Honeywell SCADA Encryption
Securing the National Infrastructure
PTR Group Develops SCADA Security Device for Honeywell ACS
In the wake of recent events our national infrastructure has become a potential target for criminals and terrorists. One of the key systems in use today to manage these infrastructure systems is the Supervisory Control and Data Acquisition protocol, or SCADA. SCADA systems are found in electric power distribution, petrochemical, water management and other critical industrial environments. Recent newspaper articles have pointed out the vulnerability of these systems (see links below).
Engineers at Honeywell ACS have started development of a system to counter existing vulnerabilities in the SCADA-based infrastructure. Since SCADA is based on a simple serial protocol they desired a device capable of encrypting the pathway for the SCADA data without requiring modification of existing systems hardware or software. The concept put forward was to develop an in-line dongle that would encrypt the data stream on the fly at either end of the link.
They approached the PTR Group to develop the prototype hardware for this system.
The Challenge - Design, Build and Deliver a prototype dongle device within 45 days
The PTR Group took the design specifications from Honeywell and produced a set of working prototypes inside the time frame so that Honeywell could demonstrate the prototypes for their customers and interested government parties by the deadline.
The prototype “slave” dongle sported a parasitic power system and a 16-bit microcontroller with multiple serial ports. Not only did we develop this hardware in record time we also provided the initial software operating environment for Honeywell to continue the development of the SCADA encryption firmware.
The second phase of this effort was to develop a “keyserver” dongle that was capable of programming initialization information into the “slave” dongles.
This device would require the addition of an Ubicom IP2022 TCP/IP processor to act as an embedded web server for device management. The “keyserver” device also contained the same functionality as that of the “slave” device so it was actually a dual-processor system with unique and independent “red” and “black” security segmentation. The “keyserver” device was delivered within 90 days of the original “slave” prototype.
The PTR Group is very proud to be a part of the solution to this important mission in securing our national infrastructure.