Security Considerations for Water Supervisory, Control and Data Acquisition Radio

Cyber security is a key issue today and rarely out of the headlines. While most public focus relates to the Internet, SCADA engineers and security experts know that cyber terrorism concerns go beyond the wired Internet to other media, such as the wireless radio-based systems used for utility communications.

Private narrowband supervisory, control and data acquisition (SCADA) radio is an effective and economic industrial machine to machine (M2M) communications tool with a proven heritage. Water utility owned private radio networks provide an alternative to more complex third-party public cellular systems and usually offer better availability in the rural and remote terrain in which water catchment areas are usually located. The bandwidth required for monitoring and control technologies have escalated, particularly through the adoption of new IP based SCADA protocols such as Worldwide Industrial Telemetry Standards (WITS-DNP3 and WITS-IOT), the demand for better security, and the penetration of information technology (IT) network oversight into all levels of operational technology (OT) telemetry and control networks. These drivers have led to the development of IP capable long range field area network radio systems.

While security of supply is a top priority for water utilities, communication security often does not receive the attention it deserves. Deploying a radio-based network requires close attention to security, both the encryption used to protect over the air transmission itself and the authentication used to control network access by devices and users.

In the UK, Northern Ireland Water has deployed WITS-DNP3 for telemetry monitoring and control of approximately 4,500 clean and wastewater assets.

The company serves 1.8 million people, each day providing 570 million litres of potable water and treating 340 million litres of wastewater. It is responsible for 26,800 km of watermains and 15,800 km of sewerage pipes, as well as 23 water treatment plants and 1,030 wastewater treatment works. Telemetry device are connected via RS-232 serial, a combination of Proteus protocol outstations at 2400 bps and Talus T4e WITS-DNP3 outstations at 9600 bps.

Here in New Zealand, Wellington Water serves the 400,000 residents of the Wellington region with 49 million litres of drinking water each year. The company is also responsible for waster and storm water management with 6,900 km of pipelines and 138,000 connections.

The chaotic topography of Wellington’s terrain makes setting up a radio network challenging due to line of sight issues. Telemetry equipment consist of Abbey System Swampfox RTU connected with Ethernet.

In these two systems a field area network (FAN) implements an IP backbone network to link pumps, valves, level sensors and flow meters to a central Regional Telemetry System using UHF radios designed in New Zealand by 4RF. As with most water systems, telemetry not only supports alarm annunciation, operational monitoring and control, as well as capturing data for historical operational and regulatory purposes. This paper will review security options for threats that exist from disgruntled ex-employees, those who hack for fun, terrorist, and state sponsored actors who make deliberate attacks against information systems controlling real world infrastructure such as water.