Next Generation Data Security and Transmission for SCADA Environments

AgilePQ recently held dozens of one-on-one interviews with energy and water executives in the area of cybersecurity. The feedback from these executives is below:

  • The rate of attack on energy systems from hostile and sophisticated adversaries is growing exponentially.
  • The responsibility for protecting the grid is not well defined.
  • Executives need measures that can be implemented for a reasonable cost in a reasonable timeframe.
  • AES’s footprint is too large to fit on Utilities infrastructure endpoints, sensors, and devices.
Picture of a person using a PLC

AgilePQ DEFEND

The research from these energy and water executives on cybersecurity supports data on the increase of cyber attacks in the US growing from 80k per day in day in 2010, to 10M per day in 2014, to over 300M per day in 2016.

The top six issues for utilities organizations that AgilePQ solves are:

  1. Secure data from small sensors throughout the core ICS systems
  2. Secure and authenticate commands sent to SCADA or other ICS
  3. Maintain secure operations in the necessary real time environment (minimizing encryption delays)
  4. Secure customer data communications
  5. Assure encryption does not hinder recovery speed/resilience
  6. Minimize power draw on remote sensing devices

1

Secure data from small sensors throughout the core ICS systems

2

Secure and authenticate commands sent to SCADA or other ICS

3

Maintain secure operations in the necessary real time environment (minimizing encryption delays)

4

Identification of devices attached to SCADA systems and to the grid

5

Secure customer data communications

6

Minimize power draw on remote sensing devices

7

Justify costs to federal and state regulators

8

Assure encryption does not hinder recovery speed/resilience

With AgilePQ DEFEND, AgilePQ uniquely addresses 85% of the Vulnerability Risks identified in the Relative Frequency of NSTB Observed Vulnerability Analysis of Energy Delivery Control Systems by Idaho National Laboratory.

The remaining 15% of vulnerabilities involve human behavior.

Vulnerabilities (% of total vulnerabilities) Communication endpoint (43%)Communication channel (16%)SCADA network access control (11%)Authorization (8%)SCADA authentication (7%) AgilePQ DEFEND Standard Security

AgilePQ DEFEND Application in SCADA Environments

Flexible deployment

  • PLC: as bump-in-the-wire where PLC has no traditional compute stack
  • RTU: as bump-in-the-wire or loaded directly on the processor
  • Control center: loaded directly

Flexible key size

  • Tailored to implementation environment
Illustration showing how AgilePQ secures SCADA environments

Also critical for SCADA environments is that AgilePQ DEFEND Bump-in-the-Wire auto-configures for secure communication. The element self-realizes both client and network sides, announces itself, and is ready for secure data transmission.

AgilePQ DEFEND provides high security with a flexible key size that can be tailored to any environment.

AgilePQ DEFEND can be set up for a small fixed-block message sizes (e.g. much less than typical 16 byte minimum blocks) or it can be setup for serial data streams, which is especially helpful where bandwidth is at a premium. AgilePQ DEFEND keys are self-generated at session initiation, used once, and discarded, making for an exceptionally secure system.