SCADA: The Next Secure Generation

The juicy headlines in cyber warfare may center on IT battles between Google and Chinese hackers, but security experts at US Cyber Command at Fort Meade, Md., are much more concerned about SCADA systems. The embedded controllers that make up Supervisory Control and Data Acquisition networks manage critical systems such as power plants and water treatment plants, and thus represent a tempting spot for adversaries to exploit.

Concern about SCADA is scarcely a surprise, given the Stuxnet worm that attacked Iranian uranium centrifuges a year ago. Stuxnet was designed specifically to modify the behavior of Siemens programmable logic controllers, or PLCs, based on Windows. In recent weeks, Siemens has scrambled to patch software holes in its Simatic S7 PLC system, holes that were revealed by academic researchers in late May.

This underscores the radical changes that have taken place in SCADA markets since industrial floors were dominated by 8-bit PLCs from Siemens, Modicon, and Rockwell Automation/Allen-Bradley. It's no surprise that controllers have followed the IT addressability trends of 8-bit to 32-bit, even opting for 64-bit controllers in some systems. But the more critical change has come in seeing SCADA systems move to mixed-signal, fault-tolerant systems with advanced real-time software.

The simplest real-time kernels in past SCADA systems have been replaced by advanced real-time environments from the likes of Intel/Wind River and QNX. Such kernels offer the embedded equivalent of multithreading and virtualization. They provide links to specialized legacy industrial buses such as CAN and ProfiBus. For industrial operations ready to make the move to Linux, companies such as LynuxWorks and MontaVista (now a division of Cavium Networks) offer hard real-time capabilities with the advantages of a Linux open-source community for embedded application development.

The emphasis on fault tolerance and rapid failover for SCADA networks has driven a unique concern over networks, as well. SCADA systems are following most IT and embedded networks in moving to Ethernet protocols. But the SCADA version of Ethernet is only secondarily concerned with speeds that surpass a gigabit per second. Backbone performance takes a back seat to concern over Ethernet failover switching, packet visibility, and network synchronization. The key standards SCADA system managers demand for Ethernet switching are High-availability Seamless Redundancy (HSR, as specified in IEC62439-3), IEEE 1588 v2 network synchronization, and Y.1731 Ethernet Operations Administration and Maintenance.

New groups like Open SCADA Security Project are advocating wider use of encryption and better client-server access management. Such efforts are long overdue, given that secure access to SCADA consoles is now being offered through apps on the iPhone and Android smartphones.

In theory, all these SCADA upgrades should make the industrial process-control network as redundant and fail-safe as an advanced datacenter for IT aggregation. If you detect a slight note of sarcasm in this observation, it's intended. Datacenters can fail, and so can power plants. Microcontrollers and real-time operating systems are a long way from being as bulletproof as the semiconductor and embedded-software vendors intend them to be. And let's face it -- designing SCADA on Linux can serve as a red flag to certain subsets of the hacker community who see Linux in embedded applications as a unique challenge.

So the concern over SCADA by the cyber warriors who dwell in the shadows is legitimate. Governments on all sides see proactive SCADA probes as a good way to challenge adversaries. At the same time, individual hackers are moving to attacks on embedded systems. The effort to turn SCADA networks into 21st century fault-tolerant fortresses may be taking place barely in time -- if such efforts are not too late already.