Cyber Security Management in a Real Time Distributed Control Systems: A Field Based Case Study
By
ABSTRACT
Real time distributed control systems are widely distributed systems, and require a large number of remote terminals, each controlling a small number of devices, and gathering data from a small number of sensors. In a complex system, it works as central processing unit, thus are vulnerable to various types of security threats. The objective of this paper is to present an introduction to the cyber security management in a real time distributed control systems. The paper further explores what real time distributed control systems are and why they are used. It also evaluates the vulnerability of real time distributed control or SCADA systems to cyber threats. To present valuable research on the topic of study, the principal investigator conducted an interview from the manager Steve Clark who is the manager at SafeOil Limited. Steve is working at SafeOil for many years and has vast field experience in digital security. The interview provided field based knowledge of the cyber security and related vulnerabilities and helped to develop beneficial conclusion and results. The method used for conducting the research is mixed, that include primary as well as secondary method.
TABLE OF CONTENTS
ABSTRACTII
CHAPTER 1: INTRODUCTION1
Background1
Aims and Objectives2
Research Questions2
Definition of SCADA2
CHAPTER 2: LITERATURE REVIEW3
Overview of Real Time Distributed Control Systems3
SCADA and IT Systems4
Past Cyber Attacks and Incidents in Distributed Control Systems4
Distributed Control System Security5
SCADA Attack Topology Vulnerabilities7
Real Time Distributed Control Systems Utilization Area8
Real Time Distributed Control Systems Security Issues9
Vulnerabilities in Real Time Distributed Control Systems to Cyber Threats10
Cryptography for Securing Distributed Control Systems Networks12
CHAPTER 3: METHODOLOGY14
Characteristics of the Data14
Literature Search14
Data Collection Method15
Qualitative Research Method (Theoretical Overview)15
Using Mixed Method Research15
Data Validity & Reliability16
Ethical Consideration17
CHAPTER 4: DISCUSSION AND ANALYSIS18
Interview Analysis18
Comparison of Standards Used by SafeOil Ltd with Other Available Standards26
Best Security Standard for SafeOil Ltd and for other Oil and Gas Companies27
CHAPTER 5: CONCLUSION28
Future Recommendations of the Study28
REFERENCES31
APPENDICES34
Interview Transcript34
CHAPTER 1: INTRODUCTION
Background
Real time distributed control systems or SCADA systems are used in the operation of many industrial systems, from the power grid to potable water distribution (Boyer, 1999). They are used to automate large, monolithic systems which are critical to the health and well-being of the citizenry. These systems are widely distributed, and require a large number of remote terminals, each controlling a small number of devices, and gathering data from a small number of sensors (Donald, 2003). Many of these systems are connected to a central control location by a variety of possible commodity communications systems, ranging from radio links to industrial Ethernet connections. Unfortunately, as these systems have grown larger, the pervasiveness and public awareness of these commodity communications systems has also grown.
Corporations and utilities can no longer rely on security through obscurity to protect these systems. Further, with the growth of the Internet, these systems have become increasingly connected, forcing industries to defend against security threats well outside these systems' design parameters (Rinaldi, et al., 2001). Network security and an understanding of these communications problems can only provide ...