CYBER SECURITY MANAGEMENT

Cyber Security Management in a Real Time Distributed Control Systems: A Field Based Case Study

By

ABSTRACT

Real time distributed control systems are widely distributed systems, and require a large number of remote terminals, each controlling a small number of devices, and gathering data from a small number of sensors. In a complex system, it works as central processing unit, thus are vulnerable to various types of security threats. The objective of this paper is to present an introduction to the cyber security management in a real time distributed control systems. The paper further explores what real time distributed control systems are and why they are used. It also evaluates the vulnerability of real time distributed control or SCADA systems to cyber threats. To present valuable research on the topic of study, the principal investigator conducted an interview from the manager Steve Clark who is the manager at SafeOil Limited. Steve is working at SafeOil for many years and has vast field experience in digital security. The interview provided field based knowledge of the cyber security and related vulnerabilities and helped to develop beneficial conclusion and results. The method used for conducting the research is mixed, that include primary as well as secondary method.

TABLE OF CONTENTS

ABSTRACTII

CHAPTER 1: INTRODUCTION1

Background1

Aims and Objectives2

Research Questions2

Definition of SCADA2

CHAPTER 2: LITERATURE REVIEW3

Overview of Real Time Distributed Control Systems3

SCADA and IT Systems4

Past Cyber Attacks and Incidents in Distributed Control Systems4

Distributed Control System Security5

SCADA Attack Topology Vulnerabilities7

Real Time Distributed Control Systems Utilization Area8

Real Time Distributed Control Systems Security Issues9

Vulnerabilities in Real Time Distributed Control Systems to Cyber Threats10

Cryptography for Securing Distributed Control Systems Networks12

CHAPTER 3: METHODOLOGY14

Characteristics of the Data14

Literature Search14

Data Collection Method15

Qualitative Research Method (Theoretical Overview)15

Using Mixed Method Research15

Data Validity & Reliability16

Ethical Consideration17

CHAPTER 4: DISCUSSION AND ANALYSIS18

Interview Analysis18

Comparison of Standards Used by SafeOil Ltd with Other Available Standards26

Best Security Standard for SafeOil Ltd and for other Oil and Gas Companies27

CHAPTER 5: CONCLUSION28

Future Recommendations of the Study28

REFERENCES31

APPENDICES34

Interview Transcript34

CHAPTER 1: INTRODUCTION

Background

Real time distributed control systems or SCADA systems are used in the operation of many industrial systems, from the power grid to potable water distribution (Boyer, 1999). They are used to automate large, monolithic systems which are critical to the health and well-being of the citizenry. These systems are widely distributed, and require a large number of remote terminals, each controlling a small number of devices, and gathering data from a small number of sensors (Donald, 2003). Many of these systems are connected to a central control location by a variety of possible commodity communications systems, ranging from radio links to industrial Ethernet connections. Unfortunately, as these systems have grown larger, the pervasiveness and public awareness of these commodity communications systems has also grown.

Corporations and utilities can no longer rely on security through obscurity to protect these systems. Further, with the growth of the Internet, these systems have become increasingly connected, forcing industries to defend against security threats well outside these systems' design parameters (Rinaldi, et al., 2001). Network security and an understanding of these communications problems can only provide ...