This paper is based upon experiences from security assessments of supervisory control and data acquisition (SCADA) systems, including
assessment performed at one of Sweden's larger water facilities. The paper highlights findings and
examines state-of-the-art control system models. These models are commonly used in
the water sector and provide an abstract representation of the system architecture. These kinds of
models are indeed a powerful tool for the facility owners and other stakeholders that need to
understand the system configuration. However, these abstract representations are seldom aligned
with the reality. This paper takes a closer
look at some abstract representations and reveals some cases where they actually make the
world look "nicer" than it is from a security perspective. It looks nicer merely because the
deficient abstract representations don't really show system weaknesses that could have critical
consequences. The overall consequence is that the operator of a water facility can be deceived to
believe that the security level is far better than it is in reality, simply because details of the system
are not scrutinized enough in his models. Includes 22 references, figures.
| Edition : | Vol. - No. |
| File Size : | 1
file
, 2.1 MB |
| Note : | This product is unavailable in Ukraine, Russia, Belarus |
| Number of Pages : | 15 |
| Published : | 11/01/2009 |
