I agree with most of what you are saying, but I still don't see a need to completely isolate (physically) SCADA from other networks - it can be done in a pretty secure manner. For an example, in my country the National Grid System Operator provides access to its SCADA Network to distributors essentially by a giant VPN. If we didn't have this access we would be back to the days of ringing up the System Operator to do network switching by telephone.
The problem of IT running SCADA systems is a big one, I think that a lack of people skilled in all parts of a SCADA system (radio, electrical engineering, IT, networking etc) is part of the issue , which can create an opportunity for IT to take over.
1) Managers will want to see the data produced from a SCADA system. From the intranet. From home. From anywhere. Small utilities don't have 24/7 control centres, so they will have people operating the system from their homes after hours. You need to get real here. You will connect it to the internet, using secure methods. SCADA networks aren't often air gapped except for the radio links.
3) Yep, usually, but sometimes see 4)
4) You have to be a pretty decent sized organisation or a wealthy one to do this. Small utilities aint got time for that.
In the real world sometimes you have to make compromises on functionality, security, effort and cost. Sometimes a risk of less security is justified. Just make sure you know what to do when shit happens.
Slashdot Mirror
I agree with most of what you are saying, but I still don't see a need to completely isolate (physically) SCADA from other networks - it can be done in a pretty secure manner. For an example, in my country the National Grid System Operator provides access to its SCADA Network to distributors essentially by a giant VPN. If we didn't have this access we would be back to the days of ringing up the System Operator to do network switching by telephone.
The problem of IT running SCADA systems is a big one, I think that a lack of people skilled in all parts of a SCADA system (radio, electrical engineering, IT, networking etc) is part of the issue , which can create an opportunity for IT to take over.
Yea... few things wrong with this.
1) Managers will want to see the data produced from a SCADA system. From the intranet. From home. From anywhere. Small utilities don't have 24/7 control centres, so they will have people operating the system from their homes after hours. You need to get real here. You will connect it to the internet, using secure methods. SCADA networks aren't often air gapped except for the radio links.
3) Yep, usually, but sometimes see 4)
4) You have to be a pretty decent sized organisation or a wealthy one to do this. Small utilities aint got time for that.
In the real world sometimes you have to make compromises on functionality, security, effort and cost. Sometimes a risk of less security is justified. Just make sure you know what to do when shit happens.