Cryptographic Protection of SCADA Communications

By Tom Schmidt

Three weeks after the 9/11 attacks, the American Gas Association chartered a working group to develop a standard that would use cryptography to protect Supervisory Control and Data Acquisition (SCADA) communications from cyber attack. When completed, this standard, now designated "AGA 12," is expected to be a comprehensive approach to SCADA cryptography.

On October 18, 2005, Dr. William Rush, chairman of the AGA's SCADA Encryption Working Group, testified before the U.S. House Committee on Homeland Security's hearing on SCADA security about the progress to date with AGA 12. Rush also offered recommendations on what actions should be taken to further advance the security of industrial control systems for critical infrastructures. This article looks at that progress and those recommendations in some detail.

Inside AGA 12
AGA 12 is a suite of four documents, with each one addressing different aspects of SCADA communication protection.

• AGA 12-1 summarizes cyber security policies, the background of the cyber security problem, and a procedure for testing cryptographic protection systems. This document educates SCADA operators on the need to do a risk assessment and recommends an approach for those utilities whose risk assessment reveals a need to protect their systems with cryptography.
• AGA 12-2 is a detailed technical specification for building interoperable cryptographic modules to protect SCADA communications for low-speed legacy SCADA systems and dial-up maintenance ports.
• AGA 12-3 will describe how to protect high-speed communication SCADA systems.
• AGA 12-4 will describe how to build next-generation SCADA systems so that their cryptography will be compatible with the legacy systems.

Parts 1 and 2 are currently close to completion. Parts 3 and 4 are in the planning stage.

While cryptographic protection of SCADA communications is an important weapon in the arsenal of tools that can protect SCADA, it is only one tool among many that are needed, Rush testified.

"Cryptography cannot provide any protection at all against many kinds of attacks," he said. "In particular, it does not protect against jamming or breaking the communication line, against physical attacks, or against many kinds of insider attacks. Nor does it protect local facility control systems that are often connected to SCADA systems, and usually offer additional independent vulnerabilities to cyber attack. These issues are being addressed by literally dozens of groups working in the security area."

How cryptography protects SCADA communications
AGA 12 uses cryptography to protect SCADA communications. Data and commands (for example, "Open Switch") originate inside of a secure facility. Before leaving this facility, the data or command is sent to a "SCADA Cryptographic Module" (SCM), which encrypts it. Essentially, this step changes the message so that it can no longer be read by anyone without a special number, called a key. In operation, the encrypted message is sent over the insecure network in an unintelligible form. When it arrives at the designated secure facility, the key is used to decrypt the message, returning it to its original meaning (i.e., "Open Switch").

Developers of the AGA 12 standard have gone to great lengths to assure that encrypted messages are hard for potential attackers to use, said Rush, adding that this approach has been used for years by the financial services community to secure its transactions.

AGA 12 also makes it difficult to alter, forge, or record and replay a message, Rush said. An important issue associated with the standard is how these secret keys are managed. The keys must be changed periodically to prevent their being guessed or compromised, and different keys are used for employees with different responsibilities and different levels of authority.

Protecting legacy systems
Because of the long life of SCADA systems, owners and operators of these systems urged the AGA working group to focus first on protecting legacy systems, Rush testified.

"Focusing on next-generation SCADA systems first would leave the legacy systems unprotected for many years," he said. "Protecting legacy systems, however, required developing cryptographic modules that will support most of the roughly 150 types of existing SCADA systems, each of which has a different "SCADA language" and which operate at different communication speeds and over a wide variety of communication media (such as telephone, radio, and microwave). The next steps are to develop the same standard protection for high-speed and next-generation SCADA systems."

Progress so far
Given the restraints of reaching a consensus when dealing with numerous users, manufacturers, and cryptographic experts, AGA 12 has made "rapid progress," according to Rush.

"AGA 12 Part 1 is in the final stage of balloting prior to being adopted as an industry recommended practice," he said. "Two manufacturers are offering or soon will offer cryptographic modules that comply with AGA 12, Part 2. Early versions of this equipment have performed well in field tests at actual gas companies. AGA 12 has entered the field test stage at least two years ahead of any other group developing an open standard for cryptographic hardware."

Despite this progress, Rush said a lack of government funding has largely prevented additional work on the standard from being completed. That work includes:

• Conformance testing. SCADA system owners and operators need a "seal of approval" to verify that the particular products they are considering buying actually do conform to AGA 12 requirements. There is no existing set of tests that is recognized as providing this assurance, Rush said.
• Next-generation design. "Because AGA 12, Part 2 is a retrofit solution for legacy systems, it is the most expensive and least effective approach to the cryptographic protection to SCADA systems," Rush testified. "Incorporating this protection into products at the time of manufacture is estimated to be less than half as costly as adding it after it is in the field."
• Large-scale pilot test. "While the laboratory and small-scale field tests that have been completed and will be done in the near future will validate that AGA 12 does work in the field, this is not a full scale pilot test," Rush said.
• Key management. This must be done remotely to be cost-effective, since the wide geographic extent of SCADA systems prohibits visiting sites to change keys if a strike occurs or if an employee leaves. More work is needed here.
• Forensics and diagnostics. One day, SCADA systems will be able to detect attacks that are under way, inform the operator of the attack, and gather possible forensic information. Although AGA 12 contains some features that lay foundations for this type of work, it is far from complete.
• High-speed networks. AGA 12's early focus has been on the protection of low-speed legacy SCADA systems.

Looking ahead
Rush wrapped up his testimony by calling on the government to take specific steps to advance SCADA security. In particular, he recommended that there be funding for "R&D and strong industry-government partnerships to develop protection of the Nation's critical infrastructure against cyber attacks." He also warned against funding interruptions for ongoing programs.

In conclusion, Rush urged support for several other standards development efforts.

"While our focus here has been on AGA 12, it is important to recall that this is only a small part of the total SCADA security requirements," he said. "Both the ISA SP99 and the NIST PCSRF efforts are noteworthy. Many of these other standards groups labor on an all-volunteer basis on other critical requirements of significance as great as that of AGA 12. This all-volunteer pace will not lead to rapid development of required standards."

Conclusion
Recognizing the critical need for increased security of SCADA networks and systems, Symantec is working with SCADA industry leaders to define more specifically the types of vulnerabilities that exist in SCADA networks, and to develop, test, and deploy integrated, turnkey solutions to meet the network security needs of SCADA customers.

As many industry experts have observed, the challenge is to introduce security products into a SCADA environment without causing service interruptions and performance degradations while also addressing SCADA-specific security needs. Symantec is committed to providing products, services, and best practices for SCADA and corporate environments that have been tested and validated in SCADA environments.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.