SCADA Security Methods and
Techniques in M.P. East Discom
Dr. ASHOK KUMAR TIWARI, EE (RAPDRP-SCADA), MPPKVVCL, Jabalpur
Dr. VIVEK CHANDRA, Head IT, MPPKVVCL, Jabalpur
-------------------------------------------------------------------------------------------------- ----------------------------------------
Abstract :
Supervisory control and data acquisition
(SCADA) systems are vital components of
most nations’ critical infrastructures. They
control pipelines, water and transportation
systems, utilities, refineries, chemical plants,
and a wide variety of manufacturing
operations. SCADA provides management
with real-time data on production
operations, implements more efficient
control paradigms, improves plant and
personnel safety, and reduces costs of
operation. These benefits are made possible
by the use of standard hardware and
software in SCADA systems combined with
improved communication protocols and
increased connectivity to outside networks,
including the Internet. However, these
benefits are acquired at the price of
increased vulnerability.
Power Distribution Utilities, information
security professionals, control engineers,
managers, and a cadre of government and
private officials are recognizing the
importance of protecting SCADA systems.
This recognition is not as widespread as it
should be at this time, but it is growing.
From believing that SCADA systems were
invulnerable or, at least, not of interest to
anyone with malicious intent, the SCADA
community is developing security standards,
conducting training, and focusing on best
practices and safeguards for securing
SCADA systems. The same risk
management and vulnerability analysis
techniques that have been standard practice
1
for IT systems are now being applied to
SCADA systems and their associated
networks and control components. The
utility is categorizing the threats to SCADA
operations and developing guidelines and
methodologies for improving their security
posture. In this paper various issues on
SCADA systems are discussed along with
the strategy being followed by MP.East
Discom.
Introduction:
For reasons of efficiency, maintenance, and
economics, data acquisition and control
platforms have migrated from isolated in-
plant networks using proprietary hardware
and software to PC-based systems using
standard software, network protocols, and
the Internet. The downside of this transition
has been to expose SCADA systems to the
same vulnerabilities and threats that plague
Windows-based PCs and their associated
networks. Some typical attacks that might be
mounted against SCADA systems that
employ standard hardware and software are
listed here:
■■ Malicious code such as viruses, Trojan
horses, and worms
■■ Unauthorized disclosure of critical data
■■ Unauthorized modification and
manipulation of critical data
■■ Denial of service
■■ Unauthorized access to audit logs and
modification of audit logs
Most SCADA systems, particularly the local
PLCs or controllers, have to operate in real-
time or near real-time environments. Thus,
they cannot afford delays that might be
caused by information security software and
that interfere with critical control decisions
affecting personnel safety, product quality,
and operating costs. Also, plant SCADA
system components do not usually have
excess memory capacity that can
accommodate relatively large programs
associated with security monitoring
activities. In summary, conventional
information technology (IT) systems are
concerned with providing for internal and
external connectivity, productivity,
extensive security mechanisms for
authentication and authorization, and the
three major information security principles
of confidentiality, availability, and integrity.
Conversely, SCADA systems emphasize
reliability, real-time response, tolerance of
emergency situations where passwords
might be incorrectly entered, personnel
safety, product quality, and plant safety.
SCADA and IT Convergence in
Discoms
There is an emerging trend in many
organizations comprising SCADA and
conventional IT units toward consolidating
some overlapping activities. For example,
control engineering might be absorbed or
closely integrated with the corporate IT
department. This trend is motivated by cost
savings achieved by consolidating disparate
platforms, networks, software, and
maintenance tools.In addition, integrating
SCADA data collection and monitoring with
corporate financial and customer data
provides management with an increased
ability to run the organization more
efficiently and effectively.
