David, Most water and electric utilities use SCADA systems, ie. Supervisory Control and Data Acquisition systems. These systems monitor and control Utility equipment such as transformers, circuit breakers, valves, etc... The SCADA application is a software package that is positioned on top of hardware to which it is interfaced, in general via process controllers, e.g. Programmable Logic Controllers (PLCs), or other commercial hardware modules. SCADA systems used to run on DOS, VMS and UNIX; in recent years many SCADA vendors have moved to NT and some also to Linux. There are 2 parts in a SCADA system: the "client component" which caters for the man machine interaction (MMI) and the "data server component" which handles most of the process data control activities. The data servers communicate with devices in the field through PLCs, which are connected to the data servers either directly or via networks or fieldbuses that are proprietary (e.g. Siemens H1), or non-proprietary (e.g. Profibus). Data servers are connected to each other and to client stations via an Ethernet LAN. The data servers and client stations are NT platforms but for many products the client stations may also be W95/2000/... machines. Here are some sources of information: http://www.computerworld.com/softwaretopics/software/resources/0,11188,KEY4_RLI1263,00.html http://atlas.web.cern.ch/Atlas/GROUPS/DAQTRIG/DCS/PRESENTATIONS/DCSWKS2000/salter.pdf http://ref.cern.ch/CERN/CNL/2000/003/scada/ http://www.engineeringtalk.com/news/bjs/bjs100.html You may also want to do a Google search for the following terms: SCADA, EMS (Energy Management System), Utility Automation. Professional organizations whose websites you may want to search are IEEE and T&D (Transmission & Distribution). I hope this helps. Regards, Marjan Rajabi, CISSP David Barnett <dbarn064@earthli To: pen-testat_private nk.net> cc: Subject: Risk/Threat Assessments for Utility specific 01/17/2003 02:12 software/hardware PM A company I am consulting with does Water and Energy consulting work. I have built up a good relationship with them during my security assessment consultations. They are now trying to bid on Government work concerning the safety of Utility Companies. I was asked about my knowledge of vertical software such as Embedded OSes and their Utility software applications. Does anyone have any experience in this area, or can point me to any such information. Many thanks, David Barnett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ **Disclaimer** This Memo and any attachments, may be confidential and legally privileged. If you are not the intended recipient and have received this in error, kindly destroy this message and notify the sender. Thank you for your assistance. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 12:21:17 PST