Cybersecurity for SCADA Systems 2nd

Edition William T. Shaw

Visit to download the full and correct content document:
https://textbookfull.com/product/cybersecurity-for-scada-systems-2nd-edition-william-t
-shaw/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Handbook of SCADA control systems security Second

Edition Brodsky

https://textbookfull.com/product/handbook-of-scada-control-
systems-security-second-edition-brodsky/

Business ethics Ninth Edition William H. Shaw

https://textbookfull.com/product/business-ethics-ninth-edition-
william-h-shaw/

Moral Issues in Business William H. Shaw

https://textbookfull.com/product/moral-issues-in-business-
william-h-shaw/

Canine and Feline Behavior for Veterinary Technicians

and Nurses 2nd Edition Shaw

https://textbookfull.com/product/canine-and-feline-behavior-for-
veterinary-technicians-and-nurses-2nd-edition-shaw/
American Politics Today (Sixth Edition) William T.
Bianco

https://textbookfull.com/product/american-politics-today-sixth-
edition-william-t-bianco/

Hacking Exposed Industrial Control Systems ICS and

SCADA Security Secrets and Solutions First (1St)
Edition Clint Bodungen

https://textbookfull.com/product/hacking-exposed-industrial-
control-systems-ics-and-scada-security-secrets-and-solutions-
first-1st-edition-clint-bodungen/

Bernard Shaw on Religion The Critical Shaw Shaw

https://textbookfull.com/product/bernard-shaw-on-religion-the-
critical-shaw-shaw/

American Politics Today (Essentials Sixth Edition)

William T. Bianco

https://textbookfull.com/product/american-politics-today-
essentials-sixth-edition-william-t-bianco/

Financial Cybersecurity Risk Management: Leadership

Perspectives and Guidance for Systems and Institutions
Paul Rohmeyer

https://textbookfull.com/product/financial-cybersecurity-risk-
management-leadership-perspectives-and-guidance-for-systems-and-
institutions-paul-rohmeyer/
Cybersecurity for SCADA Systems
CYBERSECURITY
FOR SCADA SYSTEMS
SECOND EDITION
 Disclaimer
The recommendations, advice, descriptions, and the methods in this book are
presented solely for educational purposes. The author and publisher assume no
liability whatsoever for any loss or damage that results from the use of any of the
material in this book. Use of the material in this book is solely at the risk of the user.

Copyright © 2020 by
PennWell Books, LLC
10050 E 52nd Street
Tulsa, OK 74146
866-777-1814
[email protected]
www.pennwellbooks.com
Publisher: Matthew Dresher
Cover images: © iStock / Getty Images Plus - MF3d
© iStock / Getty Images Plus - TheYok
© Pipeline Knowledge, LLC
Library of Congress Cataloging-in-Publication Data
Names: Shaw, William T., author.
Title: Cybersecurity for industrial scada systems / William T. Shaw.
Description: Second edition. | Tulsa, OK, USA : PennWell Books, LLC, [2020]
| Includes bibliographical references and index. | Summary:
“Cybersecurity for SCADA Systems provides a high-level overview of SCADA
technology, with an explanation of each market segment. Readers will
understand the vital issues, and learn strategies for decreasing or
eliminating system vulnerabilities”— Provided by publisher.
Identifiers: LCCN 2020044734 (print) | LCCN 2020044735 (ebook) | ISBN
9781593705060 (hardback) | ISBN 9781593705053 (epub)
Subjects: LCSH: Supervisory control systems. | Automatic data collection
systems. | Data protection. | Computer security.
Classification: LCC TJ222 .S53 2020 (print) | LCC TJ222 (ebook) |
DDC 620/.46028558—dc23
LC record available at https://lccn.loc.gov/2020044734
LC ebook record available at https://lccn.loc.gov/2020044735
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transcribed in any form or by any means, electronic or mechanical, including
photocopying and recording, without the prior written permission of the publisher.

1 2 3 4 5 23 22 21 20 19
 Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Introduction: Industrial Automation in the Aftermath of 9/11 . . . . . . . . . . . . . xxi

Chapter 1
The technological evolution of scada systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
The Early History of SCADA—Mainframes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Minicomputers and Microprocessors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Central Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Distributed Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Client/Server Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Technological Convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Ubiquitous Internet and IP Networkingg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Generalized Software Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 2
Remote terminal units . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Basic Features and Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Smart RTU Technologyy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Top-Down and Bottom-Up Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
The Emergence of PLCs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Legacy Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Protocol Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
IP-Ready RTUs and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Chapter 3
Telecommunications technologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Voice-Grade (Analog) Telephonyy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Commercial Voice/Data Carriers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Options for Wireless Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Digital Networking Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
TCP/IP Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
The Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

v
vi Cybersecurity for SCADA Systems

Chapter 4
Supervisory control applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Operating System Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
SCADA System Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Program Development Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Standardized APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Chapter 5
Operator interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Access-Control Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Standard System Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Site/Industry–Specific Displays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Historical Trendingg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Logs and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

