Some time ago, after the onset of the attacks on SCADA systems, I started looking at the issues surrounding their security and the associated risks. I was fortunate in not having to start from scratch. I already had a good grounding in the principles and practice, my father was involved in the whole lifecycle of SCADA systems engineering for much of his working life and I learned a lot from him over the years. This knowledge set me thinking and was the starting point for the research that culminated in my White Paper on SCADA security

The paper outlines the background to SCADA, the history, technology and protocols. It explains why there are so many challenges to be solved and why the tools used to defend enterprise domains are, for the most part, unsuitable for the defence of SCADA/Industrial/Process Control domains. Lastly, it describes an approach that can be used that does provide an acceptable level of assurance.

Security in Industrial Control Systems - SCADA (230 downloads)


At that point it was ‘put your money where your mouth is’ time, and I set about designing and building a system that was capable of providing the defences and protective monitoring capability described in the paper. My colleagues and I worked on the design and collaborated with some key players, including Eric and Scott at Byres Security, to develop the technologies and integrate their capabilities to provide the necessary level of protection.

SCADA Mk 2 DemonstratorThe end result was what we call the ‘SOC-in-a-box’, now in its second version. This isn’t just a clever demonstration with pre-recorded material. It’s an actual working SOC and Industrial Firewall system, demonstrating all of the technologies integrated and working seamlessly. It fits in four flight cases that will go in the back of a large car. The only part that is a simulation is the display of the refinery storage tank. The rest is an actual TOFINO appliance, Programmable Logic Controller (PLC), Control Workstations with Operator Interface and a SIEM application. We attack it in real-time with actual malware that compromises the PLC and Operator Interface to cause an incident.SCADA Buncefield December 2006_2 This kind of attack could be used to cause another explosion similar to the one that happened at Buncefield in England back in December 2006, causing an estimated £1.2 billion of damage.

I took my life in my hands at the first International Forum on Cyber Security of Energy and Utilities, held in Abu Dhabi in 2012, running a live demonstration of the soc-in-a-box to the audience. The presentation was filmed ‘for posterity’ and you can now watch the video here. This explains the solution much better than I could ever do it in writing.

To our knowledge nobody else yet has an integrated solution in working form that they can demonstrate. We believe that we are a long way ahead of anybody else in the SCADA security field both in terms of knowledge and capability, and we have the demonstrator to prove it. We first showed a basic but working demonstrator at Infosec in April 2011 when all anybody else could show was a leaflet.

There is a saying that “Change is inevitable, except from a vending machine.”[1] And so it is with the soc-in-a-box and SCADA security. Technology moves on, as does the theory and practice of securing SCADA systems. With help from new partners, experience gained providing goods and services to our clients, their feedback and the Research and Development being performed by our colleagues in the Innovation Works division of Cassidian we are now working on the design for the Mark 3 SOC-in-a-box with additional capabilities and products.

Cassidian are organising a conference on SCADA security in September at Leicester University, with white papers from leading academics and organisations around the world. We also have some excellent keynote speakers.

This conference is intended to help drive the R&D elements of the work, identify best of breed approaches and fast-track the results into our capabilities. I hope to see you there.

Watch our SCADA Security demonstration video:



[1] Robert C Gallagher