2
Conventional IT Security and
Relevant SCADA Issues
Over the years, information system security
professionals developed a number of
generally accepted best practices to protect
networks and computing infrastructures
from malicious attacks. However, these
practices cannot be applied directly to
SCADA systems without accounting for the
different requirements of IT and SCADA
systems. The following list provides
examples of IT best practices and the state
of their application to SCADA systems:
Audit and monitoring logs: After-the-fact
analysis of audit trails is a useful means to
detect past events. Monitoring, on the other
hand, implies real-time capture of data as a
system is operating. Both techniques are
successfully employed in IT systems. Their
application to SCADA systems will yield
benefits similar to those derived from their
use in IT systems. Because of the varying
ages and sophistication of some SCADA
system components, many do not have
logging capabilities. The cost of installing,
operating, and maintaining extensive
auditing and monitoring capabilities in a
SCADA application must be weighed
against the potential benefits.
Biometrics: Biometrics are attractive
because they base authentication on a
physical characteristic of the individual
attempting to access relevant components of
a SCADA system. Currently, biometrics are
promising, but are not completely reliable.
Depending on the characteristic being
examined, there might be a high number of
false rejections or false acceptances,
throughput problems, human factor issues,
and possible compromises of the system.
However, the technology is progressing and
biometrics should become a viable option
for controlling SCADA system access.
Firewalls: Firewalls can be used to screen
message traffic between a corporate IT
network and a SCADA network. Thus, in
many instances, a firewall can protect
SCADA systems from penetrations that
have occurred on the corporate side. Some
issues that have to be considered when
applying firewalls to SCADA systems are
the delays introduced into data
transmissions, the skill and overhead
required set up and manage firewalls, and
the lack of firewalls designed to interface
with some popular SCADA protocols.
Intrusion detection systems: Intrusion
detection systems (IDSs) are either host-
based or network-based. A host-based IDS
can detect attacks against the host system,
but does not monitor the network.
Alternatively, a network-based IDS views
the network by monitoring network traffic
and assesses the traffic for malicious intent.
IDSs are useful in protecting SCADA
systems, but cannot be universally applied
because, at this time, IDSs are not available
for some SCADA protocols. As with other
safeguards, IDSs might slow down certain
SCADA operations and their cost and
operation have to be weighed against the
potential benefits derived
from their use.
Malicious code detection and elimination:
The computational overhead associated with
detecting and eliminating malicious code
that might infect a SCADA system can
seriously affect the real-time performance of
SCADA system components. Activities such
as running antivirus software, updating virus
signature databases, and quarantining or
deleting malicious code require time and
computing cycles that might not be available
on SCADA system components. Updating
virus databases from the Internet also
exposes the SCADA systems to additional
viruses and attacks from the Internet. Again,
the cost of antivirus implementations must
3
be weighed against the perceived SCADA
risks and benefits of such software.
Passwords: In a SCADA environment, a
control operator might need to enter a
password to gain access to a device in an
emergency. If the operator types in the
password incorrectly a few times, a
conventional IT security paradigm, which
presumes an intruder trying to guess the
password, is to lock out the operator.
Locking out the operator is not a good thing
in real-time control environments. For
operators on local control devices,
passwords might be eliminated or made
extremely simple. At the supervisory level,
better and longer passwords might be used,
two-factor authentication employed, and
challenge-response tokens used. In
situations where the passwords might be
subject to interception when transmitted
over networks, encryption should be
considered to protect the password from
compromise.
Public-key cryptography: With public-key
or asymmetric-key cryptography, there is no
need to exchange secret keys between
sender and receiver. A public key is
available to anyone wishing to communicate
with the holder of the corresponding and
mathematically related private key. The
private key is protected and known only to
the receiving party. The main feature of
public-key cryptography is that it is virtually
impossible to derive the private key from the
known public key. Public-key cryptography
also provides the ability for a sender to
digitally sign a document and transmit it for
anyone to read who can access the sender’s
public key. This signing guarantees that the
document was sent by the owner of the
private key of the public-key–private-key
pair. As one can deduce, key management,
including certification that the public key
actually belongs to the named person, is an
important issue that has to be handled by the
organization. Relative to SCADA
operations, public-key cryptosystems require
relatively long processing times that are
incompatible with the real-time
requirements of control systems.
