|
Principal Investigator: Andrew Wright Project Description: Development of mechanisms for securing administrative access to control systems devices in the field. Project Impact: Enhances currently limited security mechanisms for securing access to SCADA devices in the fields of various critical infrastructure (CI) sectors. Potential applications of the new mechanism in securing control systems in a number of CI sectors. Project Details: Supervisory Control and Data Acquisition (SCADA) Systems are computer control networks that are in use throughout our nation's electric, gas, oil, water, and waste water infrastructures to monitor and control remote field devices such as generators, circuit breakers, pressure valves, and flow control valves. Field devices are often located in geographically remote areas, such as at hydro-generating stations in northern Canada, gas pipelines in the Midwest, and oil platforms in the Gulf coast and Alaska. Field devices are monitored and controlled by Remote Terminal Units (RTUs), which are simple computers with a bank of digital and/or analog I/O contacts connected to the field devices. RTUs accept commands to retrieve status information or change outputs from a SCADA Master system located at a central, manned control center. In addition to their primary access ports through which the RTUs communicate with the SCADA Master, each RTU also has a management port for diagnostic and maintenance operations. Because the remote stations are in many cases unattended, remote access to the management ports of RTUs is a necessity. Remote access is typically achieved by using a terminal emulator (such as Microsoft's HyperTerminal) on a laptop computer to make a dialup connection to a modem at the remote site. The receiving modem may connect directly to the serial management port of an RTU, or it may connect through a port switch that allows access to any of several RTUs. The RTU usually requires the technician to type a password before it will accept commands. The RTU may accept one of several different passwords to permit different sets of commands. After entering the correct password, the technician can issue commands that can change set points, open or close breakers, open or close valves, or even download new firmware. Unfortunately, RTU passwords provide extremely weak security in this setting for several reasons. The aim of this research work is to propose a system which provides cryptographically strong security for management access to RTUs, while remaining simple, practical, and affordable. Project Deliverables: Research papers, Prototypes. Status: In progress |
Guest