Chapter 6
Conventional information technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Availability, Integrity, and Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Remote Access/Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
TCP/IP Suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Firewalls & Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Wireless LANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Authentication and Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Encryption and Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Chapter 7
Identifying cybersecurity vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Threats and Threat Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Obvious Points of Attack and Vulnerabilityy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Chapter 8
Malware, cyberattacks and hacking tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
WEB Server/SQL Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Email and Web browsingg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Chapter 9
Physical security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Access tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Illegal-entry Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Physical Isolation of Assets: Layers of Defense . . . . . . . . . . . . . . . . . . . . . . . . . . 289
 Contents vii

Physical Protection of Materials and Information . . . . . . . . . . . . . . . . . . . . . . . 289

Critical Ancillary Subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Remote and Field Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Chapter 10
Operational security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Policies and Administrative Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Operational Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Trainingg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Recovery Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Annual Review w ...................................................... 308
Background Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Chapter 11
Computer systems & Network security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Chapter 12
Electric utility industry–specific cybersecurity issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Substation Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
IP to the Substation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
TASE.2/ICCP Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
UCA2 (IEC61850) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
DNP3.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
NERC 1200/1300 Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Chapter 13
Water/Wastewater industry–specific cybersecurity issues . . . . . . . . . . . . . . . . . . . . . . . . 377
Licensed Radio Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Nonsecure Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
PLC Equipment as RTUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Supervisory and Local Control Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Municipal LANs and WANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
Control Interfaces to Plant Control Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Chapter 14
Pipeline industry–specific cybersecurity issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Radio Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Smart RTUs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
RTU Program Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Supervisory Control Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
IP along the Pipeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Web Browsing and Email Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
viii Cybersecurity for SCADA Systems

Chapter 15
The cyberthreat to scada systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

Chapter 16
Commercial product vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403

Appendix A
U.S. Department of Energy’s “21 Steps to Improved SCADA Security” . . . . . . . . . . . . . . 409

Appendix B
NERC CIP—Recommendations for Electric Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Appendix C
Security Recommendations of the Instruments, Systems, and Automation Society
and the American Gas Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Recommendations of the AGA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Appendix D
Industry and Government Security Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Appendix E
SCADA System Security Assessment Checklists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
 Figures
Fig. 1–1. Simplified component diagram of a SCADA system . . . . . . . . . . . . . . . . . . 2
Fig. 1–2. Example bit-oriented message format (starting and ending portions only,
owing to actual large number of bits required in a full-length message). . . . . . . . . . . 4
Fig. 1–3. Example tabular operator display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Fig. 1–4. Example semi-graphic operator displayy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Fig. 1–5. Centralized, redundant SCADA system architecture . . . . . . . . . . . . . . . . 11
Fig. 1–6. Distributed SCADA system architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Fig. 1–7. Client/server SCADA system architecture. . . . . . . . . . . . . . . . . . . . . . . . . . 15
Fig. 1–8. Virtualized SCADA system implementations . . . . . . . . . . . . . . . . . . . . . . . 16
Fig. 1–9. SCADA as a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Fig. 1–10. SCADA without a SCADA system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Fig. 1–11. Generalized Information Flow within a Generic SCADA System . . . . 21
Fig. 2–1. Typical MTU console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Fig. 2–2. RTU contact output (control) types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Fig. 2–3. Evolution of smart RTU technology and capabilities . . . . . . . . . . . . . . . . 30
Fig. 2–4. RTU hierarchy using master and slave protocol combination . . . . . . . . 33
Fig. 2–5. Typical RTU multiline LCD and keypad . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Fig. 2–6. Example host definition of downloaded calculation functions . . . . . . . . 38
Fig. 2–7. Supervisory control of local regulatory control panels . . . . . . . . . . . . . . . 39
Fig. 2–8. Basic SCADA system and DCS architectures . . . . . . . . . . . . . . . . . . . . . . . 40
Fig. 2–9. IEC 61131 PLC/RTU configuration alternatives. . . . . . . . . . . . . . . . . . . . . 42
Fig. 2–10. Categories of typical RTU protocol message types . . . . . . . . . . . . . . . . . 51
Fig. 2–11. Simple RTU serial protocol architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Fig. 2–12. Network-based serial protocol architecture . . . . . . . . . . . . . . . . . . . . . . . 56
Fig. 2–13. Ethernet cable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Fig. 3–1. SCADA host with multiple master radios on separate frequencies . . . . 66
Fig. 3–2. Typical microwave-based private telephone system . . . . . . . . . . . . . . . . . 68
Fig. 3–3. Use of packet switching networks for SCADA communications . . . . . . 71
Fig. 3–4. Connection-oriented telephone circuits. . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Fig. 3–5. Using digital telephone circuits to bridge LANs . . . . . . . . . . . . . . . . . . . . . 73
Fig. 3–6. Frame relay and FRADs used to replace analog leased lines . . . . . . . . . . 75
Fig. 3–7. Spectral energy (frequency) distribution of spread-spectrum radio . . . 77
Fig. 3–8. Cellular data communications architecture . . . . . . . . . . . . . . . . . . . . . . . . . 79
Fig. 3–9. Frame-relay DLCI-to-IP-address mapping in routers . . . . . . . . . . . . . . . . 81
Fig. 3–10. FDDI counter-rotating ring design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
ix
x Cybersecurity for SCADA Systems

