I've just returned from my third face to face meeting of the DNP Technical Committee. For those who don't know what it is, the DNP Technical Committee is the group that updates, devises test procedures, and writes application notes for the protocol.
One of the surprising things about DNP is that we're going beyond just a protocol. We're interested in making the protocol part of an effective, secure, and reliable SCADA implementation. This causes us to look under some very old issues and find some very scary creepy critters in there.
Even with open protocols, we're not a compatible as we'd like to think we are.
For example, we keep stubbing our toes on issues such as how we keep time, report time, update time, and represent time. Those of you who know anything about Network Time Protocol can testify to the fact that this is not a simple issue. Now imagine it wrapped in to a specialized protocol such as DNP and having to report sequences of events from units in the field who may not have an accurate description of the time.
And if you think DNP's implementation of time is less than ideal, just consider all the different ways that other protocols such as Modbus deal with it (or don't deal with it, as the case may be).
Nevertheless, when trying to do SCADA right, we need to consider that notion that certain fundamental issues keep emerging: how to save bandwidth, what data do we really need, how to get timely updates, and how to get things from various manufacturers to plug together and just work.
The issue is exacerbated by the need for reasonable security in SCADA. In writing test procedures for the outstation and the master, it occurred to me that we're not just aiming to prove these features work, but that they're also resilient to attack.
Gosh, that's a pile of work I doubt that anyone wants. I want the security in our SCADA system to work, but I don't know if I'm prepared to deal with the up-front expense of full penetration testing. And even if we do get such testing done, how can we be sure that future updates won't break something?
Where do we go from here?
Sunday, September 21, 2008
Subscribe to:
Comments (Atom)