The Energy Telecommunication and Electrical Association (ENTELEC), is an energy industry user group that focuses on communications and control technologies used by petroleum, natural gas, pipeline and electric utilities.
In anticipation of this year’s ENTELEC 2010 Conference and Expo, scheduled April 13-15, 2010 at the George R. Brown Convention Center, Amanda Prudden, association manager of ENTELEC, recently sat down with a few of the group’s members to discuss current issues affecting the industry. The panelist included: Enoch Charles, senior technical analyst, CenterPoint Energy; Jack Richards, partner, Keller and Heckman LLP; James Coulter, consultant, Engineering Telecom and Network Services, El Paso Corporation; and Brian Gore, network and security architect, Boardwalk Pipeline Partners.
Here’s how they responded to the questions:
Q. Is Ethernet really the magic cure-all communication protocol?
Coulter: For SCADA Communication Ethernet does not function well in the last mile radio links. Although there are Ethernet radios, often many energy companies are using licensed spectrum radios with 12.5 khz bandwidth, liming data rates to 9.6 or 19.2 Kbt. The protocols, like Modbus, are very efficient, but the addition of Ethernet overhead will significantly impact the efficiency of the channel, limiting the number of remotes or messages that can be carried either direction. The concept of Ethernet and standard Ethernet encryption tools as a solution to SCADA security has many issues to overcome as well as a massive number of embedded systems.
We actually use Ethernet at the Polling engines which talk out over the network Ethernet. Strategically located terminal servers then translate into serial communication in the last mile links (radio or satellite systems). I believe most energy companies are generally doing something similar.
Charles: Ethernet and serial communications will likely coexist in the oil and gas sector for the foreseeable future. Moreover, both technologies will allow legacy serial devices to communicate with Ethernet products with ease. Wireless technologies have advanced to the point where we must consider them extremely secure, reliable and flexible enough to handle any application. With these options, anybody can take advantage of remote monitoring and control without sacrificing functionality.
Gore: Ethernet is not the magic cure-all communication protocol. However, Ethernet will work for most communication applications. TCP/IP is the vehicle to support legacy protocols, as they are often encapsulated over IP, which continues to expand closer to the end device. As vendors continue to develop more products that support Ethernet, the remaining communications protocols will greatly diminish in use. There are many Control System applications and communication devices using protocols other than Ethernet, and given the lengthy timeframe most Control Systems are in place with no upgrades, legacy protocols will remain for many years.
Q. What are companies doing in response to INGAA security recommendations for SCADA systems network and communications security?
Charles: There are a number of things being done and that should be done, including: Establishing guidelines on handling and protecting data; Incorporating into the overall security plan of the organization (which includes physical); Educating employees and raising awareness; Constantly enhancing and enforcing authentication (passwords) method; Using filtering technology at Internet connection points and installing software to protect against malicious code executing on systems. Such software systems include virus protection and firewalls intrusion detection systems; Monitor the networks by reviewing firewall logs to identify suspicious patterns; Emerging threats need to be monitored and firewalls and cyber security software products need to be upgraded regularly; Consider the replication of mission critical systems and data in multiple sites to ensure the ability to recover from damaging cyber (and physical) attacks; Perform regular security assessments that possibly include penetration testing, architecture review, and a review of security policies and procedures; and Consider a security audit performed by an independent third party. This includes both audits of policy and attempting to compromise the actual corporate network.
Coulter: El Paso is in the process of isolating its Automation Networks (the systems which run the pipelines and its compressor stations). We place all Automation Networks behind individual firewalls and provide only limited access to the systems which are used to run the pipeline, creating a separate network. We are developing and implementing policies which will allow us to manage the security in a consistent fashion as well as utilize the general corporate security systems to manage the user base which has access. We are attempting to closely follow the INGAA security regulations.
Gore: Interstate Natural Gas Pipeline companies should be taking the INGAA security recommendations under advisement. The companies should be comparing the recommendations to corporate policies and security applications already in place. The INGAA Security Recommendations were compiled by many participating gas pipeline companies through the analysis of security objectives of other closely related critical infrastructure entities. Applying the knowledge gained, in conjunction with in-depth gas pipeline operational experience, INGAA was able to present a unified set of best practices which could be used by all gas pipeline companies to enhance the Control Systems Network posture.
Q. What new security technologies are needed to protect industrial network?
Coulter: One of the issues that we have discussed many times is the need to create encryption software modules for both the RTU (end device) and the Master (polling engine) and leave the communications links and associate infrastructure out of the security equation. This simplifies maintenance and conversion to more secure links. It does, however, put a burden on the existing RTU and SCADA Master developer.
Gore: There are many security technologies that can be used to protect Control System networks. The overall network design should utilize layered network architecture. To accomplish this, the Control System network should be completely isolated behind firewalls, as well as any field Control or Measurement device. At locations that cannot support firewalls, an Access Control List could be used on the router to only allow necessary traffic to pass. An (IPS) Intrusion Prevention System may be installed on the Control System network. New IPSs are being created that identify SCADA-specific attack signatures. There are also several SCADA Whitelisting applications that disable non-authorized applications from running. Companies can also consider using multiple VRF tables to separate the corporate and controls networks.