Fig. 3–11. Typical corporate IP network architecture . . . . . . . . . . . . . . . . . . . . . . . . 86

Fig. 3–12. Some of the basic protocols in the IP suite . . . . . . . . . . . . . . . . . . . . . . . . 89
Fig. 3–13. Site-to-site and remote-access VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Fig. 4–1. Software layers comprising a typical SCADA system host . . . . . . . . . . . 100
Fig. 4–2. Evolution of SCADA software with commercial software . . . . . . . . . . . 101
Fig. 4–3. SCADA system user account management utilityy . . . . . . . . . . . . . . . . . . 107
Fig. 4–4. SCADA configuration utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Fig. 4–5. Database point and calculated point creation utilityy . . . . . . . . . . . . . . . . 111
Fig. 4–6. Creating the tag database using a spreadsheet utility. . . . . . . . . . . . . . . . 112
Fig. 4–7. Graphical display editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Fig. 4–8. Application program interacting with HMI
via SCADA library functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Fig. 4–9. OPC client/server architecture and data-exchange alternatives . . . . . . 122
Fig. 4–10. Using a SQL-compliant database server to exchange SCADA data. . . . 124
Fig. 5–1. Example SCADA system control room console design . . . . . . . . . . . . . 130
Fig. 5–2. Typical RTU polling and communications diagnostic display. . . . . . . . 133
Fig. 5–3. SNMP-based RTU polling and communications diagnostic display . . . .134
Fig. 5–4. SCADA system operational status display . . . . . . . . . . . . . . . . . . . . . . . . . 135
Fig. 5–5. RTU current value displayy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Fig. 5–6. Point group display (bar graph mode). . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Fig. 5–7. Web-page operational display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Fig. 5–8. Geographic layout operational displayy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Fig. 5–9. Process-flow operational graphical displayy . . . . . . . . . . . . . . . . . . . . . . . . 143
Fig. 5–10. Display hierarchy and inter-display navigation . . . . . . . . . . . . . . . . . . . . 145
Fig. 5–11. GIS example SCADA displayy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Fig. 5–12. Alarm limit checking on a typical analog input point . . . . . . . . . . . . . . 149
Fig. 5–13. Typical current-alarm summary display window . . . . . . . . . . . . . . . . . . 151
Fig. 5–14. Using symbols or code letters to indicate measurement conditions . . . . 154
Fig. 5–15. Control-point tagging display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Fig. 5–16. Mechanical strip-chart pen recorder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Fig. 5–17. Data storage hierarchy for historical trending. . . . . . . . . . . . . . . . . . . . . 159
Fig. 5–18. Example historical trending display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Fig. 5–19. A typical SCADA system event log queryy . . . . . . . . . . . . . . . . . . . . . . . . 165
Fig. 5–20. Example of a spreadsheet report for a water utilityy . . . . . . . . . . . . . . . . 167
Fig. 5–21. Microsoft Windows Task Scheduler Utility. . . . . . . . . . . . . . . . . . . . . . . 168
Fig. 6–1. Communication interconnections to a SCADA system . . . . . . . . . . . . . 173
Fig. 6–2. Attacking and utilizing a legacy serial communication circuitt . . . . . . . 175
 Figures xi

Fig. 6–3. Attacking a SCADA system that is using IP-to-the-Field . . . . . . . . . . . . 176

