David,
Most water and electric utilities use SCADA systems, ie. Supervisory
Control and Data Acquisition systems. These systems monitor and control
Utility equipment such as transformers, circuit breakers, valves, etc...
The SCADA application is a software package that is positioned on top of
hardware to which it is interfaced, in general via process controllers,
e.g. Programmable Logic Controllers (PLCs), or other commercial hardware
modules. SCADA systems used to run on DOS, VMS and UNIX; in recent years
many SCADA vendors have moved to NT and some also to Linux.
There are 2 parts in a SCADA system: the "client component" which caters for the man
machine interaction (MMI) and the "data server component" which handles most of the
process data control activities. The data servers communicate with devices in the field
through PLCs, which are connected to the data servers either directly or via networks or
fieldbuses that are proprietary (e.g. Siemens H1), or non-proprietary (e.g. Profibus).
Data servers are connected to each other and to client stations via an Ethernet LAN. The
data servers and client stations are NT platforms but for many products the client
stations may also be W95/2000/... machines.
Here are some sources of information:
http://www.computerworld.com/softwaretopics/software/resources/0,11188,KEY4_RLI1263,00.html
http://atlas.web.cern.ch/Atlas/GROUPS/DAQTRIG/DCS/PRESENTATIONS/DCSWKS2000/salter.pdf
http://ref.cern.ch/CERN/CNL/2000/003/scada/
http://www.engineeringtalk.com/news/bjs/bjs100.html
You may also want to do a Google search for the following terms: SCADA,
EMS (Energy Management System), Utility Automation. Professional
organizations whose websites you may want to search are IEEE and T&D
(Transmission & Distribution).
I hope this helps.
Regards,
Marjan Rajabi, CISSP
David Barnett
<dbarn064@earthli To: pen-testat_private
nk.net> cc:
Subject: Risk/Threat Assessments for Utility specific
01/17/2003 02:12 software/hardware
PM
A company I am consulting with does Water and Energy consulting work. I
have built up a good relationship with them during my security assessment
consultations. They are now trying to bid on Government work concerning the
safety of Utility Companies. I was asked about my knowledge of vertical
software such as Embedded OSes and their Utility software applications.
Does anyone have any experience in this area, or can point me to any such
information.
Many thanks,
David Barnett
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
**Disclaimer**
This Memo and any attachments, may be confidential and legally privileged.
If you are not the intended recipient and have received this in error,
kindly destroy this message and notify the sender. Thank you for your
assistance.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 12:21:17 PST