 |
 |
|
||
|
![[Reuse options]](http://license.icopyright.net/images/icopy-w.gif){kind=small}
Electromagnetic Threats to Your SCADA System: Not All Are Innocent Your SCADA system has worked reliably for years, and performed well in its process monitoring and control role. You have periodically upgraded RTU PLCs, sensors and software. The self-checking software and built in redundancy has prevented a few component failures from causing major problems. But the world you operate in is changing rapidly. How safe are you from events and technologies in this changing world severely blindsiding you and crippling your SCADA process operation? You are well aware of the threats of cyber attacks on your network, how they can potentially cause serious damage and loss of sensitive information. You have installed encryption, firewalls, and antivirus software, with sophisticated access controls. However, a newly recognized threat can cut through all this protection and redundancy, and cause serious disruption, run-away process operation, and even equipment damage. This threat is intentional electromagnetic interference (IEMI). A near term electromagnetic attack can be quite easily launched now, on a local basis, by mobile or man portable IEMI weapons. These devices can actually be purchased from national and international sources, or constructed with plans and unrestricted materials available over the internet, at very low cost. The US Navy has published a detailed unclassified report that outlines this non-nuclear threat: http://emprimus.com/lit/NavyReportRFWeapons.pdf The goal of this Navy report is to raise the level of awareness about the growing threat of IEMI, and provide a general outline for developing a mitigation strategy, because disabling our civilian infrastructure is a serious threat to our national security. Who would conceive of deploying this kind of mayhem? The list is as long as those who would launch more conventional cyber attacks, and includes disgruntled employees and customers, business competitors, protesters, criminals, foreign agents, terrorists and rogue nations. Even the perpetrators of disruption that now conduct computer hacking have the potential to branch into low cost IEMI disruptions. This threat is highly asymmetric: low cost, with available, uncontrolled technology that can inflict disastrous damage to infrastructure and its valuable data. Have these IEMI weapons been used to date? Yes. In the Netherlands, an individual seriously disrupted a local bank’s computer network because he was turned down for a loan. He constructed a briefcase size radio frequency weapon, which he learned how to build from the Internet. Bank officials did not even realize that they had been attacked or what had happened until long after the event. Numerous other IEMI examples can be cited around the world. (See the cited Navy report.) The insidious aspect of IEMI for our national infrastructure is that it attacks both cyber and physical security aspects of our electronics-based systems in manners that can completely circumvent firewalls, layered networks, passwords, physical barriers and security procedures. Unlike traditional cyber threats to data security, IEMI is extremely covert and difficult to detect and trace, with no footprints readily amenable to forensics, and with the ability to impede digital forensics by corrupting the data. To give some insight into the magnitude of the IEMI threat levels, consider the following. Most computer chips and other integrated circuits operate at several volts. Medical electronics instrumentation is generally required to operate normally and accurately in an environment where the background electric field levels are under 10 volts/meter. New IEMI threat devices can generate electric field levels of thousands of volts/meter. This starkly demonstrates the concern for understanding and coping with this threat. Mobile devices in innocent looking trucks can damage or destroy electronics circuitry up to 600 ft. away, and corrupt and disrupt the data of commerce more than two miles away, and drive away undetected. Normal buildings and structures are transparent to this threat. Specifically, what are the implications for your SCADA system operation from this IEMI threat? In recently conducted tests by Emprimus at a military facility, a typical SCADA industrial temperature control system was exposed to only 20 V/m, only twice the medical device exposure limit. The control loop was set to maintain an 80° F temperature, with a 5°F dead-band. The system was exposed to a brief pulse of 20 V/m with the following sensed temperature results: Ambient Temp Sensor At relatively low EM fields, the SCADA temp sensors reported completely inaccurate data. As this is a physical effect, there is no way to code out the erroneous reading. The PLC then reacts as programmed to protect the system in a completely inappropriate manner, with potentially disastrous results. Similarly, incorrect valve position readings in pipeline facilities caused by IEMI type exposures have caused pipeline ruptures and fires. What can be done about this newly recognized IEMI threat? On July11, 2009, Emprimus LLC provided invited testimony before the US House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology, including: “The 18 Department of Homeland Security sectors of Critical non-military Infrastructure all have a vital dependence on digital data, electronic sensing, computing, controls, and data storage that can be corrupted and/or damaged by both high altitude EMP and non-nuclear EMP [IEMI]. It is important to point out that these threats are CYBER threats, since they can corrupt and destroy data just as surely as the more publicized Internet hacker attacks we are so familiar with these days. In fact, EMP is probably more insidious, since these attacks leave no network footprints and destroy evidence amenable to digital forensics, and they can cause physical damage to the electronic equipment attacked. It is conceivable that EMP could be used to cover up traditional cyber attacks. Critical equipment in the DHS Critical Infrastructure segments such as data centers, supervisory control and data acquisition (SCADA) systems, process control equipment, etc. can be protected by appropriate electromagnetic shielding, filtering and security procedures, along with enhanced threat detection. It is especially important that facilities responsible for meeting regulatory data retention requirements rapidly acquire this protection, especially trading institutions and banking data centers.” In summary, the SCADA community needs to join the rest of our critical infrastructure in evaluating the vulnerability of our systems to the serious and rapidly growing Intentional Electromagnetic Interference threat, just as we already have reacted (relatively) successfully to cyber and other threats. Appropriate remediations can then be deployed to mitigate these threats. About the Author Emprimus measures, assesses, designs, implements and tests appropriate protection of all critical, non-military electronic systems and data assets against Intentional Electromagnetic Interference. For further information, contact Emprimus directly at 952-545-2051 or at www.emprimus.com.
|
||
|