Fig. 6–4. The OSI seven-layer model and IP equivalent-function layers . . . . . . . 179
Fig. 6–5. Performing NAT in a gateway computer . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Fig. 6–6. IP and TCP (or UDP) datagram header information . . . . . . . . . . . . . . . . 185
Fig. 6–7. IP datagram fragmentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Fig. 6–8. The internal structure of the IPv4 datagram header. . . . . . . . . . . . . . . . . 187
Fig. 6–9. The Zenmap network scanning tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Fig. 6–10. IP routing between PC network interfaces . . . . . . . . . . . . . . . . . . . . . . . 192
Fig. 6–11. Accidental bridging of LANs via dual-home connections . . . . . . . . . . 193
Fig. 6–12. Ethernet frame structure and contents. . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Fig. 6–13. Switched Ethernet LAN elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Fig. 6–14. Creating a broadcast storm in an Ethernet LAN N . . . . . . . . . . . . . . . . . . 199
Fig. 6–15. Using RSTP to re-establish LAN communications . . . . . . . . . . . . . . . . 199
Fig. 6–16. Tagged frames with different priority values . . . . . . . . . . . . . . . . . . . . . . 201
Fig. 6–17. Tagged and un-tagged Ethernet frames . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Fig. 6–18. Setting up a SPAN port on a switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Fig. 6–19. IEEE 802.1x port-based NAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Fig. 6–20. Using Syslog protocol to send logs to a SIEM . . . . . . . . . . . . . . . . . . . . . 205
Fig. 6–21. Using Wi-Fi at SCADA field sites for local communications . . . . . . . 207
Fig. 6–22. Cyber security measures if Wi-Fi must be used . . . . . . . . . . . . . . . . . . . 208
Fig. 6–23. Remote and local user access to a computer/system . . . . . . . . . . . . . . . 209
Fig. 6–24. Strong authentication options and technologies . . . . . . . . . . . . . . . . . . 211
Fig. 6–25. Encryption and decryption of a documentt . . . . . . . . . . . . . . . . . . . . . . . 215
Fig. 6–26. Using stream cipher to protect transmitted information . . . . . . . . . . . 216
Fig. 6–27. Key size increases time required to breakk . . . . . . . . . . . . . . . . . . . . . . . . 217
Fig. 6–28. Public and private key generation and exchange . . . . . . . . . . . . . . . . . . 217
Fig. 6–29. Public-private key encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Fig. 6–30. MS Windows Encrypted File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Fig. 6–31. Hash algorithm generating a message digest value . . . . . . . . . . . . . . . . 221
Fig. 6–32. Example of a public key (Base 64 encoded) . . . . . . . . . . . . . . . . . . . . . . . 222
Fig. 6–33. Example of an X.509 digital certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Fig. 6–34. Creating zones and network segmentation with firewalls . . . . . . . . . . 226
Fig. 6–35. Conceptual design of a media scanning 'kiosk' . . . . . . . . . . . . . . . . . . . 227
Fig. 7–1. Taxonomy of potential threat sources to a SCADA system . . . . . . . . . . 229
Fig. 7–2. Example of a spear phishing email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Fig. 7–3. Typical attack pathways for cyberattack . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Fig. 7–4. Classes of security and types of countermeasures . . . . . . . . . . . . . . . . . . 240
xii Cybersecurity for SCADA Systems

Fig. 7–5. US-CERT/CISA monthly vulnerability updates . . . . . . . . . . . . . . . . . . . . 245

