Oh man, modern SCADA protocols suck, mostly because none of them are modern. There are hundreds of small proprietary protocols, and a few larger "standards", such as modbus and DNP3. None of them are very good. Frequently they are designed to be run over serial lines (rs-232,423,485). The IP layer for these is mostly just "ecapsulate the whole thing in an IP packet (or TCP/UDP), and have some bad glue code for the networking". Sometimes there is no real IP connectivity, but instead it is effectively telnet to a serial port concentrator. Further, being designed for serial, many of these protocols (the state machine for the prot itself, not the implementation) can't handle multiple packet streams at once, opening easy DoS attacks (way less traffic than "flood the network"). Finally there is no concept of authorization or authentication, so anyone who can get a command to the right box can send a "turn off everything" or "change parameters to damaging[1]".
To further complicate matters, these networks are usually cordoned off with firewalls, but there are all sorts of wierd exceptions, for vendors, engineers, consultants, etc. These may be through the front door, or via a cellular modem randomly attached to a device somewhere in the facility. The final complication is that SCADA networks and systems have lifetimes measured in decades, that $1B plant better work with no significant downtime if it is ever to be profitable. Of course with such big stakes, no one ever wants to change anything once it is working well enough, which does not help (sometimes with good reason, it will take a year of disassembling to get to that controller!).
A big human factor I have not discussed yet also exists: The control systems engineers tend to scoff at computer security folks. They think security is easy... put up a firewall, sprinkle in some encryption and always have strong passwords! They flat out deny that there may be real world implications to some bug that is found, or they say "the firewall will handle that", or "its unlikely to happen".
In all there is a lot of interesting work to be done here, as these systems are increasingly hooked to public networks for efficiency and business reasons, there will be more call for good security. And there are TONS of these systems, your building's hvac... if it is medium or large it is on a SCADA loop, power grid, traffic lights, factories, SCADA is a quiet giant, it is everywhere and no one seems to know it.
[1] It is very much possible to tweak settings in control systems to ruin products, to run just outside of "safe operating range" and ruin a part in 1 year instead of 10, and other subtle forms of sabotage...
None of them are very good. Frequently they are designed to be run over serial lines (rs-232,423,485)
But back then, that's all they had. It's testament to the talent of those old engineers that their systems are still in use today. How much of my code will still be running in 40 years, not much I'll wager.
I think I wasn't clear enough. You are absolutely correct in your assessment of those guys, 30+yrs of live system is a big deal. Its the guys these days who, despite the tech having moved forward, and problems having been found, and solutions to those problems being well tested, still insist that modbus is the way to go in new systems, "just run it over ip, it'll be fine, we can artificially limit concurrency out" (their method is DoSable in at least 4 ways).
Sometimes "its been done this way for 30 years" doesn't mean "nothing better has been found", it means "there is a lot of inertia and stubborn-ness".
Oil rigs should hire their own hackers to test their network security to ensure it is safe. With the rate tecnology improves today once a new program or engineering concept is applied it's very close to becoming obsolete. This is companies must constanly try to penitrate their security and improvise hoow to prevent a hacker from doing the same.
4 comments
[ 3.2 ms ] story [ 21.3 ms ] threadTo further complicate matters, these networks are usually cordoned off with firewalls, but there are all sorts of wierd exceptions, for vendors, engineers, consultants, etc. These may be through the front door, or via a cellular modem randomly attached to a device somewhere in the facility. The final complication is that SCADA networks and systems have lifetimes measured in decades, that $1B plant better work with no significant downtime if it is ever to be profitable. Of course with such big stakes, no one ever wants to change anything once it is working well enough, which does not help (sometimes with good reason, it will take a year of disassembling to get to that controller!).
A big human factor I have not discussed yet also exists: The control systems engineers tend to scoff at computer security folks. They think security is easy... put up a firewall, sprinkle in some encryption and always have strong passwords! They flat out deny that there may be real world implications to some bug that is found, or they say "the firewall will handle that", or "its unlikely to happen".
In all there is a lot of interesting work to be done here, as these systems are increasingly hooked to public networks for efficiency and business reasons, there will be more call for good security. And there are TONS of these systems, your building's hvac... if it is medium or large it is on a SCADA loop, power grid, traffic lights, factories, SCADA is a quiet giant, it is everywhere and no one seems to know it.
[1] It is very much possible to tweak settings in control systems to ruin products, to run just outside of "safe operating range" and ruin a part in 1 year instead of 10, and other subtle forms of sabotage...
But back then, that's all they had. It's testament to the talent of those old engineers that their systems are still in use today. How much of my code will still be running in 40 years, not much I'll wager.
Sometimes "its been done this way for 30 years" doesn't mean "nothing better has been found", it means "there is a lot of inertia and stubborn-ness".