Software Secures SCADA Systems

Monday, September 24, 2012 @ 12:09 PM gHale

New cyber security software that passively monitors networks to help operators detect intruders and other anomalies specifically for utilities and other industrial systems is under development by Idaho National Laboratory (INL).

The need for the software, named Sophia, emerged about seven years ago, said Gordon Rueff, who led Sophia’s development with INL colleagues Jared Verba, Kenneth Rohde and Corey Thuen. Sophia should be ready to go as early as next month.

SCADA Security Basics: Insecure PLCs
Report: Pipeline Security Vulnerable
Cyber Research Lab Opens
Malware Intelligence System

“Until recently there wasn’t much of a market for security tools or even situational awareness tools inside a control system because your control system was here, your Internet was over here, and they didn’t talk. That’s no longer the case. Now users have to think about cyber security.”

Industrial systems such as power plants originally focused on physical security because they didn’t have to worry about the Internet, but that has changed as operators have added computer networks to allow for system visibility all the way through the enterprise.

Work on Sophia, named after the Greek goddess for wisdom, began three years ago. It is a tool to automate real-time monitoring on static Supervisory Control and Data Acquisition (SCADA) system networks – those with fairly fixed communications patterns. Anything out of the ordinary triggers an alert.

If the program detects suspicious activity, it alerts an operator or network administrator, who can then decide if the activity is threatening.

“Sophia doesn’t try to make that distinction, it just says, ‘Hey, there’s a new device,’ or ‘You’ve got a new communication pathway; you need to figure out what it is,’ ” Rueff said. “It could be something as simple as someone installed a new unit that is supposed to be there.”

The program is available over an Internet browser via an XML application programming interface. For proof-of-concept security tests, developers limited Sophia to local host connections. INL completed two rounds of testing, the second involving dozens of companies, and the plan for now is to have Sophia ready commercial availability in October, INL said.

“It really is the flagship,” said David Kuipers, a program manager with the National SCADA Test Bed Program at INL. “It’s the first technology of this group that will be transitioned to industry.”

Using Sophia drops the time spent monitoring these systems to four hours, down from a week’s worth of man-hours, said Misty Benjamin, an INL spokeswoman.

About 30 companies participated in testing the software, including Idaho Falls Power and Austin Energy.

Concerns about the security of industrial systems such as water and power plants has been heightened in recent years by the discovery of the Stuxnet worm, part of a U.S.-led cyber warfare campaign that disrupted uranium processing in an Iran nuclear facility. Security researchers called it the first weaponized malware because of its sophistication and precise target, and its discovery led to speculation about whether a similar tool could target systems in the United States.

Leave a Reply

You must be logged in to post a comment.