For novel ideas about building embedded systems (both hardware and firmware), join the 40,000+ engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype and no vendor PR. Click here to subscribe.

By Jack Ganssle

SCADA Security

Governors and others frequently bemoan the lack of investment being made in crumbling infrastructure. Bridges, tunnels and the rest of the brick and mortar that enables our lives are in disrepair, and we're told things are getting worse. Shrinking budgets ensure that repairs will continue to fall behind. Pundits also say the electric grid is old and not capable of meeting 21st century needs.

I recently met with a control engineer who works for a large metropolitan water company. He's concerned about another kind of infrastructure - the digital one that monitors and controls factories and other large plants (including water plants, of course). These ubiquitous SCADA systems (supervisory control and data acquisition) often handle extremely high power actuators, like multi-thousand horsepower motors.

Industrial automation equipment often runs for decades or longer. Years ago, when working on a system in a steel mill, I came across a huge motor stamped with a manufacturing date of 1899. It was still in service. The electronics, too, often runs for decades. That's a testament to great engineering and manufacturing, and is also potentially a great hazard. These systems were largely designed before security became an important issue. Many have been almost haphazardly connected to the Internet in the intervening years, when management sees the `net as an easy way to monitor remotely and save money.

I have been told (by the NSA) that a Tylenol factory has been hacked. In 2003 a worm shut down all safety monitoring on an Ohio nuke plant for five hours. Vancouver's traffic lights have been compromised. A 14-year-old turned the Polish city of Lodz's trams into his own giant train set, derailing four cars and injuring at least a dozen people. There are many more instances.

Then there's the famous Aurora experiment: in 2007 researchers from the Department of Energy hacked into a replica of a power plant and seriously damaged a generator. I'm told the hack was trivial. And that a lot of plants remain vulnerable.

Now wireless is infiltrating the infrastructure. There are plenty of good reasons to use RF instead of fiber or copper. But how secure are these transmission media? How many of us - the embedded engineers designing these systems - are security experts? Are we letting unintended vulnerabilities sneak into the code?

Some in the SCADA community are gathering in Chicago on May 14th and 15th to brainstorm about these issues. The site is I plan to show up. The organizers are hoping for other embedded folks to show up. If infrastructure security concerns you, consider attending.

Published April 9, 2010