Supervisory Control and Data Acquisition (SCADA) systems and distributed control systems (DCS) are computerized control systems that support the efficient production and distribution of electric, oil, and gas. If unprotected, they are vulnerable to malicious cyber attacks that could produce catastrophic disruptions to our critical national infrastructures.
The National SCADA Test Bed is a DOE multi-laboratory program that addresses the security challenges of control systems in the energy sector through
- control systems testing, research and development;
- advanced technology development;
- control systems requirements development; and
- industry outreach.
The National SCADA Test Bed (NSTB) is jointly managed and executed by Idaho National Laboratory (INL) and Sandia National Laboratories (SNL). Other partners include the Pacific Northwest National Laboratory, Argonne National Laboratory, the National Institute of Standards and Technology, and contractors.
Using the testing facilities within the National SCADA Test Bed, researchers have made significant accomplishments in securing control systems for the energy sector.
Testing Facilities within the National SCADA Test Bed
The National SCADA Test Bed provides a variety of realistic testing environments to help industry and government identify and correct vulnerabilities in control systems including SCADA, EMS (Energy Management Systems) and DCS. It includes several testing facilities:
- Center for SCADA Security
- SCADA / Process Control Systems Test Bed
- Critical Infrastructure
- Cybersecurity Test Bed
- Vulnerability assessments
- Intrusion detection expertise
- Power Grid Test Bed
- 61 miles of 138 kV transmission lines
- 7 substations
- Next-Generation Wireless Test Bed
- 3G/4G testing
- Local area network and 802.11 testing
- Control Systems Security Test Center
- Remote Substation Lab
- Attack Resource Center
- Center for Cyber Defenders
- Network Research Lab
- Cryptography Lab
- Electric Power Test Labs
Representative Accomplishments of the National SCADA Test Bed
Research and related activities conducted through the National SCADA Test Bed have made significant contributions in securing control systems in the energy sector.
Training
- Conducted training for more than 1,400 end users to foster increased cyber security awareness and to educate energy sector control system operators and asset owners on best practices for sustainable control systems security.
Testing/Standards
- Identified SCADA vulnerabilities in four commercial SCADA/EMS systems representing 80% of the electrical grid market. Worked with vendors to verify fixes for legacy systems and new releases. The fixes will help mitigate significant security weaknesses across the sector. Summary test report: ABB SCADA/EMS System INEEL Baseline Summary Test Report (November 2004)
- Developed a SCADA Reference Model to identify key communications links and functions in SCADA systems and determine cyber security requirements: Reference Model for Control and Automation Systems in Electrical Power (October 2005)
- Developed a methodology to assess SCADA systems' cybersecurity: Cyber Assessment Methods for SCADA Security (November 2005)
- Surveyed ongoing standards activities in control systems and developed a comparative framework: A Summary of Control System Security Standards Activities in the Energy Sector (October 2005).
These activities will support the energy sector asset owners and operators in their efforts to secure control systems.