Fig. 7–6. The MITRE Corporation’s ATT&CK™ Database . . . . . . . . . . . . . . . . . . . 246
Fig. 7–7. The MITRE Corporation’s IACS ATT&CK™ database . . . . . . . . . . . . . . 247
Fig. 8–1. The Metasploit framework with Armitage. . . . . . . . . . . . . . . . . . . . . . . . . 254
Fig. 8–2. Sample exploits from the Metasploit frameworkk . . . . . . . . . . . . . . . . . . . 255
Fig. 8–3. Using Metasploit to inject a VNC into a target computer . . . . . . . . . . . 256
Fig. 8–4. Kali Linux distribution with pen-testing tools . . . . . . . . . . . . . . . . . . . . . 257
Fig. 8–5. Buffer overflow attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Fig. 8–6. Stack smashing in an x86 CPU U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Fig. 8–7. Relational database tampering via SQL injection . . . . . . . . . . . . . . . . . . . 272
Fig. 9–1. Gates and fencing to control vehicle and personnel access . . . . . . . . . . 281
Fig. 9–2. Physical security layers for added security . . . . . . . . . . . . . . . . . . . . . . . . . 282
Fig. 9–3. Various forms of high-security key/lock systems . . . . . . . . . . . . . . . . . . . 283
Fig. 9–4. Typical electronic access-control door . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Fig. 9–5. Electronic, automated access-control
and intrusion-detection system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Fig. 9–6. Tamper-indicating/detection mechanisms . . . . . . . . . . . . . . . . . . . . . . . . 287
Fig. 9–7. Physical protection of roof areas with radio equipmentt . . . . . . . . . . . . . 292
Fig. 9–8. Physical protection of network cabling and components . . . . . . . . . . . . 293
Fig. 9–9. Power supply: typical configuration
and equipment interconnections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Fig. 11–1. Unified Threat Management appliance . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Fig. 11–2. Application proxy firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Fig. 11–3. Packet-inspection firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Fig. 11–4. Tracking TCP state for each session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Fig. 11–5. Ethernet switch with packet filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Fig. 11–6. Transparent firewall operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Fig. 11–7. Industrial protocol-aware firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Fig. 11–8. Industrial protocol detailed filteringg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Fig. 11–9. Cross-network vulnerabilities with IP to the field . . . . . . . . . . . . . . . . . 325
Fig. 11–10. NIDS components and structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Fig. 11–11. Using network taps for message collection . . . . . . . . . . . . . . . . . . . . . . 328
Fig. 11–12. Network intrusion detection and prevention system . . . . . . . . . . . . . 329
Fig. 11–13. Host-based intrusion detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Fig. 11–14. SNMP Client and Agent communications . . . . . . . . . . . . . . . . . . . . . . 334
Fig. 11–15. SNMP client software (network monitor) from SolarWinds™. . . . . . 336
Fig. 11–16. Simplified block-diagram of a SIEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Fig. 11–17. SNTP server on the LAN, with GPS time source . . . . . . . . . . . . . . . . 342
 Figures xiii

Fig. 11–18. Using a data diode to forward data safely . . . . . . . . . . . . . . . . . . . . . . . 344

Fig. 11–19. Establishing a DMZ to isolate the SCADA system . . . . . . . . . . . . . . . 345
Fig. 11–20. Setting port security on a Cisco switch port . . . . . . . . . . . . . . . . . . . . . 346
Fig. 11–21. Using IEEE 802.1x port-based NAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Fig. 11–22. Using Syslog messages to monitor network elements . . . . . . . . . . . . 349
Fig. 11–23. Blocking unnecessary ports in Windows . . . . . . . . . . . . . . . . . . . . . . . . 352
Fig. 11–24. Windows local security policy setting groups . . . . . . . . . . . . . . . . . . . 353
Fig. 11–25. Windows security policy templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Fig. 11–26. Possible incorrect placement of NIDS sensor when VPN is used d . . . . 356
Fig. 11–27. Accessing VLANs using pre-tagged frames . . . . . . . . . . . . . . . . . . . . . 357
Fig. 11–28. The “hosts” and “lmhosts” files in Windows . . . . . . . . . . . . . . . . . . . . . 359
Fig. 11–29. Using a KVM to support multi-computer access. . . . . . . . . . . . . . . . . 361
Fig. 12–1. Generalized block diagram of an electric utility SCADA system m . . . . 365
Fig. 12–2. Electrical transmission substation circa 1990 . . . . . . . . . . . . . . . . . . . . . 367
Fig. 12–3. Substation information consolidation (substation automation) . . . . . 370
Fig. 12–4. IP networking to the substationn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Fig. 13–1. SCADA system block diagram for the water/wastewater industry . . . .378
Fig. 13–2. Using portable equipment to hijack a remote site . . . . . . . . . . . . . . . . . 381
Fig. 13–3. Evolution of PLC programming and configuration downloading . . . 383
Fig. 13–4. Using serial link cryptographic transceivers . . . . . . . . . . . . . . . . . . . . . . 385
Fig. 13–5. Example MAN shared by a municipal utility SCADA system. . . . . . . 387
Fig. 14–1. Generalized architecture of a pipeline SCADA system . . . . . . . . . . . . 390
Fig. 14–2. Evolution of pipeline communications technologies . . . . . . . . . . . . . . 392
Fig. 15–1. Cyber event categorizations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Fig. 16–1. The CVE database Web site based on MITRE data . . . . . . . . . . . . . . . . 404
Fig. 16–2. CVE vulnerability listing for Windows XP. . . . . . . . . . . . . . . . . . . . . . . . 405
Fig. 16–3. Microsoft security bulletin Web site—example bulletin. . . . . . . . . . . . 405
Fig. 16–4. The CVE Details Web page for Enterprise Linux vulnerabilities . . . . 406
Fig. 16–5. NIST National Vulnerability Database (NVD) . . . . . . . . . . . . . . . . . . . . 407
Fig. 16–6. Cisco’s product support site for CVE assessment & support . . . . . . . 408
 Tables
Table 1–1. Trends in the evolution of system architecture . . . . . . . . . . . . . . . . . . . . 16
Table 4–1. Standard operating system administrative utilities. . . . . . . . . . . . . . . . 103
Table 4–2. SCADA configuration maintenance and management utilities. . . . . 107
Table 4–3. Typical SCADA application programming library functions . . . . . . . 119
Table 6–1. Ethertype values for some notable protocols . . . . . . . . . . . . . . . . . . . . . 196
Table 7–1. Example social engineering techniques used by attackers . . . . . . . . . 233
Table 7–2. Most troublesome vulnerabilities in the past decade . . . . . . . . . . . . . . 242

