Click here to receive your FREE subscription to Campus Technology
Current News
SCADA Security and the "Most Monumental Non-Nuclear Explosion and Fire"
4/14/2004
The answer is simple: While higher education IT managers have been worried about business system-related issues, such as viruses and worms infecting office computers or swamping networks and servers, there's a additional area of cyber security, a hugely important area of cybersecurity, that we've been ignoring, and that's SCADA security. (But if you're like most IT professionals, even most IT security professionals, you've never even heard the word "SCADA" till now.)
SCADA stands for "Supervisory Control and Data Acquisition," and consists of the software, devices, and networks that collectively control the world's power grids, gas pipelines, chemical plants, transportation systems, and other national critical infrastructure.
There's ample evidence that SCADA security is a hot area right now (no gas pipeline-fire-related puns intended); for example, note:
o The General Accounting Office has just released a 47-page report entitled "Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems," GAO-04-354 (http://www.gao.gov/cgi-bin/getrpt?GAO-04-354 ) this past March, which concluded that "The systems that monitor and control the sensitive processes and physical functions of the nation's critical infrastructures are at increasing risk from threats of cyber attacks" and that improving the security of control systems against cyberattack should be a "high priority."
o The Chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Rep. Adam Putnam (R-FL) has been publicly quoted as saying that the lack of a national strategy to deal with SCADA system security makes the nation "undeniably vulnerable" to cyberterrorism, and that "Today's SCADA systems have been designed with little or no attention to computer security." (March 31, 2004: http://www.computerworld.com/securitytopics/security/story/0,10801,91790,00.html )
We understand that those Washington DC folks are talking about strategic national vulnerabilities, and that you might (perhaps appropriately) wonder whether those "big picture" vulnerabilities are really relevant to us in higher education, as opposed to powerline operators or refinery administrators sitting in some control room. I believe the answer is yes, if only for three reasons:
First, and perhaps most importantly, we should be teaching our students about SCADA security as part of our network security education efforts. There is much we need to learn collectively about SCADA, and while SCADA systems are definitely "their own animal," there are still many lessons from enterprise network security that can be usefully ported to the SCADA arena.
Second, SCADA issues really are something that will be of direct local pragmatic relevance to each of us, if only because each of our campuses have SCADA-controlled and monitored local systems. (You may not know it, but trust me, they're out there).
Third, and perhaps most importantly, we, as opinion leaders, have a burden to shoulder: We need to put SCADA security on the national center stage. If we don't speak up and make sure that folks pay attention to SCADA-related issues, there will come a day when we will collectively wish we had.
Recommended Reading
- News Update :: Tuesday, August 26, 2008
:::::: NEWS
: Report: Green Efforts Improving on Campuses
: Polytechnic Institute of NYU Deploys Array Networks Equipment for Access Control
: Oracle Releases Student Administration Integration Pack
: Red Hat Hacked, Company Issues Security Advisory
: Sun Open Sources Mobile Toolkit LWUIT
: Vulnerability Management Needed for Security, Study Says
: Microsoft Details SharePoint-SQL 2008 Integration
: Higher Ed Growing into BI, Data Warehousing
: LectureShare Updates Free Course Management System - Campus Security :: August 22, 2008
:::::: CASE STUDY
: Corralling Identity Management
:::::: CAMPUS SECURITY NEWS
: Vulnerability Management Needed for Security, Study Says
: Wayne State Deploys Q1 Labs QRadar to Manage and Secure Network
: KU Medical Center Installs Real-time Beacon System
: Virginia Tech Tries 'Compliance Sheriff' To Improve Web Site Accessibility
: Microsoft, BearingPoint Team Up To Provide Risk-Based Compliance Solution
: Collaboration Key to Security, Microsoft Says
: IBM Unveils New Software Designed To Streamline eDiscovery
: Security Woes Up, as PHP and OSS Make the List - IT Trends :: Thursday, August 21, 2008
:::::: INTERVIEW
:: Higher Ed Growing into BI, Data Warehousing
:::::: IT NEWS
:: Microsoft Changes Virtualization Licensing Rules
:: Vorex Upgrades Web-based Data Collection Tool for Schools
:: AT&T 'Big Mobile' Grant Extended
:: U Illinois Implements New StorMagic SAN in 15 Minutes
:: OOXML Reaffirmed, ISO/IEC Reject Appeals
:: Butler U Deploys Virtual Proofpoint Messaging Security Gateway
:: Linux Application Checker Brings Distro Help - SmartClassroom :: Wednesday, August 20, 2008
:::::: INTERVIEW
: The Power of Wikis in Higher Ed
:::::: NEWS and PRODUCT UPDATES
: Sakai 2.5.2 Gets Performance Boost; New Modules Released
: Georgia Virtual Tech Moves to Angel LMS for Web-based Instruction
: Video Spotlight: Campus Technology 2008 Keynote Address
: AT&T 'Big Mobile' Grant Extended
: Colorado State Launches New Online School - Web 2.0 :: Wednesday, August 20, 2008
:::::: THE BUZZ
: Digital Arrays for Evidence-Based Learning
:::::: WEB 2.0 IN ACTION
: "That Which Weaves Together:" The NSF Cyberlearning Report
:::::: PRODUCTS AND APPS
: Sakai 2.5.2 Gets Performance Boost; New Modules Released
: Vorex Upgrades Web-based Data Collection Tool for Schools
: Colorado State Launches New Online School
: Collexis' Lawriter Debuts Social Network for Law Students - News Update :: Tuesday, August 19, 2008
:::::: NEWS
: Video Spotlight: Campus Technology 2008 Keynote Address
: Report Finds Dip in Microsoft's Browser Share
: Butler U Deploys Virtual Proofpoint Messaging Security Gateway
: VMware's Updates Cause Problems, CEO Apologizes
: Intel Releases Interface for USB 3.0
: Linux Application Checker Brings Distro Help
: Wayne State Deploys Q1 Labs QRadar to Manage and Secure Network
: SunGard HE Releases New Unified Digital Campus
: Higher Education Fertile Ground for 802.11n WiFi, ABI Reports
