Process Control System (PCS) and Industrial Control System (ICS) security is critical to our national security. But there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. Sandia National Laboratories has performed the research and development of the OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE), to address this issue. OPSAID is an open-source architecture for PCS/ICS security that provides a design basis for vendors to build add-on security devices for legacy systems, while providing a path forward for the development of inherently-secure PCS elements in the future. Using standardized hardware, a proof-of-concept prototype system was also developed. This report describes the improvements and capabilities that have been added to OPSAID since an initial report was released.1 Testing and validation of this architecture has been conducted in another project, Lemnos Interoperable Security Project, sponsored by DOE/OE and managed by the National Energy Technology Laboratory (NETL).1 OPSAID Initial Design and Testing Report, Sandia National Laboratories, SAND2007-7552, November, 2007.
OPSAID Improvements Report
2
AcknowledgementsThe authors acknowledge the work that produced the results presented in this paper was funded by the U.S. Department of Energy/Office of Electricity Delivery and Energy Reliability (DOE/OE) as part of the Cybersecurity for Energy Delivery Systems (CEDS) and National SCADA Test Bed (NSTB) Programs.
OPSAID Improvements Report
3
Executive SummaryProcess Control Systems (PCS) and Industrial Control Systems (ICS) are very important for critical infrastructure and manufacturing operations, yet cyber security technology in PCS and ICS, in the past, has been generally poor. The OPSAID (Open PCS Security Architecture for Interoperable Design) Project is intended to address these security shortcomings by accelerating the availability and deployment of comprehensive security technology for PCS, both for existing PCS and inherently secure PCS in the future. Additional efforts in ICS have also seen potential application of OPSAID. As organizations within other sectors confront the issues inherent in moving from legacy to secured systems, applications of OPSAID are beginning. All activities are closely linked to industry outreach and advisory efforts.Generally speaking, the OPSAID project is focused on providing comprehensive security functionality to PCS that communicate using IP. This is done through creating an interoperable PCS security architecture and developing a reference implementation of that architecture which has been tested extensively for performance and reliability. Three key challenges and proposed solutions identified in the Roadmap to Secure Control Systems in the Energy Sector [1] are addressed by the OPSAID architecture.