Page 3 of 4
Critical importance of control systems
Control systems are the brains that operate and monitor the energy infrastructure. Two examples are the SCADA and the DCS. Most early SCADA system designs did not anticipate the security threats posed by today’s reliance on common software and operating systems, public telecommunication networks and the Internet. Since they harbor critical data and are not very well protected electronically, control systems also are very vulnerable to cyber security attacks. While control systems are increasingly becoming more productive and efficient, they also are increasingly exposed to cyber assaults.
The advent and widespread use of the Internet and wireless technologies in power plants has resulted in power plant networks morphing from traditional to heterogeneous networks, creating a host of new cyber security issues not amenable to traditional security measures. Since control systems typically perform specific tasks with limited processing power and memory, they are not equipped to leverage the capabilities of modern
In order to help power companies improve their security posture, NERC created Security Guidelines for the Electricity Sector as a collection of practices for protecting critical facilities against a range of physical and cyber threats. Its topics include vulnerability and risk assessment, business continuity, physical and cyber security, and protection of sensitive information. The cyber security subcategories are risk management, access controls, information technology firewalls and intrusion detection.
In principle, many of the security concerns for wireless networks mirror those for the wired world; in practice, solutions that have been developed for wired networks might not be viable in wireless environments. Research is needed to make security a fundamental component of wireless networks, develop the basic science of wireless security, develop security solutions that can be integrated into the wireless device itself, investigate the security implications of existing wireless protocols, integrate security mechanisms across all protocol layers and integrate wireless security into larger systems and networks. In particular, research is needed into security situational awareness techniques for wireless networks and strategies to address distributed denial-of-service attacks.
Security should be integrated into network embedded systems where it previously did not exist.
Models of control networks can help in predicting the responses of control systems to changes and anomalies. Techniques are needed to detect, understand and respond to anomalies in large, distributed control networks.
In addition to cyber security research that addresses existing cyber security threats, there also is need for long-term research that anticipates the dramatic growth in the use of computing and networks. Some indicators of an upcoming period of dramatic growth include the increasing use of broadband networking technologies such as cable modems, the emergence of new wireless communication options, and the emergence of Web services that enable computers to communicate with one another directly using Web technologies.
Initiatives in securing control systems
Control Systems Security (CSS) is a unique program under the Office of Electricity Delivery and Energy Reliability (OE) of the DOE. Since its inception, the program has formed valuable links between the government, the energy sector and national laboratories to conduct research and development in the area of cyber security. The aim of the program is to reduce the risk of energy disruptions due to cyber attacks, and so far the program’s projects have uncovered a multitude of knowledge that has already increased the security of energy control systems.