xv
 Preface

I n the 1960s, when the first computer-based supervisory control and data acqui-
sition systems (SCADA) were being developed, there was no cultural concept of
needing to provide any particular protective measures to keep such systems safe
from intentional attacks. After all, why would someone want to disrupt the opera-
tion of such systems? The world was a different place, and the computer expertise to
work on, or with, such systems was a rare commodity. The only protective consid-
erations built into those systems were ones instituted in order to minimize or elim-
inate the impact of user errors. Not so today. Computers have become commodity
appliances, and computer expertise far more commonplace. In addition, there are
people that have technical expertise and, for a variety of reasons, choose to use it
to inflict damage. Or worse still, there are those who wish to use such expertise to
cause serious harm to the United States government and citizens. The Internet,
a world-spanning communications technology that should be a positive force to
unite cultures and peoples, is also being used as a means to reach into our computer
systems by such people. Much of our critical industrial infrastructure is managed
and controlled by SCADA systems, and thus it is now essential that we place pro-
tective measures into and around these systems. This book is intended to provide
a general background of SCADA system technology, cybersecurity concepts and
technologies, and how the two can be brought together to safeguard our infra-
structure and computer automation systems. In this second revision of the book,
I have included a great deal more information about implementing cybersecurity
protections and about technical countermeasures. This revision also takes advan-
tage of the evolved industry-specific cybersecurity standards that have emerged
since the initial printing, especially in the electric power and oil-and-gas pipeline
industry sectors. There have also been many technological changes in commu-
nications and networking and other areas of computer science since the original
publication. I have tried to capture applicable changes in this revision.

xvii
 Acknowledgements

T he author would like to acknowledge all of the people that assisted in the writ-
ing of this book and, in particular, my wonderful and understanding wife, who
put up with the long nights and weekends spent writing, editing, and proofing this
manuscript. I would also like to thank the people at PennWell, who encouraged
me to update this book and who helped in editing it into a suitable, professional-
looking document.

xix
 Introduction
Industrial Automation
in the Aftermath of 9/11

W ithout the events of September 11, 2001, there might not have been a need for
this book, or at least for such a book this soon. Up until the events of that day,
the people and government of the United States held the belief that we were iso-
lated and insulated from the foreign governments and “true believers” that might
wish us harm. It is true that for many years we had been witnessing a growing prob-
lem of computer hackingg and the regular introduction of computer worms, viruses,
and other forms of malware over the Internet. But these activities were not per-
ceived as serious, intentional attacks on our country or infrastructure. After 9/11,
everything changed. We now know that there are people and groups that will spend
the time and money to create havoc and terror in order to advance their political,
social, or religious agendas. In response to the events of 9/11, the Department of
Homeland Security (DHS) was formed and given the responsibility for protect-
ing us from these people and organizations. One of the results of the work being
done by the DHS was the recognition that the vast majority of our industrial and
manufacturing facilities, technological infrastructure, transportation systems, and
energy infrastructure are run and controlled by computer-based systems—and
that these systems (mainly SCADA and DCS/PLC systems) were not designed with
any intrinsic protective mechanisms. This is not to say that such systems were/are
fragile or even readily accessible to an attacker. The vendors of these systems have
generally designed them to be robust and capable of continued operation even with
some level of component failures or damage. This was essential because of the criti-
cal or essential nature of the processes being controlled by such systems.
Designers of computer-based automation and control systems have always
known that computers, and electronic devices in general, can and will fail. Thus,
system designs have long accounted for this possibility through redundancy
schemes and architectures that permitted “graceful
“ degradation.” In the early years
of computer-based automation systems, these systems were typically employed in
a “stand alone” configuration without any communications with, or interfaces to,
other computer systems. The only way that a remote cyberattacker/hacker could
access such systems would have been if a dial-in telephone circuit had been sup-
plied with the system, for the purpose of providing remote support by the system
vendor. But, as computer and networking technology became pervasive and ubiq-
uitous in all aspects of modern business enterprises, these automation systems
started to be interfaced with corporate networks, business systems, and eventually,
even to the Internet itself. This evolutionary process has provided cyberattackers
with much greater access to these critical automation systems.
xxi
xxii Cybersecurity for SCADA Systems

