If you’re from the IT side of the fence, I encourage you to read this. It is a steaming pile of lessons learned from expensive experience. I’m going to discuss a story from the field about a very mundane item that causes numerous headaches: Fuses. Last year, I was called to a waste-water pumping station. […]
I/O commissioning and testing
I rant a lot about I/O testing and design. This is a discussion (and more ranting) of some of the tests and practices we do following construction and later during the maintenance cycle to ensure that the controls, and alarms will work as expected. Before I begin, one might wonder if embedded controllers or RTUs […]
SCADA as a Service in the Cloud
As I have pointed out earlier, infrastructure should not become reliant upon other infrastructure. The reason is to avoid common failure modes and to make restoral more straightforward and less inter-reliant. This is why I have been looking at the SCADA-as-a-Service (SaaS) and Cloud SCADA with great skepticism. Let’s start with some obvious questions. Are […]
The SCADA system of Everything?
One of my broad based philosophical warnings to anyone new to the SCADA business is that utility SCADA is Infrastructure. Infrastructure should depend on as few other infrastructural features as possible. The more interdependent they are, the more likely it will be that something in common will break communications for all dependencies and the work […]
Not for navigation, information provided may not represent the true position
Many years ago I was fortunate to have two friends who each owned a wooden sailboat. One was a 31-foot Norwegian Knarr made from African mahogany and the other was a 28-foot sloop. To earn a place on the crew I pitched in with all the work in maintaining those boats during the winter. Since […]
SCADA Over WAN
People who build SCADA systems over local and wide area networks seem to have this notion that bandwidth and latency are not limiting factors, and security is a problem for someone else. Oh, if only that were true. The first thing everyone should do when working with a new RTU is to disable the services […]
In seeking international cyber norms for states, one should be careful about blowing smoke, sometimes it could start a fire.
Cyberspace by its very nature has an international dimension. Without it, there would be no possibility for the Internet to grow and function. In turn, threats that come from cyberspace also require an international response. Especially the threats to the devices used to monitor and control processes in critical infrastructure from state resourced APT’s. Threats […]
Still More Self Integrity Checks for SCADA: Tracking time and messages
I may be in the minority, but I actually try to make the most of the communications statistics features in a SCADA system. I have been tracking how many polls, replies, and timeouts are on each of the channels of our SCADA system. For some reason, nobody with any security experience seems to mention how […]
Monitoring RTU flags for SCADA Integrity
I wrote that there would be more about this subject in my earlier blog about self integrity monitoring at the Physical Layer of a SCADA system. In this discussion I will outline some things we’re doing to test for self integrity at the RTU level of a SCADA system. Some of you may know that […]
What Features Should an RTU Have?
People may not realize that the concept of the RTU is morphing. In decades past, we were merely looking for something that could report an event. But the goal-posts have moved. So what should an RTU really look like these days? Let’s look at some features: First, the RTU needs to have a clock. As […]