Article Preview
Top1. Introduction
SCADA (Supervisory Control and Data Acquisition) systems have evolved since the 1960s from stand alone systems to networked architectures that communicate across large distances. Their implementation has migrated from custom hardware and software to standard hardware and software platforms (Krutz, 2006). SCADA systems form part of Australia’s critical infrastructure. They are used to remotely monitor and control the delivery of essential services and products, such as electricity, gas, water, waste treatment and transport systems (TISN, 2008).
The need for security measures within these systems was not anticipated in the early development stages as they were designed to be closed systems not open systems such as the Internet. The increasingly networked and linked infrastructure of modern SCADA systems has changed those early security plans. Utilities in the industrial control sector have integrated these SCADA networks with their business networks which unfortunately has exposed them to a series of vulnerabilities and risks Internet Security Systems (INL, 2005).
These risks and vulnerabilities have arisen because of system development on open based communications standards like Ethernet Communications and web enabled screens. SCADA software companies have embraced the Transmission Control Protocol and Internet Protocol (TCP/IP) to improve integration across multiple systems. However, these developments have exposed the industrial sector to common Internet vulnerabilities within communication protocols, which increase the risk of attack (Pollet, 2002).
More importantly, minimal recognition has been given surrounding the conflicting cultural attitudes between SCADA and IT departments amongst many utilities around the globe. Wiese (2002) claims that there are common reactions from SCADA engineers when the topic of SCADA and IT integration is raised. He argues that it is hard enough installing SCADA without opening up all sorts of project interfaces. Some examples may include but are not limited to:
- •
Lack of understanding regarding the requirements of availability and reliability;
- •
Lack of understanding of each other’s roles and responsibilities;
- •
Lack of commitment between both departments; and
- •
Support arrangements.
These issues as well as others are discussed throughout this paper formulating the main research topic for discussion. The paper examines the findings of a SCADA and IT survey that was undertaken to identify where SCADA and IT fit into an organizational structure. It proposes that developing better relationships between SCADA and IT will improve better utilisation of resources, cross-skill multi-disciplined teams as well as improving SCADA security practices. The paper identifies the need for improvement and change in organizational dynamics in order to foster SCADA and IT relationships.
Top2. Scada And It Survey Methodology
A SCADA and IT survey was undertaken with the intention to measure where SCADA and IT fit into utilities organizational structure. The survey’s purpose was to identify the following:
- •
Current relationship trends between SCADA and IT departments?
- •
Should SCADA and IT be under the one operations department?
- •
What are the security implications of integrating both SCADA and enterprise networks? (A discussion of the security implications is beyond the scope of this paper: see sourcesNIST, 2008;NISCC, 2005).