Since this book’s initial publication, we have become aware that hostile nation-
states are actively supporting and funding hacking activities in order to steal our
intellectual property and trade secrets, disrupt our elections, gain access to our
bank accounts and credit cards, and generally establish remote access into business
and governmental computer systems (including those of the military). Since the
initial publication of this book, there have been numerous documented instances,
around the globe, of cyberattacks on power grids, industrial facilities, water distri-
bution systems, and communication systems. So, providing adequate and effective
cybersecurity for our SCADA systems is even more important than ever.
The world of computer-based automation systems can be divided into two
broad classes: those systems used with processes that are spread over a large geo-
graphical area (and thus require the use of wide-area communications technology)
and those systems that manage processes that are geographically constrained (and
thus can use local-area communications technology). The first type of system is
called a Supervisory Control And Data Acquisition system (SCADA) and is used
in applications such as gas and liquid pipelines, electric power transmission and
distribution, and water distribution systems. The second type of system is called
a Distributed Control System (DCS) and is used in plant automation applications
such as refining, steel production, paper and pulp, food and beverage, bulk and fine
chemicals, etc. A variation of this second type of system is based on Programmable
Logic Controller (PLC) technology. Almost every high-volume manufacturing
facility is automated using PLC control system technology. The DHS has initially
focused its efforts on cybersecurity for SCADA systems, and therefore SCADA
system cybersecurity will be the focus of this book, although many of the issues
and principles will be directly relevant and applicable to DCS systems as well.
 1
The technological evolution
of scada systems

The Early History of SCADA—Mainframes

S upervisory control and data acquisition (SCADA) systems are used to monitor
and remotely control critical industrial processes, such as gas pipelines, electric
power transmission, and potable water distribution/delivery. As such, SCADA sys-
tems are important to our daily lives, even though most people never see them or
even know of their existence.
To properly understand what SCADA systems are, how they came to be, and
why they are designed the way they are, one needs a basic understanding of the
history of SCADA system development. It is also helpful to know why things
have evolved and what factors have pushed this evolution. Computer-based
supervisory control systems were introduced in the 1960s, and the first such sys-
tems were based on the mainframe computer technology available at the time.
These systems were not yet called SCADA systems, as that particular acronym
did not come into general use until the 1980s. SCADA systems were developed
to replace older technologies (e.g., tone telemetry) and to provide features and
functions that required computational and logical capabilities. The incorpora-
tion of a computer into telemetry systems provided a means for manipulating,
processing, storing, and presenting data that could not be provided with previ-
ous technologies.
In the late 1960s, the integrated circuit had been invented, making it possible to
build complex and sophisticated (for the time) electronic devices, including main-
frame computers. By their nature and purpose, SCADA systems are intended to
provide a human operatorr with updating real-time information about the current
state of the remote process being monitored, as well as the ability to manipulate
the process remotely. There were four basic major components in a 1960s SCADA
system (fig. 1–1): the usually fully redundant central computer (also called the host
computer or master), the field-based remote measurement and control equipment
(called remote terminal units [RTUs]), the wide-area telecommunications system
to connect them, and the operator interface that provided user/operator access to
the system (also called the operator console, human-machine interface [MMI], and
1
2 Cybersecurity for SCADA Systems

later, in a more politically correct age, human-machine interface [HMI]). Although

computer and communications technologies have advanced since the 1960s, even
modern SCADA systems have a similar architectural basis.

Fig. 1–1. Simplified component diagram of a SCADA system

To provide real-time data updates from the field, a SCADA system needs
remote sensory and communications capabilities. Electronic devices called RTUs
are located at each point where measurements are to be taken or where process
equipment is to be controlled. The central computer continuously, cyclically polls
the field-based RTUs to fetch their current measurement values and status indi-
cations. Polling is the process of sending a message to an RTU, to elicit a response
message containing updated values, and repeating that operation with subsequent
 Chapter 1 The technological evolution of scada systems 3

