Evaluating Or Testing Utility SCADA Security?

EncryptedBit writes "I am a local elected official involved in bringing new water and waste water treatment plants online in a small town. The new plants will incorporate SCADA, which can be used to change operational aspects at the plants, up to forcing a shutdown or changing operational parameters. Can any Slashdotters recommend ways to make sure it is secure? Any testing recommendations? The operational engineers are oblivious to security and SCADA is a new factor, so this concerns me. Any pointers would be appreciated."

Re:Don't put it on the Internet!

[crossmr]

The short answer is, every SCADA system in the Americas is Internet connected, and no one has the balls to tell them to stop

That's incorrect.
I used to build SCADA systems and we often included a separate "work terminal" that was connected to the corporate network for workers to access anything outside they needed. It was not connected to SCADA and the SCADA system was not connected to the main corporate network or the internet.

Re:Don't put it on the Internet!

[denobug]

Wonderware InTouch happens to be one of the most popular flavor of local supervisory system platform. There are very few supervisory system NOT implemented with Windows platform. Even DCS nowadays runs on them as well.