas-neededbasisbytheremotesites,theradiofrequencyremainsquiet(hencethename“quiescenttelemetry”).Thisquietoftheradiosystemleavesroomformultipleradioconversationsoverasinglecommunicationschannel.TheSCADAsystemdesigncalledforbackuppeer-to-peerradiocommunications.Inotherwords,normallytheremotetanksitelevelsignalistransmittedtothecentral,andthecentralsitere-transmitsthissignaldatatotheremotesites(primarilypumpingsites)thatneedthisdataforcontroloftheprocess.Thepeer-to-peermodeworksasfollows:Ifapumpsitehasnotreceivedleveldatafromthecentralofficesiteinaspecifiedperiodoftime,thepumpsite’sradiowilltransmita

requestforlevelsignaldatadirectlyfromit’sassociatedtanksite.IftheDistrictOfficesite(mastersite)fails,andthemainrepeatersitefailsatMountJackson,thepairsoftankandpumpsiteswillthencommunicatewitheachotherbypeer-to-peercommunications,providingfortanklevelcontrolinadistributedfashion.ReliabilityoftheSCADAsystemisfurtherenhancedbyuseofmultiplerepeaters.Someremotesitesdoubleasrepeatersites.Manyremotesitescancommunicatewiththealternaterepeatersites,sothatincaseoffailureofthemainrepeatersiteatMountJackson,thealternaterepeatersitesseamlesslyprovideforanalternatecommunicationsroute.— By Douglas H Wirth, Sky Valley Engineering Services. Sky Valley Engineering Services has provided startup services and ongoing support to Sweetwater since 2006. Sky Valley specializes in SCADA system installation, upgrades, and maintenance for water districts and other industries in Central California since 2006. Sky Valley Engineering Services may be reached at [email protected].

quality,translatingtobetternetworkperformanceandthroughput.

Enhanced Radio ManagementTheFWB-205enhancestheRadioManagementcapabilitiesofthebridgebyprovidingasecondradiowhichwillbededicatedforRFMonitoringpurposes.Thisenablesfeaturessuchasspectrumanalysis,channelloadanalysis,interferencedetectionandmitigation.

Alsosincetheradioisdedicated,thisenablesfasterresponsetoneighborhoodRFchanges.

Features Include:• WirelessVideoTransmission• 150MbpsofUDPthroughput• IEEE802.11a/b/g/n• Highpowerradio:3X3MIMOdual

stream,400mW

• Supportstheindustry’shighestlevelofsecurityWPA2-PSK

• UnitpoweredviaPower-over-Ethernet(PoE)

• Intuitiveweb-basedinterface• Adjustablefrequencyranges

minimizinginterference• Easyinstallation Formoreinformation,contactyour

FiretidePartner,SageDesigns.

Firetide Point-To-Point Bridges - Make Any Network Device Wireless Continued from page 4

SCADAClearSCADA Enterprise Software SCADAPack RTU/PLC Controllers

FlowStation Pump ControllersWIN-911 Alarm Notification Software

WIRELESSTRIO Spread Spectrum & Licensed Radios

Firetide Broad-Band Mesh Network

Teledesign Systems VHF & UHF Licensed

FreeWave Spread Specturm Serial & Ethernet

SECURITYAnalog & IP Cameras, Video Surveillance

Hardware & Software

PureActiv Video Analytics & Camera Management

MS4 PERMITTING SOFTWARE CBI Systems, Ltd MS4 Permit Manager™

& MS4web™ software

1-888-ASK-SAGE • 1-888-FAX-SAGEwww.SageDesignsInc.com

Acknowledgements: SCADAPack™, FlowStation™, and ClearSCADA™ are trademarks of Control Microsystems Inc., (Schneider Electric Telemetry & Remote SCADA Solutions brand). Win-911® is a registered trademark of Specter Instruments. HotPort™, HotClient™, and HotView™ are trademarks of Firetide, Inc.. Firetide® is a registered trademark of Firetide, Inc.

S C A DA , S e C u r i t y & Au to m At i o n n e w S l e t t e rCa lendar of Events

SAve A TRee

150 Shoreline Hwy., Suite #8AMill Valley, CA 94941-3634

Return Service Requested

STANDARD MAILuS poSTAGE pAID

pERMIT 191SANTA RoSA CA

March5-8,2012 ClearSCADA Training Course*,Indio,CA

April4,2012 CA-NV AWWA 2012 Spring Conference,SantaClara,CA

April18,2012 CWEA AC 2012 Annual Conference, Sacramento,CA

May1-3,2012 SCADAPack - Telepace Studio Ladder Logic Training Course*, MillValley,CA.

June4-7,2012 ClearSCADA Training Course*, MillValley,CA

June10-14,2012 AWWA ACE ’12 Expo, Dallas,TX.Visitourmanufacturers’exhibits.

June20,2012 Wine Country Water Works Trade Show & Symposium,Healdsburg,CA

September12-14,2012 CWEA Northern Regional Training,Redding,CA

September25-27,2012 Tri-State Seminar on the River,Primm,NV

Sept.29-Oct3,2012 WEFTEC.12, NewOrleans,LA.Visitourmanufacturers’exhibits.

October8-11,2012 CA-NV AWWA 2012 Fall Conference, SanDiego,CA

October16-18,2012 SCADAPack - Telepace Studio Ladder Logic Training Course*,MillValley,CA.

October22-25,2012 ClearSCADA Training Course*, MillValley,CA

November5-7,2012 CASQA Annual Stormwater Conference, SanDiego,CA

*Downloadtheregistrationformfromourwebsiteorcallformoreinformation.

Documents

SCADA, SeCurity & AutomAtion SCADA Security: ... • Training Classes ... Powermetrics Introduces a UPS / Power Supply for SCADA-RTU Applications SCADA Security: