IT Security for Utility Automation Systems (original) (raw)

The influence of utility automation systems pervades many aspects of everyday life in most parts of the world. In the shape of factory and process control systems they enable high productivity in industrial production, and in the shape of electric power, gas, and water utility systems they provide the backbone of technical civilization. The sensitivity of electric power systems is very high for misleading functionality because it can turn easily into a local or mayor black out. Those mostly have impact to daily business and life. Furthermore if a blackout would be caused from an external intruder to the automation system of the utility the impact would be even bigger. This is because, as seen from outsiders, that the basic infrastructure can be damaged from externals means also from other parts of the world in a worst-case scenario. Up to now, most of these systems are isolated, but for the last couple of years, due to market pressures and novel technology capabilities, a new trend has been rising to interconnect automation systems to achieve faster reaction times, to optimize decisions, and to collaborate between plants, enterprises and industry sectors. Initially, such interconnections were based on obscure, specialized, and proprietary communication means and protocols. Now more and more open and standardized Internet technologies are used for that purpose. In security terminology, a risk exists if there is a vulnerability, that is, an opportunity to cause damage, together with a threat, that is, the fact that someone will try to find and exploit a vulnerability in order to init damage. The importance of utility automation network systems for the functioning of modern society together with market pressure and competition on the one hand and geopolitical tensions on the other hand let the existence of security threats from terrorism, business competitor sabotage, and other criminal activity appear likely. The pervasiveness of utility automation systems that are nowadays accessible from anywhere in the world via communications and information technologies for which there are thousands of experts worldwide and which have a large number of well-known security issues creates many IT security vulnerabilities. In consequence, there are good reasons to investigate and invest into how to reduce the IT security vulnerabilities of utility automation systems, and thus the resulting risks of large financial damage, deteriorated quality of life, and potentially physical harm to humans. This chapter presents an overview of state-of-the-art best practices to that respect, and an outlook into future opportunities. The scope of utility automation systems considered in this chapter ranges from embedded devices,