Human and Technical Security

Vulnerabilities

Power stations, network control centres and large-scale substations are likely targets in the event of cyber-attack by a hostile state, or by a capable substate group such as militant environmentalists. A power station has been affected accidentally by malware when a flash worm spammed the monitoring network, which would have caused a safety shutdown had it been operational at the time. A more deliberate attack might follow the Stuxnet model, with targeted malware introduced via USB drives left lying in the car park. An important line of defence is to prevent software making its way from open systems to the SIL1 and higher domains. The strict network separation that SDN networks can support is attractive here.

A typical system has network vulnerabilities that arise spontaneously. A search engine built to discover control systems found over a thousand of them accessible on the Internet. Traditional network management technologies make it hard to manage separation dependably; the combination of complexity and obscurity makes it hard for people to understand what's connected to what, and as people modify things to get their work done, paths open up to the wider Internet. The principal benefit of SDN lies in providing much better tools to enforce perimeters, providing high assurance that critical sensors and actuators never become accessible from outside.