May 3, 2017

SCADA and the Dead Man switch

A SCADA (supervisory control and data acquisition) system is what allows companies to monitor and control remote equipment. In the world of electrical distribution, it's what allows us to re-route power in case a substation goes down. Power that used to take hours to re-route physically can now be done in seconds.

But this convenience comes at a price. The SCADA system has to be as secure as possible. For many locations, this means that the SCADA network isn't actually connected to the rest of the internet. This is good because it keeps people from accessing the system without physical access to the machine.

But what about vendor patches and antivirus updates? It's really hard to get updates for these things without giving the updates access to the network. Do you trust your vlan to keep it isolated? What if someone hacks the vlan?

The obvious solution is to only plug the machine into the network for the period of time that the operator is going to apply patches. But there is still a danger here - what if the operator forgets to unplug the cable when finished and leaves the SCADA controller tied to the internet?

My solution (idea really), is to build a utility box that connects two ethernet cables with a 60 minute spring loaded wall timer. You might know these as the mighty Jacuzzi timer seen below.  The operator turns the dial, they get a maximum of sixty minutes of time to complete their maintenance work. If they need more time, they can wind it back up.

But if there's a fire alarm and the building is evacuated, the circuit will close itself when the time runs out. It's not a perfect solution, but it could add a valuable layer of physical security to the network.

Tags: Security