CKMI: Comprehensive Key Management Infrastructure Design for Industrial Automation and Control Systems

Industrial Automation and Control Systems (IACS) are broadly utilized in critical infrastructures for monitoring and controlling the industrial processes remotely. The real-time transmissions in such systems provoke security breaches. Many security breaches have been reported impacting society severely. Hence, it is essential to achieve secure communication between the devices for creating a secure environment. For this to be effective, the keys used for secure communication must be protected against unauthorized disclosure, misuse, alteration or loss, which can be taken care of by a Key Management Infrastructure. In this paper, by considering the generic industrial automation network, a comprehensive key management infrastructure (CKMI) is designed for IACS. To design such an infrastructure, the proposed scheme employs ECDH, matrix method, and polynomial crypto mechanisms. The proposed design handles all the standard key management operations, viz. key generation, device registration, key establishment, key storage, device addition, key revocation, key update, key recovery, key archival, and key de-registration and destruction. The design supports secure communication between the same and different levels of IACS devices. The proposed design can be applied for major industrial automation networks to handle the key management operations. The performance analysis and implementation results highlight the benefits of the proposed design

Strategies Security Managers Used to Prevent Security Breaches in SCADA Systems\u27 Networks

Supervisory Control and Data Acquisition (SCADA) systems monitor and control physical processes in critical infrastructure. The impact of successful attacks on the SCADA systems includes the system\u27s downtime and delay in production, which may have a debilitating effect on the national economy and create critical human safety hazards. Grounded in the general systems theory, the purpose of this qualitative multiple case study was to explore strategies SCADA security managers in the Southwest region of the United States use to secure SCADA systems\u27 networks. The participants comprised six SCADA security managers from three oil and gas organizations in the midstream sector located within this region. Data were collected using semistructured interviews and a review of organizational documents. Four themes emerged from the thematic analysis: (a) the importance of security awareness and workforce security training, (b) the use of technical control mechanisms, (c) the establishment of standard security policies, and (d) the use of access and identity management techniques. A key recommendation is for IT managers to adopt security awareness and workforce security training to strengthen the security chain\u27s most vulnerable link. The implications for positive social change include the potential to prevent consequences such as loss of lives, damage to the environment, and the economy resulting from malicious activities

USCID water management conference

Presented at Upgrading technology and infrastructure in a finance-challenged economy: a USCID water management conference held on March 23-26, 2010 in Sacramento, California.Includes bibliographical references.The Surface Energy Balance Algorithm for Land (SEBAL®) is used worldwide to estimate actual evpotranspiration (ET) at different spatial scales (individual fields to entire basins) and temporal scales (water year, growing season, individual day, etc.). SEBAL has been successfully applied on various surface types including crops, riparian, natural vegetation, playas, and wetlands. Comparisons of SEBAL actual ET results with reliable ground based measurements (Eddy covariance, Bowen ratio, lysimeter, water balance and scintillometer) have shown close agreement with differences ranging from 1 to 5% when compared to reliable ground-based estimates over a growing season when the model is applied by experienced operators. This paper describes near real-time application of SEBAL® (Version 2009) to produce weekly maps of actual ET, crop coefficients, and biomass production for California's Central Valley. Each week, the maps for the prior week are produced and posted to the Internet. The maps are developed using MODIS multispectral satellite imagery with an end resolution of 250 meters. This paper discusses potential application of near real time actual ET maps by water managers, water supply agencies and irrigators

Energy Efficiency

Energy efficiency is finally a common sense term. Nowadays almost everyone knows that using energy more efficiently saves money, reduces the emissions of greenhouse gasses and lowers dependence on imported fossil fuels. We are living in a fossil age at the peak of its strength. Competition for securing resources for fuelling economic development is increasing, price of fuels will increase while availability of would gradually decline. Small nations will be first to suffer if caught unprepared in the midst of the struggle for resources among the large players. Here it is where energy efficiency has a potential to lead toward the natural next step - transition away from imported fossil fuels! Someone said that the only thing more harmful then fossil fuel is fossilized thinking. It is our sincere hope that some of chapters in this book will influence you to take a fresh look at the transition to low carbon economy and the role that energy efficiency can play in that process

No Security Through Obscurity: Changing Circumvention Law to Protect our Democracy Against Cyberattacks

