SCADA Security, Building Systems, and First Response

The security of the "internet of Things" and the security of the wider internet are about to collide. The Systems that have been hidden or off line will be on-line. Embedded systems, building systems, power supply and distribution must all change their security model. Eggshell security, the hard shell on the outside and no internal security, will be torn apart not only by the Smart Grid, and all its participants and influencers, but by new models for energy interaction as microgrids, pocket generation, and on-site storage increase the number of participants.

It is hard enough to define security for systems that are always on, always connected, always in a web of trust. Federated Identity Management is difficult, but relatively well understood. Outsourcing of system operation, cannot outsource the location of these systems; cloud computing is still grounded in the physical locations of the systems in the building, and as part of the grid . Crises in power and building systems are often interrelated, and failure of one may cut off access to the federation of security providers.

In a system of systems, in which the systems are expected to respond best when the challenges are greatest and the actors are least known. The ventilation system for space holding hazardous materials must communicate its import and explain its mission precisely when the unknown fire fighter logs in and connections to other systems are lost. The microgrid generating enough power for net outflow must accept commands from a stranger precisely when and because the ice storm has ended outside network connectivity.

Take a theoretical mixed use neighborhood and its substation, filled with zero-net energy buildings (internal storage, generation, conversion of energy), its microgrid generation on the parking deck, its demand/response ready buildings, and its electric cars. Consider the linesman, properly, as yet another class of first responder. Is the power line up or down. Is the downstream connection hot or not? If my office is powering my house, who has the authority to interrupt the flow, and what is the liability for damage upstream? What does the firemen know about whether the self generating, power-storing building is on the grid or not?

We will need new architectures for building system security, ones that share information freely with emergency responders, but know which information is pertinent the enough SCADA, ones performant enough for power, but with federated security at each junction. We will need new definitions for security, ones that understand external identities and roles, but that also understand how to interact when the same event that compromised power integrity has cut off access to external identity and role providers.

We will need now architectures for SCADA, ones performant enough for power, but with federated security at each junction. We will need new definitions for security, ones that understand external identities and roles, but that also understand how to interact when the same event that compromised power integrity has cut off access to external identity and role providers.

We need ways to express the variety of security decisions that these interactions will require, ways that degrade gracefully with communications, and ways that can be pre-cached for almost-as-good decisions.

These security must be able to interact with local business systems. For the first responder, they must provide access to the right information and to the right control systems. They must have access to the local business agreements for the provision of power, and for the liabilities for non-performance. They must be able to distinguish between what is show by necessity, what can be shown for curiosity, and what will be shared only with a warrant.

Security is fundamentally a problem of situation awareness. The situation involve multiple systems and multiple contexts. It requires federated identity management across the multiple organizational participants that will fail gracefully to temporary local "good enough" security. It requires business policy aware forward-caching of decision making frameworks on a building by building basis.