A group of researchers backed by the Department of Homeland Security is launching a new program to identify flaws in the security of current SCADA (Supervisory Control and Data Acquisition) systems and look for ways to build more resilient next-generation systems.
The Institute for Information Infrastructure Protection, known as the I3P, said Friday that DHS and the National Institute of Standards and Technology, which also funds the group, approved $8.5 million for the new research program. The team that will tackle the problem will comprise researchers from a number of universities and think tanks, including Dartmouth College, which manages the I3P, the University of Virginia, the Massachusetts Institute of Technologys Lincoln Laboratory, the Mitre Corp., and the University of Illinois, among others.
SCADA systems are complex, and often outdated, computers that are used to control utility systems such as power plants and oil pipelines. Government officials and security experts have said for years that the SCADA systems used in the United States have inherent security problems and weaknesses that attackers could use to cause massive service disruptions.
The National Strategy to Secure Cyberspace, published two years ago, laid out the need for better security within these systems, but this is the first major research project to focus on the problem.
The two-year research effort at the I3P will focus mainly on finding weaknesses and problematic interdependencies in SCADA systems. But the researchers also will be looking at ways to build better systems that have security built in.
The I3P team, headed by Ron Trellue, deputy director of the Information Systems Engineering Center at Sandia National Laboratories, will also work with industry and government agencies to help improve the level of information sharing about SCADA among concerned parties.