Cybersecurity is increasingly vital in a climate of unprecedented digital assaults against liberal democracy. Russian hackers have launched destabilizing cyberattacks targeting the United States’ energy grid, voting machines, and political campaigns. America\u27s existing inadequate cyber defenses operate according to a simple assumption: hide the computer code that powers critical infrastructure so that America\u27s enemies cannot exploit undiscovered weaknesses. Indeed, the intellectual property regime relies entirely on this belief, protecting those who own the rights in computer code by punishing those who might access and copy that code. This “security through obscurity” approach has failed. Rightsholders, on their own, cannot develop effective countermeasures to hacking because there are simply too many possibilities to preempt. The most promising solution, therefore, is to open the project of cybersecurity to as many talented and ethical minds as possible. Openness, not civil remedies and secrecy, is a greater means of ensuring safety. This Article proposes that we adopt a “defense in depth” approach to security that will increase transparency by modifying anticircumvention laws and by facilitating communication between the security community and product vendors

USCID water management conference

Presented at Upgrading technology and infrastructure in a finance-challenged economy: a USCID water management conference held on March 23-26, 2010 in Sacramento, California.Glenn-Colusa Irrigation District (GCID) is in the process of developing a Resources Plan (Plan) to establish improved policies and decision making processes to better and more actively manage its available water supplies. The first element of the Plan will address Water Supplies and Transfers; it will be developed through evaluation of the district's recent historical and future water demands relative to available surface water and groundwater supplies. The analyses will reveal the probabilities, magnitudes and durations of possible future water supply shortage and surplus conditions. When combined with supporting legal and institutional review, the analyses will provide a basis for managing available water surface and groundwater supplies, shaping conjunctive water management policy, and evaluating potential surface water transfers. GCID is developing a water balance model, including related refinements to the District's water measurement, data management and reporting systems, to analyze historical and possible future water supplies and demands. The water balance will be calculated on a monthly time step for up to ten consecutive years, including winter months when rainfall is appreciable and irrigation demands are generally low. Individual water balances will be prepared for each of GCID's ten water operator areas, which can be combined to form the balance for the overall District. This paper provides a background description of GCID and discusses ongoing development of the water balance model and related improvements to GCID's flow measurement and data management procedures

USCID water management conference

Presented at Upgrading technology and infrastructure in a finance-challenged economy: a USCID water management conference held on March 23-26, 2010 in Sacramento, California.Includes bibliographical references.The Central Arizona Irrigation and Drainage District (CAIDD) began delivering water to users in 1989. Although designed for automatic control, the system was run manually until a homemade SCADA (Supervisory Control and Data Acquisition) system was developed by district employees. In 2002, problems with radio communication and limitations of the homemade SCADA system prompted CAIDD to begin the process of modernization. New spread-spectrum radios and RTUs (Remote Terminal Units) were purchased along with a commercial SCADA package (iFix by GE-IP). In 2005, CAIDD decided to pursue implementation of full automated control of a majority of district check gates. Currently, 125 gates are under remote manual supervisory control and 129 water levels are remotely monitored. CAIDD chose to implement SacMan (Software for Automated Canal Management) under development by the U.S. Arid Land Agricultural Research Center, Maricopa, AZ. The decision was made to only apply full automation at gates that had gate position sensors. Thus purchase and installation of gate position sensors have slowed implementation. To date, five lateral canals have been set up for full automatic control, where SacMan routes flow changes through the canal and uses downstream water level feedback control to correct for any errors that occur. The ditchrider only makes changes at the farm turnouts and district-operated wells. Automation of the Central Main canal has been tested in simulation. Control of this canal requires special treatment, as described in a companion paper. The district is waiting until enough of the canal is ready for automation before it turns automatic controls on 24/7, since this will require some operator training and remote oversight when problems occur. We hope this occurs in the summer of 2010

