|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Risk/Threat Assessments for Utility specific software/hardware
Date: Thu Jan 23 2003 - 12:51:29 EST
David,
Most water and electric utilities use SCADA systems, ie. Supervisory Control and Data Acquisition systems. These systems monitor and control Utility equipment such as transformers, circuit breakers, valves, etc... The SCADA application is a software package that is positioned on top of hardware to which it is interfaced, in general via process controllers, e.g. Programmable Logic Controllers (PLCs), or other commercial hardware modules. SCADA systems used to run on DOS, VMS and UNIX; in recent years many SCADA vendors have moved to NT and some also to Linux.
There are 2 parts in a SCADA system: the "client component" which caters for the man machine interaction (MMI) and the "data server component" which handles most of the process data control activities. The data servers communicate with devices in the field through PLCs, which are connected to the data servers either directly or via networks or fieldbuses that are proprietary (e.g. Siemens H1), or non-proprietary (e.g. Profibus). Data servers are connected to each other and to client stations via an Ethernet LAN. The data servers and client stations are NT platforms but for many products the client
stations may also be W95/2000/... machines.
Here are some sources of information:
http://www.computerworld.com/softwaretopics/software/resources/0,11188,KEY4_RLI1263,00.htmlhttp://atlas.web.cern.ch/Atlas/GROUPS/DAQTRIG/DCS/PRESENTATIONS/DCSWKS2000/salter.pdfhttp://ref.cern.ch/CERN/CNL/2000/003/scada/http://www.engineeringtalk.com/news/bjs/bjs100.html
You may also want to do a Google search for the following terms: SCADA,
EMS (Energy Management System), Utility Automation. Professional
organizations whose websites you may want to search are IEEE and T&D
(Transmission & Distribution).
I hope this helps.
Regards,
Marjan Rajabi, CISSP
David Barnett
cc:
Subject: Risk/Threat Assessments for Utility specific
01/17/2003 02:12 software/hardware
PM
A company I am consulting with does Water and Energy consulting work. I have built up a good relationship with them during my security assessment consultations. They are now trying to bid on Government work concerning the safety of Utility Companies. I was asked about my knowledge of vertical software such as Embedded OSes and their Utility software applications. Does anyone have any experience in this area, or can point me to any such information.
Many thanks,
David Barnett
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
**Disclaimer**
This Memo and any attachments, may be confidential and legally privileged.
If you are not the intended recipient and have received this in error,
kindly destroy this message and notify the sender. Thank you for your
assistance.
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Thu Jan 23 15:21:44 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |