Open Secure SCADA

Industrial control systems (ICS) are typically systems of systems. Traditionally they are organized in a hierarchy. Level 0 is the process with its analog and digital sensors and actuators. Level 1 is defined by digital control devices such as programmable logic controllers (PLCs) and others that perform real time control functions. Above this is Level 2 and 3 frequently referred to as SCADA (Supervisory Control and Data Acquisition) that includes HMI interfaces for operators and other applications that monitor the process in real time, manage alarms, enable adjustments, and automate other key functions to ensure safe and efficient control of the process.  In recent years these complex digital ICS systems used in oil and gas, water, power, and other critical infrastructure are prime targets for cyberattack.

“Unlike business enterprise networks, which manage information, ICS manage physical operational processes. Therefore, cyberattacks could result in significant physical consequences, including loss of life, property damage, and disruption of the essential services and critical functions upon which society relies. The use of cyberattacks to cause physical consequences makes ICS attractive targets for malicious actors seeking to cause the United States harm,” write the authors of Securing Industrial Control Systems: A Unified Initiative FY 2019 – 2023 from the U.S. Cybersecurity and Infrastructure Security Agency.

Open and Secure

There is an inherent conflict between being open and being secure. In today’s world there is an enormous emphasis on making data flow in real or near real time to wherever it has the potential to be useful. IIoT sensor devices may send data directly to the cloud for analysis with results that come back to a controller as optimized setpoints. Outside vendors may have remote connections directly into the control network to monitor and maintain equipment. All this openness brings opportunities for saving cost and improving efficiency. It also creates opportunities for cyberattacks.

The bad news is that until very recently designers of control systems had no reason to worry about cyber security. In consequence, the vulnerability of most existing systems is very high. The basic defense is to hide behind firewalls and isolated networks to minimize access. This bolt-on security is both costly to install and difficult to maintain.

The good news is that there are proven ways to move data securely. The magic is cryptography called Public Key Infrastructure (PKI). The details are beyond the scope of this article, but the most important point is that the technology is defined by open international standards. It relies on public credentials called certificates that authenticate identity and possession of corresponding secret key values. The same basic mechanisms that secure an ecommerce transaction on Amazon can secure control devices and communications. Secure and open control systems begin with open and secure communications.

The OPC UA connection

One significant step in securing open communications is the advancement of OPC UA (Open Platform Communications Unified Architecture). It provides a standard for managing open communications across multivendor applications and devices. Its latest rendition includes protocols by which users can authenticate and encrypt communications, so that each device or workstation participating in the network has maximum certainty that communications are protected and authentic.

OPC UA has become a relevant standard for SCADA communications because it is simple and scalable, as well as more secure than other communications protocols. When used with a secure control system, the controller has an embedded OPC UA server. SCADA client OPC UA software can easily discover any controller on the network that is running an OPC UA server, know what data is available, and connect to any data the requestor has rights to access.

Once the OPC UA programs find a device running an OPC UA server, it scales easily to allow multiple clients to connect and exchange data securely among servers and clients. That data can then be used in applications that run on PLCs or other controllers, drawing on industry-standard application software and engineering tools, which can be used to construct powerful, complex programs using reusable programming objects.

The MQTT low-bandwidth connection

Another emerging open communications protocol is Message Queuing Telemetry Transport (MQTT) using Sparkplug B, a publish/subscribe protocol with built-in report-by-exception capabilities. It optimizes connections from remote locations with only minimal code. Devices publish data to and subscribe to data from a central broker that manages all the connections and routes the data. MQTT supports real-time data. For example, a field device simply publishes its data to the broker once, on change. The broker immediately forwards the data to all subscribers. This approach simplifies the design of the SCADA network and makes providing data for other applications easier than ever. And, like OPC UA, MQTT has the capability to be secure.

MQTT offers SCADA communications many of the same benefits it gets from OPC UA, including ease of use and scalability. However, the server no longer needs to run on the ICS, but instead connects all client nodes securely to a remote broker, enabling each node to both publish and subscribe data. By eliminating the server overhead, efficiently packaging data, and reporting by exception, MQTT reduces bandwidth requirements otherwise needed to connect ICS and SCADA. This reduction in bandwidth makes MQTT well suited for remote IIoT applications implementing a high level of security with a low communication footprint.

Securing OPC UA and MQTT communications

In the past when most of the ICS and SCADA in current use were designed, nothing connected to a control network except integral trusted parts of the control system. This kind of strict air-gapped isolation is no longer viable. To maximize value, the data must flow where it is needed. In today’s pandemic constrained world this could include a laptop on the employee’s kitchen table connected over the Internet. MQTT and OPC UA specifications include PKI based provision for security. These cryptographic mechanisms allow both verification of identity and encryption of transferred data. The open specification allows integration of devices and software applications from multiple vendors. Authenticated data can be safely sent over untrusted networks. This includes the Internet, whether to exploit cloud based analytic computing power or the quarantined employee’s laptop.

Extending authentication to the control system

Adopting secure communications protocols is only a partial solution. The credentials, keys, and PKI root of trust need to be embedded in the control system devices. This starts with processor silicon that supports secure startup, loads only authenticated software, supports secure storage of secret keys, and can generate the truly random numbers on which the cryptographic mechanisms rely. High levels of security also require physical tamper resistance, secure software updates, and ability to change keys and even new quantum resistant algorithms when they become available. This is the foundation of intrinsic security and devices that are secure by design. They are also the optimal platform for exploiting the secure variants of open protocols to achieve open secure systems.

“A controller with embedded security provides another layer of protection beyond firewalls and VPNs. As it powers up, it checks to be sure that all hardware and software components are validated. Regular PLCs just can’t do that,” said Dee Brown, PE, of Brown Engineers, a certified Bedrock Automation integrator.

This secure control node from Bedrock Automation combines high-performance edge control with built-in cybersecurity that enables users to tap the full potential of their SCADA systems and the IIoT.

Toward a safe, open future

In Securing Industrial Control Systems: A Unified Initiative FY 2019 – 2023 CISA has a clear vision for how future control systems should be built:

“New OT products, from industrial-scale control systems and networks to Internet of Things (IoT) devices, are secure by design. Cybersecurity becomes a preeminent consideration in the development and design of new OT products, and operators can apply security updates without operational disruption.”

Few existing systems approach this goal.  Application developers who are interested in taking full advantage of the cost and operational improvement benefits of open SCADA would do well to seek out control technology with embedded cybersecurity. It could reduce operating costs significantly while improving efficiency and safety with minimal cyber risk.

About the author

Craig Allen, Customer Service and Technical Support Manager, Bedrock Automation

Craig Allen has 11 years of experience in electrical and automation systems. He has been with Bedrock Automation for 6 years and has been involved with Bedrock from the beginning, managing the Field Service and Technical Support teams by leveraging his industrial control experience to ensure customer success. Prior to joining Bedrock Automation, Craig was a Process Control Engineer, where he led efforts upgrading plants’ legacy control systems to the latest systems available across many vendors in the industry.  He is experienced in computer and controller programming, system design, fieldbus and IIoT protocols, and network architecture.  Craig earned a BSEE from the University of Maine.  He can be reached at craig.allen@bedrockautomation.com