Tuesday, October 5, 2010

Cooper Power Systems EAS, Stuxnet and control vs. IT

I'm currently at the Cooper Power Systems EAS (Energy Automation Solutions) user conference in Minneapolis. I don't know much about DR, AMI, Smart Grids and such, but had to go there to at least learn the basics and be able to do a better architecture job.

I'm almost ashamed to admit that I'm an "IT guy". Seems that most who work in control don't like IT and I can't blame them. Many control systems are increasingly being linked to ethernet and IP-based networks, along with remote and consolidated interfaces, and this brings many challenges which only IT can address. Enhancing security of these systems is especially important, and many control users don't seem to view security as that important.

I've had an interesting chat with EAS's security guru about the Stuxnet worm. Many technical details have been leaking through Slashdot and elsewhere for a few weeks, thus I won't speculate on its possible origins or intents. But the bottom line is that Stuxnet does exist, and it is a staggering proof that even though its engineering is not within the reach of just anyone, SCADA systems are not immune to security threats.

Like we IT people have been disgusted by the security guys for years now, it's now the turn of control people to have to live with IT. Nice threesome. Looks like I'm stuck in the middle position. FML.


No comments: