|
Warning: The download time has expired please click on the item to try again.
 ABSTRACT
Supervisory Control and Data Acquisition, otherwise known as SCADA, is a system for gathering real time data, controlling processes, and monitoring equipment from remote locations. As more companies are implementing an open SCADA architecture through the Internet to monitor critical infrastructure components such as power plants, oil and gas pipelines, chemical refineries, flood control dams, and waste and water systems, vital systems are becoming increasingly open to attack. This paper provides an overview of SCADA, outlines several vulnerabilities of SCADA systems, presents data on known and possible threats, and provides particular remediation strategies for protecting these systems.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
BBC News, Power cut causes chaos, available: http://news.bbc.co.uk/1/hi/england/london/3189755.stm, visited November 2003.
|
| |
2
|
|
| |
3
|
Brandl, Dennis, Why IT matters, Control Engineering, September 2003, p 52.
|
| |
4
|
Gibbs, Nancy, Lights out, Time Magazine, August 25, 2003, p 30--39.
|
| |
5
|
Johnson Controls, Inc., Case studies, available: http://www.microsoft.com/resources/casestudies/CaseStudy.asp?CaseStudyID=1 3890, visited December 2003.
|
| |
6
|
McGeary, Johanna, An invitation to terrorists, Time Magazine, September 2003, p 38.
|
| |
7
|
The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, available: http://www.globalsecurity.org/security/library/policy/national/physical_srategy2 003.pdf, visited December 2003.
|
| |
8
|
Oman, Schweitzer & Frincke, Concerns about intrusions into remotely accessible substation controllers and SCADA systems, 2000, available: http://www.selinc.com/techpprs/6111.pdf, visited September 2004.
|
| |
9
|
One News, Blackout hits Sweden and Denmark, available: http://onenews.nzoom.com/onenews_detail/0,1227,223299-1-9,00.html, visited November 2003.
|
| |
10
|
PDD-63, available: http://www.fas.org/irp/offdocs/paper598.htm, visited October 2003.
|
| |
11
|
Pethia, Richard, Congressional testimony, available: http://www.cert.org/congressional_testimony/Pethia_testimony_06-25-03.htmlvi sited November 2003.
|
| |
12
|
Povoledo, Elisabetta, Most of Italy is blacked out for several hours, New York Times, September 29, 2003, Section A6.
|
| |
13
|
Riptech, Understanding SCADA system security vulnerabilities, available: http://www.verio.co.uk/powerplatform/library/scada_vulnerabilities.pdf, visited November 2003. New site: http://www.iwar.org.uk/cip/resources/utilities/SCADA Whitepaperfinal1.pdf, visited December 2004.
|
| |
14
|
Sandia National Laboratories, available: http://www.sandia.gov/ECI/ci/scada.htm, visited November 2003.
|
| |
15
|
|
| |
16
|
The USA Patriot Act, Securing our critical infrastructures, Title X, Sec. 1016 (e), available: http://www.epic.org/privacy/terrorism/hr3162.html, visited November 2003.
|
| |
17
|
Wallace, Donald, How to put SCADA on the Internet, Control Engineering, September 2003, 16--21. Permission granted to use image by editor, November 2004.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
H.2