Securing SCADA Systems


The KTC Approach

 

As a part of Critical Infrastructure Protection (CIP), four main problems dominate the design, installation, and operation of security programs for SCADA systems:

  • They typically have many, relatively smaller physical structures,
  • In wide-spread geographical areas,
  • With visible power sources/supply lines, and
  • Are guarded, if at all, by local police forces.

 

Often a fifth problem pops into the design equation as well:

  • The large number of sites and the criticality of their operation are not reflected in the budgets available for securing those sites.

 

Finally, operationally there are really three more problems:

  • The system exists to aggregate and/or derive, repeat and/or record, and transfer data deemed critical by its owners,
  • The structures are important also because they contain sensitive and expensive equipment, and
  • The data itself and the equipment itself are complimented by an overland transmission subsystem (wire, microwave, satellite, or Internet-based) that is vulnerable as well.

 

These factors, or SCADA Vulnerabilities, make the otherwise fairly simple task of securing a port facility, for example, much more difficult. But these factors also contain within themselves a “mitigating” factor or two:

  • The relatively small size of each constrains the physical scope, and
  • The wide-spread area means work will be spread over multiple areas – increasing local jobs – and parallel deployment is made easier and more rapid;
  • The visibility of power sources makes their inspection easier, and
  • Local officers typically have more “local sources of information” available.
  • The smaller budget remains a problem but is offset partially by lower expense due to the smaller physical size and easier inspection factors.
  • Data usually can be protected/backed up continuously offsite,
  • The equipment is off the shelf and can be purchased in larger quantities, and is purchased in ruggedized version/configuration.
  • Multiple (“redundant”) communication systems can be employed fairly inexpensively at each site.    

 

As a consequence, the possible solutions to the “problem” become clearer: design needs to build upon common elements, deployed in rapidly installed, turn-key buildings, with multiple communication systems, back-up systems, and minimal power demands. Antennas/dishes should be mounted to the extent possible in the very middle of the structure’s roof (visible but hard to reach), and a reliable alarming system needs to be employed, one which also alarms in one or more local police and fire stations.

 

KTC’s well-practiced approach to SCADA Security is to use prefabricated (to our design – allowing the antenna mounts, mounts for lights and alarm mechanisms, and with shelving for the system data handling/recording equipment, the communications equipment and the back-up power systems) blast resistant structures, such as the A Box 4 U, SafetySuite™.

 

For many of the international systems we design and install we use a product made by well-known S2 Security Corporation for alarming the mini-compound.

 

Perimeter Protection and Fencing meets US MIL-HNBK-1013 and MIL-STD-3007.

 

All parts are kitted at our assembly and integration point and shipped intact. The ground preparation at each site includes a standardized footprint reinforced concrete pad. Electrical and communication runs/chases are always in the same configuration.

 

The units are shipped, by any method including international shipping, with reinforcing padding and crating inside to protect equipment and the internal structures and shelving/racks. Typically a sufficiently equipped crane can be found in any locality; two riggers are all that is needed to place the structures.

 

Importantly, the use of prefabricated and prekitted structures allows dramatic cost savings while maintaining not only highest quality construction but also more rapid deployment to be used in oil and gas security, port facility security, border security and many other government and military installations.

 

Read this Case Study about KTC's project for the Iraqi Ministry of Electricity: Designing and Delivering a Nationwide SCADA Network.

 

Learn more about KTC's approach to physical and IT security and the seven most critical considerations for physical security. You can also download KTC's Physical Security Flyer and Infographic, a graphical represention of our Define, Build, Operate process.

Explore our Solutions:

Physical Security Systems

Biometrics, cameras, specialized sensors, and control systems

Learn More

IT Security Services

Large-scale information systems for handling classified data

Learn More