AGA 12 recommends how to protect SCADA communications from cyber attack

Pipeline & Gas Journal, Nov, 2006 by William F. Rush, John A. Kinast, Aakash B. Shah

The dependence of utility infrastructure industries on unmanned facilities and Supervisory Control and Data Acquisition (SCADA) systems has created a series of high-value targets that a technologically sophisticated terrorist group or foreign government could exploit. To counter this threat, the American Gas Association (AGA) charged the AGA 12 Cryptography Working Group to develop a suite of open standards (designated AGA 12) to protect the data transmitted by SCADA systems, to authenticate the originators of messages on SCADA systems, and to ensure data integrity.

The fundamental goal is to make it easy for SCADA operators to specify good communication security without having to delve into complicated topics like cryptography and digital certificates. Pipelines and utilities can confidently protect their systems from cyber attack if they simply specify AGA 12 compliance for SCADA equipment and follow the recommendations in the documents. Believing that competition is the best way to assure low-cost products, AGA 12 requires that SCADA cyber security equipment can interoperate, independent of manufacturer or age.

By themselves, the AGA 12 documents protect nothing. It is only effective when manufacturers incorporate the standard into cost-effective products and utilities deploy that equipment to protect SCADA systems from potential attackers. We are pleased to see that commercial products are now available.

The AGA, the AWWA Research Foundation (AwwaRF), the Department of Energy (DOE), the Gas Technology Institute (GTI), the Technical Support Working Group (TSWG), and more than a dozen private companies combined resources to develop the AGA 12 set of recommended practices.

Initial feedback from the gas and electric industries recommended that the first AGA 12 efforts address the need for retrofit protection of serial communications for installed (legacy) SCADA systems. The reason is that such systems have lifetimes between seven and 20 years and are too expensive to be replaced for the sole purpose of incorporating security. Accordingly, the AGA 12 Working Group began development on a series of four documents, structured as follows:

* AGA Report No. 12, Part 1--"Cryptographic Protection of SCADA Communications: General Recommendations" contains the background, security policy fundamentals, and a test plan that apply generally to all areas of cryptographic protection of SCADA systems.

* AGA Report No. 12, Part2--"Cryptographic Protection of SCADA Communications: Retrofit Applications" focuses on protecting already installed, generally low-speed, serial equipment. This document contains the functional requirements and detailed technical specifications for AGA 12-compliant retrofit devices.

* AGA Report No. 12, Part 3--"Cryptographic Protection of SCADA Communications: Protection of Networked Systems" will focus on high-speed communication systems, including the Interact.

* AGA Report No. 12, Part 4--"Cryptographic Protection of SCADA Communications: Embedded Protection of SCADA Components" will specify how to protect SCADA systems by incorporating cryptography into the system components at the time of manufacture; this will greatly reduce the cost of protection while improving its performance.

More convenient key management for large-scale operations, protection of data at rest, forensics and intrusion detection, certification, and security policy models are among the issues we hope to address in future extensions of AGA 12.

AGA 12, Part 1

On March 16, 2006, the AGA Managing Committee completed the final balloting on AGA 12, Part 1, making it a gas industry recommended practice. It is available at AGA 12 Web site www.aga.org/Content/ContentGroups/ Operations_and_Engineering2/Infrastructure_ Security 1/AGA 12.pdf

AGA has also offered this as a recommended practice to the water industry and it is posted on the American Water Works Association Research Foundation Web site.

AGA 12, Part 1 is the foundation for the series of four reports and sets forth the general requirements to which the subsequent documents in the series will comply. It begins with a discussion of the cyber threats SCADA systems face. It also includes a collection of background material that specialists in one area need to understand and evaluate the work of specialists in another area. In particular, it explains the basics of cryptography for SCADA experts and the basics of SCADA for cryptographers.

AGA 12, Part 1 recommends adopting a corporate security posture that is based on deploying protection for SCADA communications only where the risks justify doing so. Because SCADA systems differ from one another, the AGA 12 Committee opted to recommend a systematic procedure each system owner can implement to assess its risks, rather than to recommend using a checklist.

The essence of the AGA 12, Part 1 policy recommendation is "determine the possible consequences of an attack on your system and protect only against those attacks that represent unacceptable risks." The report stresses that if the cost of protecting a part of the SCADA system is higher than the risk of an attack, then it makes no sense to deploy protection.