Symmetric-key cryptosystems, discussed in
the next section, are more suitable for use in
the SCADA environment.
Symmetric-key cryptography: With
symmetric-key cryptography, also known as
secret-key cryptography, the sender and
receiver have to share a common, secret key.
This key is used to encrypt the message at
the transmitting end and decrypt the
message at the receiving end. Thus, the
secret keys have to be distributed securely
from all transmitters to all receivers. This
distribution is a concern. One popular
solution is to use public-key cryptography to
distribute the secret key and then use
symmetric-key cryptography to send the
message. Because the key length is
relatively short compared to the messages,
time is not an issue with public-key
cryptography. Symmetric-key cryptography
is orders of magnitude faster in operation
than public-key cryptography. Symmetric-
key cryptography has not yet been widely
applied to SCADA systems. It is applicable
to data transmitted over a long-distance
SCADA network and is not as important in
local plant control loops. Symmetric key
encryption will be applied to the critical
portions of a SCADA network.
Role-based access control: This type of
access control is gaining popularity in
government and industry sectors because of
its ability to accommodate changes in
personnel and organizations. In this type of
security control, access is based on the role
of a person in an organization rather than the
identity of the individual. It has not yet been
widely applied to SCADA systems but holds
promise for use at the supervisory level of
SCADA operations.
4
Redundancy as a Component of
SCADA Security
In addition to technical and administrative
security controls, various physical security
measures can be applied to protect SCADA
systems. Backup, duplicate, geographically
separated control centers can provide
redundancy and, therefore, protection
against human attacks and natural disasters.
On a smaller scale, a hot backup standby
SCADA system at the supervisory control
center provides a means to continue
operating if the primary system is disabled.
As an additional security layer, the SCADA
control center could be located in a remote
area in an unmarked, inconspicuous
building.
Security and Vulnerability of
SCADA Systems
SCADA systems have evolved in recent
years and are now based on open standards
and
COTS products. Most SCADA software and
hardware vendors have embraced
Transmission Control Protocol/Internet
Protocol (TCP/IP) and Ethernet
communications, and many have
encapsulated their proprietary protocols in
TCP/IP packets. While all of this evolution
towards more open-based standards has
made it easier for the industry to integrate
various diverse systems together, it has also
increased the risks of less technical
personnel gaining access and control of
these industrial networks.
There are many tools and techniques that
could be used to address these threats, and
flexibility of security configurations is a key
design consideration. There is no one magic
solution for industry. Each entity must
determine what their goals are and arrive at
a cost effective solution to these issues.
Attacks Against SCADA Systems
In today’s corporate environment, internal
networks are used for all corporate
communications, including SCADA.
SCADA systems are therefore vulnerable to
many of the same threats as any TCP/IP-
based system. SCADA Administrators and
Industrial Systems Analysts are often
deceived into thinking that since their
industrial networks are on separate systems
from the corporate network, they are safe
form outside attacks. PLCs and RTUs are
usually polled by other 3rd party vendor-
specific networks and protocols like RS-232,
RS-485, MODBUS4, and DNP, and are
usually done over phone lines, leased private
frame relay circuits, satellite systems,
licensed and spread spectrum radios, and
other token-ring bus topology systems. This
often gives the SCADA System
Administrators a false sense of security
since they assume that these end devices are
protected by these non-corporate network
connections.
Security in a power utility network can be
compromised in many places along the
system and is most easily compromised at
the SCADA host or control room level.
SCADA computers logging data out to some
back-office database repositories must be on
the same physical network as the back-end
database systems, or have a path to access
these database systems. This means that
there is a path back to the SCADA systems
and eventually the end devices through their
TABLE 1
5
corporate network. Once the corporate
network is compromised, then any IP-based
device or computer system can be accessed.
These connections are open 24x7 to allow
full-time logging, which provides an
opportunity to attack the SCADA host
system with any of the following attacks:
• Use a Denial of Service (DoS) attack to
crash the SCADA server leading to shut
down condition (System Downtime and
Loss of Operations)
• Delete system files on the SCADA server
(System Downtime and Loss of Operations)
• Plant a Trojan and take complete control of
system (Gain complete control of system
and be able to issue any commands available
to Operators)
• Log keystrokes from Operators and obtain
usernames and passwords (Preparation for
future take down)
• Log any company-sensitive operational
data for personal or competition usage (Loss
of Corporate Competitive Advantage)
• Change data points or deceive Operators
into thinking control process is out of
control and must be shut down (Downtime
and Loss of Corporate Data)
• Modify any logged data in remote database
system (Loss of Corporate Data)
• Use SCADA Server as a launching point to
defame and compromise other system
components within corporate network. (IP
Spoofing)
The impact of these and other SCADA
Security Risks is summarized in Table 1
6
Developing a SCADA Security Strategy
For a company to protect its infrastructure, it
should undertake the development of a
security strategy that includes specific steps
to protect any SCADA system. Such a
strategy may include the following
approach. Developing an appropriate
SCADA security strategy involves analysis
of multiple layers of both the corporate
network and SCADA architectures including
firewalls, proxy servers, operating systems,
FIGURE 1
7
application system layers, communications,
and policy and procedures. Strategies for
SCADA Security should complement the
security measures implemented to keep the
corporate network secure Figure 1 below
illustrates the typical corporate network
“ring of defenses” and its relationship with
the SCADA network. Successful attacks can
originate from either Internet paths through
the corporate network to the SCADA
network, or from internal
attacks from within the corporate office.
Alternatively, attacks can originate from
within the SCADA network from either
upstream (applications) or downstream
(RTUs) paths. What is an appropriate
configuration for one installation may not be
cost effective for another. Flexibility and the
employment of an integrated and
coordinated set of layers are critical in the
design of a security approach.
Most corporate networks employ a number
of security countermeasures to protect their
networks. Some of these and a brief
description of their functions are as follows:
• Border Router and Firewalls: Firewalls,
properly configured and coordinated, can
protect passwords, IP addresses, files and
more. However, without a hardened
operating system, hackers can directly
penetrate private internal networks or create
a Denial of Service condition.
• Proxy Servers: A Proxy server is an
internet server that acts as a firewall,
mediating traffic between a protected
network and the internet. They are critical to
re-create TCP/IP packets before passing
them on to, or from, application layer
resources such as Hyper Text Transfer
Protocol (HTTP) and Simple Mail Transfer
Protocol (SMTP).However, the employment
of proxy servers will not eliminate the threat
of application layer attacks.
• Operating Systems: Operating systems
can be compromised, even with proper
patching, to allow network entry as soon as
the network is activated. This is due to the
fact that operating systems are the core of
every computer system and their design and
operating characteristics are well known
worldwide. As a result, operating systems
are a prime target for hackers. Further, in-
place operating system upgrades are less
efficient and secure than design-level
migration to new and improved operating
systems.
8
• Applications: Application layer attacks;
i.e., buffer overruns, worms, Trojan Horse
programs and malicious Active-X5 code, can
incapacitate anti-virus software and bypass
the firewall as if it wasn’t even there.
• Policies and Procedures: Policies and
procedures constitute the foundation of security
policy infrastructures. They include requiring
users to select secure passwords that are not
based on a dictionary word and contain at least
one symbol, capital letter, and number, and
should be over eight characters long. Users
should not be allowed to use their spouse, child,
or pet’s name as their password. The above list
is common to all entities that have corporate
networks. SCADA systems for the most part
coexist on the same corporate network . The
following list suggests ways to help protect
the SCADA network in conjunction with the
corporate network:
• SCADA Firewalls: SCADA Systems and
Industrial Automation Networks, like
corporate network operating systems, can be
compromised using similar hacking
methods. Oftentimes, SCADA systems go
down due to other internal software tools or
employees who gain access into the SCADA
systems, often without any intention to take
down these systems. For these reasons, it is
suggested that strong firewall protection to
wall off your SCADA networking systems
from both the internal corporate network and
the Internet be implemented. This would
provide at least two layers of firewalls
between the SCADA networking systems
and the Internet.
