Securing Light Source SCADA Systems

Mekinda, Leonce; Bondar, Valerii; Brockhauser, Sandor; Danilevski, Cyril; Ehsan, Wajid; Esenov, Sergey; Fangohr, Hans; Flucke, Gero; Giovanetti, Gabriele; Hauf, Steffen; Hickin, David; Klimovskaia, Anna; Maia, Luis; Michelat, Thomas; Muennich, Astrid; Parenti, Andrea; Santos, Hugo; Weger, Kerstin; Xu, Chen

doi:10.18429/JACoW-ICALEPCS2017-THBPA02

The Joint Accelerator Conferences Website (JACoW) is an international collaboration that publishes the proceedings of accelerator conferences held around the world.

Title

Securing Light Source SCADA Systems

Authors

L. Mekinda, V. Bondar, S. Brockhauser, C. Danilevski, W. Ehsan, S.G. Esenov, H. Fangohr, G. Flucke, G. Giovanetti, S. Hauf, D.G. Hickin, A. Klimovskaia, L.G. Maia, T. Michelat, A. Muennich, A. Parenti, H. Santos, K. Weger, C. Xu
XFEL. EU, Schenefeld, Germany

Abstract

Cyber security aspects are often not thoroughly addressed in the design of light source SCADA system. In general the focus remains on building a reliable and fully-functional ecosystem. The underlying assumption is that a SCADA infrastructure is a closed ecosystem of sufficiently complex technologies to provide some security through trust and obscurity. However, considering the number of internal users, engineers, visiting scientists, students going in and out light source facilities cyber security threats can no longer be minored. At the European XFEL, we envision a comprehensive security layer for the entire SCADA infrastructure. There, Karabo [1], the control, data acquisition and analysis software shall implement these security paradigms known in IT but not applicable off-the-shelf to the FEL context. The challenges are considerable: (i) securing access to photon science hardware that has not been designed with security in mind; (ii) granting limited fine-grained permissions to external users; (iii) truly securing Control and Data acquisition APIs while preserving performance. Only tailored solution strategies, as presented in this paper, can fulfill these requirements.

Footnotes & References

[1] Heisen et al (2013) "Karabo: An Integrated Software Framework Combining Control, Data Management, and Scientific Computing Tasks". Proc. of 14th ICALEPCS 2013, Melbourne, Australia (p. FRCOAAB02)

Funding

European X-Ray Free-Electron Laser Facility GmbH

Paper

download THBPA02.PDF [1.056 MB / 7 pages]

Slides

download THBPA02_TALK.PDF [1.679 MB]

Export

download ※ BibTeX ※ LaTeX ※ Text/Word ※ RIS ※ EndNote

Conference

ICALEPCS2017, Barcelona, Spain

Series

International Conference on Accelerator and Large Experimental Control Systems (16th)

Proceedings

Link to full ICALEPCS2017 Proccedings

Session

IT Infrastructure for Control Systems

Date

12-Oct-17 11:15–12:45

Main Classification

IT Infrastructure for Control Systems

Keywords

ion, controls, device-server, network, SCADA

Publisher

JACoW, Geneva, Switzerland

Editors

Volker RW Schaa (GSI, Darmstadt, Germany); Isidre Costa (ALBA-CELLS, Cerdanyola del VallÃ¨s, Spain); David FernÃ¡ndez (ALBA-CELLS, Cerdanyola del VallÃ¨s, Spain); Ãscar Matilla (ALBA-CELLS, Cerdanyola del VallÃ¨s, Spain)

ISBN

978-3-95450-193-9

Published

January 2018

Copyright © 2018 by JACoW, Geneva, Switzerland
cc Creative Commons Attribution 3.0