Skip to main content

Vox of Dartmouth, the College's newspaper for faculty and staff, ceased publication in February 2010. For current Dartmouth news and events, see:

· Dartmouth Now
· Periodicals
· Events Calendar

Minding the grid

$8.5 million Institute for Information  Infrastructure Protection research project will  protect untility control systems

The Institute for Information Infrastructure  Protection (I3P), which is managed by Dartmouth  College, launched an $8.5 million research  program that will help protect supervisory  control and data acquisition (SCADA) systems in  the oil and gas industry and other critical  infrastructure sectors.

The I3P is a research consortium funded by the  Department of Homeland Security (DHS) and the  National Institute of Standards and Technology  (NIST) that was established to address security  issues facing the U.S. information  infrastructure. The funds, spread over two years,  will support basic research, as well as  product-driven technology solutions in order to  better understand and mitigate high-risk SCADA  flaws.

SCADA experts and officials within the U.S. government have long  warned about the security issues surrounding the  use of SCADA and other automation systems to  manage and control everything from electric power  generation plants, water systems, and oil and gas  pipelines.

A research team consisting of ten I3P member  institutions will help identify SCADA  vulnerabilities and interdependencies between  SCADA systems and other critical infrastructures.  Researchers will develop metrics and models for  assessment and management of SCADA security, and  create next-generation SCADA systems with  built-in security.

"SCADA vulnerabilities remain in deployed systems  because of insecure network design and weaknesses  in the host systems," said Ron Trellue, the  research team's leader and the Deputy Director of  the Information Systems Engineering Center at  Sandia National Laboratory. "Research will focus  on addressing this problem by developing tools to  make current SCADA system configurations more  secure, while in tandem performing basic research  to develop inherently secure designs for the  SCADA systems of the future."

The research team also includes security  specialists from the University of Illinois  Urbana-Champaign, MIT Lincoln Laboratory, the  MITRE  Corporation, New York University, Pacific Northwest National Laboratory, SRI  International, the University of Tulsa, the University  of Virginia and Dartmouth College. The I3P team  is actively pursuing partnerships with industry  to guide the research and develop opportunities  for technology transfer.

"This project brings together some of the most  experienced and talented researchers from the  SCADA and cyber security domains to work jointly  on one of the most critical security problems  facing the nation. Solving complex SCADA security  challenges requires a multidisciplinary approach.  We have assembled a team capable of helping  protect critical infrastructures against cyber  threats in the near-term and in decades to come,"  said Trellue.

Trellue's team will work closely with partners in  industry and the U.S. government to improve  information sharing and communication about  SCADA, and to ensure that new, secure  technologies are adopted by SCADA operators. The  I3P research project is being coordinated with  other public and private SCADA efforts around the  country.

"This is a major SCADA research initiative that  will have high national impact particularly aimed  at protecting oil and gas SCADA systems," said  Martin Wybourne, Vice Provost for Research at  Dartmouth College and Chair of the I3P. "The  project reflects a strong collaboration between  academia, government and industry under the  umbrella of the I3P Consortium."

According to Douglas Maughan, I3P's program  manager at the DHS's Science and Technology  Directorate, SCADA technology was not originally  designed with today's rigorous security  requirements in mind. As SCADA systems  increasingly become accessible remotely via the  Internet, vulnerabilities to cyber attacks (such  as computer viruses, hacking or denial of  service) have been amplified.

"Securing SCADA systems is one of the most  pressing cyber security priorities because  successful attacks against the SCADA  infrastructure could result in substantial  economic consequences. DHS is helping to  coordinate the nation's approach to securing  SCADA; the I3P's SCADA program plays an important  role in our overall strategy by working on R&D  issues and, more importantly, working with  industry to ensure transition of technology into  existing infrastructure," said Maughan.

By SUSAN KNAPP

Questions or comments about this article? We welcome your feedback.

Last Updated: 12/17/08