Full Description

This paper is based upon experiences from security assessments of supervisory control and data acquisition (SCADA) systems, includingassessment performed at one of Sweden's larger water facilities. The paper highlights findings andexamines state-of-the-art control system models. These models are commonly used inthe water sector and provide an abstract representation of the system architecture. These kinds ofmodels are indeed a powerful tool for the facility owners and other stakeholders that need tounderstand the system configuration. However, these abstract representations are seldom alignedwith the reality. This paper takes a closerlook at some abstract representations and reveals some cases where they actually make theworld look "nicer" than it is from a security perspective. It looks nicer merely because thedeficient abstract representations don't really show system weaknesses that could have criticalconsequences. The overall consequence is that the operator of a water facility can be deceived tobelieve that the security level is far better than it is in reality, simply because details of the systemare not scrutinized enough in his models. Includes 22 references, figures.

Product Details

Edition: Vol. - No. Published: 11/01/2009 Number of Pages: 15File Size: 1 file , 2.1 MB