• SCADA Internal Network Design:
SCADA networks should be segmented off
into their own IP segment using smart
switches and proper sub-masking techniques
to protect the Industrial Automation
environment from the other network traffic,
such as file and print commands. Facilities
using Wireless Ethernet and Wired
Equivalent Protocol (WEP) should change
the default name of the Service Set
Identifier6 (SSID). This will at least require
someone driving by with a wireless card to
know the name of the SSID, and have the
appropriate encryption key for the wireless
network.
• SCADA Server Operating Systems:
Simply installing a firewall or segmenting
SCADA IP addresses will not ensure their
SCADA Infrastructure is secure. An
experienced hacker can often bypass
firewalls with ease and can even use
Address Resolution Protocol (ARP) trap
utilities to steal Media Access Control
(MAC) addresses. The hacker can also
deploy IP spoofing techniques to maneuver
through switched networks. Operating
systems running the SCADA applications
must also be maintained. SCADA
applications on Windows NT, 2000, or XP
are properly patched against the latest
vulnerabilities, and that all of the default
NULL NT accounts and administrator
accounts have been removed or renamed.
SCADA applications running in UNIX,
LINUX, Novell, or any other Operating
System (OS), must also be maintained as
above. All operating systems have back
doors and default access accounts that
should be removed and cleaned off of these
SCADA Servers.
• SCADA Applications: We must also
address security within the SCADA
application itself. Trojan horses and worms
can be inserted to attack application
systems, and they can be used to manipulate
data or issue commands on the server. There
have even been cases of Trojan horses being
deployed that completely emulate the
application. The operator or user thinks that
he is clicking on a command to stop a pump
or generate a graph of the plant, but he is
actually clicking on buttons disguised to
look like the SCADA screen, and these
buttons start batch files that delete the entire
hard drive, or send out pre-derived packets
9
on the SCADA system that turn all outputs
to ON or “1” state. Trojan horses and
viruses can also be planted through an email
opened by another computer in the plan, and
then it is silently copied over to adjacent
SCADA servers, where they wait until a
specified time to run. Many times plant
control rooms will have corporate computers
with the Internet and email active on them
within the same physical room, and network
switches as SCADA computers.
Methodologies to mitigate against these
types of situations are: the use of anti-virus
software running on the computer where the
SCADA application resides; systems
administrators disabling installation of any
unauthorized software unless the user has
administrator access; and Policies and
Procedures applicable to SCADA systems,
which are addressed below.
•SCADA Policies and Procedures:SCADA
policies and procedures associated with
remote vendor and supervisory access,
password management, etc. can significantly
impact the vulnerabilities of the SCADA
facilities within the SCADA network.
Properly developed Policies and Procedures
that are enforced will greatly improve the
security posture of the SCADA system.
Initiative in M.P. East Discom: the
Ministry of Power, Government of India has
approved Re-structured Accelerated Power
Development & Reforms Program (R-
APDRP) during 11th plan as a Central
Sector Scheme to expedite the distribution
reforms across the country to achieve
sustainable improvement in the distribution
sector. The Power Finance Corporation has
been made Nodal Agency to operationalise
the programme under the guidance of
Ministry of Power. The scheme is proposed
to cover urban areas; town and cities with
population of more than 30,000 (as per 2001
census) and accordingly 27 such cities are
eligible in the area under jurisdiction of the
East Discom. As per guidelines of Ministry
of Power, Government of India , SCADA /
DMS system shall be implemented only in
project areas having a population over 4 lacs
and annual input energy of 350 MU. As per
the provisions of the scheme Jabalpur town
is qualified for Implementation of SCADA
and DMS system which is a component of
Part-A of the scheme.
