DHS funds control systems research

Focus on protecting the nation's critical infrastructures has led to increasing concern about gaps in industrial control systems that monitor and collect data, such as electric power grids or oil and gas pipelines.

To alleviate that concern, 11 of the 66 small-business research grants awarded two months ago by the Homeland Security Advanced Research Projects Agency dealt with developing new technologies to secure supervisory control and data acquisition (SCADA) systems.

Starthis Inc., a software firm based in Arlington Heights, Ill., is one of those small businesses working on advanced SCADA technologies and the only one integrating security features into the Java 2 Enterprise Edition platform.

"The thing that is really most unique about us as a company is the fact that our software is being designed to run on an enterprise Java application server," said chief executive officer David Naylor. "We're taking that standards-based security infrastructure and merging it with our software that connects to industrial control systems so that we can make the industrial control monitoring more secure."

Enhancements will include encryption and secure communication between the application server and remote controls that senses whether the connection is via the Internet, telephone or wireless links. Another benefit will be ensuring that only those with authentication and authorization services will be able to access protected remote facilities, Naylor said.

SCADA systems monitor and control processes and physical functions in the electric, oil, gas, water and chemical manufacturing and utility industries, to name a few. Such systems can manage and control the generation, transmission and distribution of electrical power or remotely monitor the pressure and flow of gas pipelines.

In a number of places, Naylor said SCADA systems are implemented as Microsoft Corp. Windows applications. Sometimes they're very centralized, such as in a mission control environment, or the applications are running on Windows machines closely connected to the equipment and networked in some form, he said.

"A more robust platform on which to run SCADA software provides a lot of benefits," Naylor said. "Reliability is one of them, improved maintenance is another, [and] security is just another aspect of why this kind of platform is better than the way they have been doing things."

The other 10 firms awarded grants for developing SCADA security technologies include:

* Asier Technology Corp.: The Plano, Texas, company will work on advanced secure SCADA and related distribution control systems.

* ATC-NY: A wholly owned subsidiary of Architecture Technology Corp. based in Ithaca, N.Y., ATC-NY will support state-based security policies for electric power systems.

* Digital Authentication Technologies Inc.: Based in Boca Raton, Fla., the company will offer protection of systems using physics-based authentication and location awareness technologies.

* Digital Bond Inc.: The Sunrise, Fla., company will study intrusion-detection and security monitoring of networks.

* Dunti LLC: Dunti LLC, based in Austin, Texas, will work on an innovative SCADA security mechanism.

* EnerNex Corp.: Based in Knoxville, Tenn., EnerNex will enhance cybersecurity to electric utility systems through encryption and other advanced technologies.

* Expert Microsystems Inc.: The company, based in Orangevale, Calif., will work to improve security information management for intrusion-detection systems.

* SNVC LC: SNVC, based in Fairfax, Va., will design, develop, and architect an intrusion-detection system.

* Stan Klein Associates LLC: The Rockville, Md., firm will provide a toolkit for next-generation electric power grid system cybersecurity protection and research.

* TecSec Inc.: TecSec, based in Vienna, Va., will build a cryptographic key management-based system.