By Fran Broderick
From the electric grid to our water supply, the nation’s most critical pieces of infrastructure share one very common bond: SCADA devices. SCADA, which stands for “supervisory control and data acquisition,” refers to industrial control systems that play a crucial role in monitoring and controlling millions of the processes that keep our country running. Gaining access to SCADA systems can allow an end-user to inflict incredible damage on societies, and preventing these types of attacks was the focus of a Friday conference in the Golisano College Atrium.
Pictured: Moderator Roy Presley
The SCADA Conference brought together private and public sector security experts along with students and RIT computing security faculty. Members of the FBI, Department of Defense, and Department of Homeland Security joined other security professionals to assess and discuss the state of SCADA security.
“This is the biggest threat to our critical infrastructure that we face,” explained Roy Presley, a security professional who works for L-3 Communications, and who moderated the conference. “People are starting to understand that every industry is touched by SCADA.”
Paul Lepkowski, RIT’s lead security engineer stated that the purpose of the conference was to “bring more awareness to what is needed to secure SCADA systems.” Lepkowski is the Vice President of the Rochester branch of Infragard, a citizens partnership group that interfaces with the FBI on security issues.
SCADA systems have been around for decades however many were not built with consideration for modern developments. Therefore, the many aging SCADA systems present a significant security threat. Daryl Johnson, a professor of computing security at the Golisano College explains that SCADA attacks are appearing more frequently in the news: “pumps have been remotely shut down at water treatment plants. A disgruntled employee at an Australian plant wirelessly began dumping raw sewage into a river. Electrical grids can be shut down…if it’s connected to a network it’s potentially insecure.”
Johnson likens SCADA devices to blood pressure: “No one sees it, but if you don’t manage it, it can hurt you. SCADA is present on all of these little devices that sit on the things that do work – valves, switches, meters, pressure gauges – and no one is paying a lot of attention to the risk [this poses].”
RIT is quickly becoming a national leader in preparing professionals to deal with these kinds of risks. Golisano College recently announced the launch of a new computing security department that will educate professionals to serve in the high-demand computing security sector, and Lepkowski explains that the college is also in the process of developing SCADA-specific courses.
Presley elucidates the need for advanced SCADA security starkly: “If you’re heavily dependent on critical infrastructure and your opponent is not, you’ve got more to lose.”
By Fran Broderick