Web servers with Firewalls
and IPS: Redundant Web servers shall be
provided to allow the access of
SCADA/DMS system data, displays by
outside users. One router shall be provided
which shall be connected to the external
LAN/WAN communicating SCADA/DMS
system. The external LAN/WAN users shall
be able to access SCADA/DMS data
through the Web server system through this
router. Web servers shall also be provided
with host based Intrusion prevention &
detection system (IPS ). The host-based IPS
will be installed in both the Web-servers.
The Network based IPS shall be supplied for
both the SCADA/DMS dual LAN and DMZ
dual LAN. All necessary hardware &
software for Web Servers with firewalls and
IPS shall be supplied by the contractor.
Firewall: Two firewalls shall be
provided, one between Web servers &
SCADA/DMS dual LAN and another
between Web servers & W eb server dual
LAN. Specification of the firewall is given
in the chapter for software requirements.
Contractor shall provide equivalent tools
such as Apache etc for Web servers if UNIX
or LINUX O/s is used to meet the security
requirement as envisaged in the
specification.
CONCLUSION:
In summary, these multiple “rings of
defense” must be configured in a
complementary and organized manner, and
the planning process should involve a cross-
10
team with senior staff support from
operations, facility engineering, and
Information Technology (IT). The SCADA
Security team should first analyze the
current risks and threat at each of the rings
of defense, and then initiate a work plan and
project to reduce the security risk,while
remembering to avoid any major impacts to
operations.
SCADA systems can be effectively
protected against attacks and intrusions if
conventional information-system security
methods are modified and applied taking
into account the demanding SCADA system
performance and reliability requirements.
Developing and applying SCADA-system
security policies, eliminating unnecessary
network connections and services,
performing vulnerability analyses, relying
on technical audits, managing risk, and
providing security awareness training are
basic proven approaches that will work in
fortifying SCADA systems. IDSs are also
important tools that can be applied
successfully to detect and thwart intrusions
into SCADA systems, but existing IDSs
have to be altered to incorporate SCADA
protocols and signature components.
References:
1. North American Electric Reliability Council.
Security Guidelines for the Electricity Sector,
version 1.0. June 14, 2002.
2. The British Standards Institution. Information
Security Management-Specification for
Information Security Management Systems
(British Standard BS 7799).
3. The Electronic Attack Threat to Supervisory
Control and Data Acquisition (SCADA) Control
& Automation Systems. London, UK: National
Infrastructure Security Co-ordination Center
(NISCC), July 12, 2003.
4. ESCI Hyderabad- SCADA and DMS ,
November 2010
5. NDPL – SCADA as is study report for
Jabalpur City, 2010
RESUME:
About the authors:

Dr. ASHOK KUMAR TIWARI-

Dr. Tiwari is B.E.(Electrical Engg.), MBA and Ph.D. in Energy Management. He did EDP from
IIT-Delhi and IIM-Calcutta. He has around 22 years of experience in power transmission and
distribution and is presently working at M.P. Poorv Kshetra Vidyut Vitaran Co. Ltd., Jabalpur as
Executive Engineer. He has also acquired training in SCADA and DMS systems at ESCI
Hyderabad. He is presently looking after Distribution SCADA Project being implemented in
Jabalpur City. He has authored two books, one book chapter and more than 32 research papers in
reputed Journals and Seminars. His contact is ashokktiwari@gmail.com

Dr. VIVEK CHANDRA-

Dr. Chandra is B.E. (Electrical), M.Tech. (IT) and Ph.D. in Computer Science. He has around
22 years of experience in power distribution and automation. He is currently posted at M.P.
Poorv Kshetra Vidyut Vitaran Co. Ltd., Jabalpur as Head (IT) and involved in the planning and
development of IT systems for Power Distribution automation and reforms. He has also acquired
training in GIS at ESCI Hyderabad. He is presently looking after implementation of the
prestigious R-APDRP and ERP Projects in the Discom. He has authored a book on Information
Security and has over 30 research papers published in reputed National/International Journals
and Seminars. His contact is vivekchandra123@gmail.com

11