USCID water management conference

Presented at Upgrading technology and infrastructure in a finance-challenged economy: a USCID water management conference held on March 23-26, 2010 in Sacramento, California.Includes bibliographical references.The operation of main irrigation canals is complicated in situations where the operator does not have full control over the canal inflow, or where there are very long transmission distances from the point of supply, or both. Experienced operators are able to control the canal, but often supply errors are simply passed to downstream, thus creating problems further down the system. In previous work, the senior author showed that it is important to contain such errors and not let them pass downstream. With automatic upstream level control, all flow errors are passed to the downstream end of the canal. Distant downstream water level control requires full control of canal inflow. Without this, most errors will occur toward the upstream end of the canal. An alternative scheme is offered here where the canal check gates are controlled based on the relative water level error between adjacent pools. The scheme uses a simple linear model for canal pool response. The scheme is implemented as a multiple-input, multiple-output scheme and solved as a Linear Quadratic Regulator (LQR). Thus all gates respond to relative deviations from water-level set point. The scheme works to keep the relative deviations in all pools the same. If the canal has more inflow than outflow, the scheme will adjust gates so the water levels in all pools will rise together with the same deviation from set point. It thus distributes the error over the entire canal. When in equilibrium, operators will be able to judge the actual flow rate mismatch by the rate of change of these levels. The scheme acts like a combination of upstream level and distant downstream level control. It was tested on a simulation model of the Central Main Canal at the Central Arizona Irrigation and Drainage District, Eloy, AZ

USCID water management conference

Presented at Upgrading technology and infrastructure in a finance-challenged economy: a USCID water management conference held on March 23-26, 2010 in Sacramento, California.Due to multiple impacts being placed on the James Irrigation District (District) water supply, a study was performed to understand if the District could sustain its current operations. It was determined that the practices could continue but it would require capitally intensive improvements to the Districts infrastructure. Planned improvements include the construction of recharge basins for sustainability, installation of up to 16 groundwater wells and pumps, basin construction, pipeline installation, and construction of flow control and pumping structures. The improvements were estimated to cost approximately $9,000,000; a cost too high for the District to fund on their own. Because of the urgency of the project, The District explored multiple opportunities to fund the project. This included applying for loans, applying for grants, raising water rates, and raising land assessments; all at the same time. To obtain loan money the District applied for funds through Proposition 82, distributed by the Department of Water Resources (DWR). At this same time, the district pursued loans through local banks, which provided a challenge considering the unstable banking industry. Many components of the project are proposed to be built using grant funding. First was a Challenge Grant as provided by United States Bureau of Reclamation's (USBR) Water 2025 program; providing$300,000. Next was the USBR Field Services program; providing $25,000. Approximately$50,000 was utilized from the DWR Local Groundwater Assistance Program. In addition to these funds, Recovery Act funding became available for drought relief, where the District could obtain roughly $1,500,000. To generate further income the District approved a water rate increase. It was at this time when it became apparent that the Districts revenue source had become out of balance. The Land assessments were not enough to cover the operational overhead of the District. To rectify this issue, land assessments would need to be raised. This would require a proposition 218 election, which has been pursued. The intention of this paper is to discuss the multiple funding sources available to the District, how they were utilized, and problems that have been encountered

USCID water management conference

Presented at Upgrading technology and infrastructure in a finance-challenged economy: a USCID water management conference held on March 23-26, 2010 in Sacramento, California.Includes bibliographical references.Water banks entail the recharge of periodically available excess surface water for storage underground and recovery when needed. Properly formulated, these projects are one of the most cost-effective water supply tools available. These projects are frequently located in rural areas due to availability of land and water. However, projects with capital programs of more than $10 million typically need to be funded with financing. Traditional financing mechanisms such as raising customer fees, bonding and state/federal grants are increasingly difficult to obtain. Therefore, many rural agencies pursue partnerships with urban water utilities that typically have more available capital. This approach, pioneered by Semitropic Water Storage District and Arvin-Edison Water Storage District in the 1990s, entails upfront payments (and annual operating fees) by the utilities in exchange for long-term leases of project capacity. The decision to use this funding approach must be made early in the project formulation because it requires that the project be sized and configured to meet both local and utility partner needs. Water utilities are only willing to enter into these partnerships if the project can increase their water supply reliability at a lower cost than other alternatives and only if three critical criteria have been met: 1) Lack of controversy as evidenced by tangible benefits to, oversight from and support by local stakeholders; 2) proven technical, regulatory and economic viability; and 3) operational flexibility and modularity, enabling construction in phases. A project should not be marketed before each element is in place. These requirements typically take several years and several million dollars to achieve