Charles: The security of the United States is dependent on the availability of the North American power grid. There is technology in use by the grid that is outdated and in some cases at risk. There have been three major blackouts in the past nine years. The reliance on old technology leads to inefficient systems, resulting in high operational costs. There is widespread agreement that it is time to start upgrading the electric grid to increase overall system efficiently and reliability. Such upgrades will require significant dependence on distributed intelligence and broadband communication capabilities. These new capabilities can greatly enhance efficiency and reliability, but they may also introduce new vulnerabilities into the system.
USB authentication tokens, built-in biometrics, self-encrypting hard drives, security-aware Web browsers and applications and mobile device security are five new security technologies that would emerge as the leader in protecting the industrial network.
Q. Do industrial vendors have the infrastructure to handle vulnerability identification and disclosure?
Coulter: The industry has done a good job of securing the corporate networks using firewall technologies and intrusion detection techniques. The same must be applied to industrial networks. But the focus of industrial networks is different than the standard I/T Corporate network Security. Industrial networks security must first focus on protecting the machinery and people. On the surface this does not appear to be different than protect the data, until you look at the fault modes. In IT security systems, you must fail and protect (isolate) the data. If there is a system failure (equipment) an industrial system must remain operational and in control (Controllable) of its processes. This first part addresses perimeter security. The next key is the automation operating systems must continue to be hardened ad protected against viruses, worms and unauthorized access. OS system and Vendor patches must be actively tested and applied to system on a very routine and systematic basis. Manufactures of PLC and other operating systems must also continue to upgrade their systems to included necessary security features, with an eye to centralized management vs. local management.
Charles: Some vendors and implementations are “doing the right thing,” so minimum security behavior is possible there is no room for excuses.
Here are some innovative things being done to protect vulnerability identification and disclosure:
- Identify limitations of existing products and technology, conduct mid- long term R & D to define requirements.
- Require extensive testing and validation.
- Best Practices – Policy, procedures, design and deployment of existing tools and technology.
Gore: Industrial vendors are developing infrastructure to handle vulnerability identification for SCADA and Control Systems. Technologies like SCADA-specific Intrusion Prevention Systems and Whitelisting Applications are now available from multiple vendors. These technologies could be used in conjunction to protect Control System networks. As more consumers purchase Control Network security infrastructure, more vendors will participate in this market.
Q. The new FCC seems intent on enforcing its rules and fining violators. What enforcement issues are of particular concern to the oil and gas industry?
Richards: Like other government agencies, the Federal Communications Commission has undergone a series of changes following the inauguration of the new President in January 2009. The new FCC Chairman, Julius Genachowski (D), along with new Commissioners Mignon Clyburn (D) and Meredith Atwell Baker (R), have joined with existing Commissioners Michael J. Copps (D) and Robert M. McDowell (R) to focus not only on broadband deployment and technology (their primary mission these days) but on vigorously enforcing the FCC’s current rules and policies.
In 2008, the Commission levied a record-breaking $68.2 million in fines, forfeitures and monetary settlements through Consent Decrees, whereby affected parties settle their disputes with the Commission based on “voluntary” contributions to the U.S. Treasury. Chairman Genachowski appointed Michele Ellison as Chief of the Enforcement Bureau on September 9, 2009, and she has continued aggressively to enforce the FCC’s rules and to fine violators. Similar statistics are not yet available for 2009, but the numbers are rising.
In light of the Commission’s renewed focus on enforcement, the oil and gas industry would be well advised to comply with all FCC licensing and regulatory requirements applicable to their communications systems. In particular, in my view, the industry should consider three common enforcement scenarios: (1) operating wireless radio stations without proper authority from the FCC; (2) failing to comply with marking and lighting requirements applicable to wireless communications towers; and (3) not securing the FCC’s prior consent before assigning or transferring Commission licenses as part of a merger or acquisition.
Operating Without Authority. In addition to prohibiting the operation of wireless radio stations without a Commission license (except on Part 15 or “license exempt” frequencies), the Commission’s rules also require licensees to file a request to renew their licenses prior to expiration of the license term. As a result, any licensee filing a renewal request after its license has expired is technically operating without a license. As of late, the Commission has been especially active in this area of enforcement. A private licensee recently paid $16,000 for operating four licenses after the expiration date. Another private licensee recently paid $6,500 for operating a single private radio station after the license had expired.
Marking and Lighting Communications Towers. As most licensees are aware, there are specific FCC requirements governing the registration, marking and lighting of wireless communications towers, including one which requires the tower owner to conform to the FAA’s painting and lighting requirements. These requirements are safety-based, and both the FCC and the FAA take them very seriously. Fines of $15,200 and $13,000 recently have been imposed on tower owners for failure to comply with these requirements.
Corporate Mergers and Acquisitions. This is perhaps the most common, most overlooked FCC requirement leading to enforcement problems for private licensees. The rule is clear: parties to a corporate merger or acquisition must secure the FCC’s prior consent before assigning or transferring control of any FCC licenses. Many large deals only incidentally involve FCC licenses, but failure to comply with this FCC requirement may result in substantial forfeitures calculated, in part, based on the number of licenses, the size of the companies and the nature of the facilities. Private licensees recently made “voluntary” contributions of $24,000, $30,000 and $35,000 to terminate FCC investigations into allegations of failure to secure the FCC’s prior consent as part of a corporate acquisition or merger. These types of violations are easily avoidable if an FCC “checklist” is included as part of the corporate due diligence process in any merger or acquisition involving FCC licenses.
For information about ENTELEC, contact Amanda Prudden, Association Manager. Phone: 888-503-8700;
E-Mail: firstname.lastname@example.org; and Web: www.entelec.org