RTUs, until all have been processed. Then, that sequence is repeated over and
over, endlessly, presumably providing the SCADA operational personnel with a
near-real-time view of the process being supervised and controlled. In the earliest
SCADA systems, RTUs were essentially nothing more than remotely located I/O
equipment that could read and transmit inputs and receive commands to generate
outputs. That remained the case in the electric power transmission industry well
into the 1990s. Other industry segments made strides in enhancing and utilizing
the intelligence and capabilities of their RTU devices starting in the 1970s.
The RTUs designed in the 1960s, some of which remain in use today, were very
simple electronic devices with a severely limited set of hardwired functions. They
were ‘digital’ from the standpoint of being built from discrete logic gates (and, or,
xor, nor, latch, not, flip-flops, etc.) but they contained no microprocessor or stored
program logic. Normally, RTUs are equipped with input/output (I/O) hardware cir-
cuitry that enables the measurement of electrical signals generated by devices that
produce voltages or currents in proportion to a physical process parameter such as
pressure, flow rate, level, or temperature. (The term transmitterr is often used for the
device that produces an electrical signal proportional to the value of a physical prop-
erty.) RTUs are also able to generate control outputs, either as voltage or current
signals, or in the form of switch/contact closures. Output control signals are initi-
ated or adjusted by the RTU upon receipt of a command from the central computer,
usually initiated by a human operator. In order for the RTUs and the central host
computer to exchange data and control commands, there needs to be a communica-
tions system to allow messages to be sent/received over large distances, as well as an
agreed-on message format and predefined set of messages and responses.
SCADA system designers in the 1960s had to use the currently available long-
distance telecommunications technologies of the time, and that meant either the
telephone company (“Ma Bell”) technology or licensed radio technology. Frequently,
the RTU equipment (and the process being monitored and controlled) was located
in remote areas where no telephone service was available and possibly too great a
distance from the SCADA operations/control center to reliably employ radio com-
munications. In those instances, the process owner (e.g., a pipeline company or an
electric utility) would build their own telephone system, using the same equipment
that the telephone company would have employed (microwave relay towers, signal
multiplexers, etc.).
Analog telephone and analog radio technologies were designed for voice
(sound) communications. Thus, SCADA systems required the use of MODEMs to
turn computer and RTU electrical signals into sounds. In the late 1960s, MODEM
technology was restricted to very low data transmission rates, typically 110–
300 bits per second. The RTUs in the 1960s were electronic, and constructed with
digital components, but not computer-based, so they had to be hardwired to sup-
port a simple set of messages for exchanging data with the central host computer.
Further, since most communications would take place at 1200 bits per second
(bps) or less, keeping messages short was essential. The set of messages that could
4 Cybersecurity for SCADA Systems

be sent to the RTUs and the set of messages that the RTUs could generate together
define a communications protocol. In the 1960s, vendors of SCADA systems had
to design and build their own RTUs and thus also defined their own (proprietary)
communications protocol(s). In certain industries today (primarily the electric
utilities), there are still RTUs utilizing some of these old, obsolete protocols—often
referred to as legacy protocols.
In the 1960s, the universal asynchronous receiver transmitter (UART) chip had
not yet been invented, and microprocessors were just beginning to be invented, so
it was up to each vendor to decide the format of their protocol messages (i.e., how
many bits in a message). To simplify the electronic design of the RTUs, most ven-
dors elected to send all available numeric (analog) or binary (status) data in sin-
gle, long, many-bit messages (fig. 1–2). This would mean messages of 74, 96, 123,
or some other extended number of bits. In essence, a response to a polling mes-
sage from the SCADA host was the transmission of the current values of all of the
inputs (analog and status/digital), sent as one long message. These early protocols
have very few message types and variations (all of which were built into the RTU
hardware), and data values were either single bit or an 8 bit binary integer.

Fig. 1–2. Example bit-oriented message format (starting and ending portions only,
owing to actual large number of bits required in a full-length message)

These bit-orientedd protocols fell out of favor with the invention of the UART
chip (and microprocessors), but as previously mentioned, some of these legacy
bit-oriented protocols remain in limited use today. These types of protocols usually
require the use of specially designed interfaces that can receive and generate the
necessary long-bit-sequences. Specially programmed single-board computers are
often used for this task. Most ‘serial’ RTU protocols still used today are based on
constructing the messages using some integral number of 8 bit octets/bytes which
are suitable for asynchronous serial transmission via UART circuits. Although they
normally don’t come as a standard interface anymore, computers today can still be
equipped with RS-232 serial ports (called ‘COM:’ ports in the Windows® operating
or designated as “ttyS0, ttyS1, etc.” in a Linux operating system all of which employ
UART circuitry to make them function. Protocols based on messages that use an
integral number of octets are generally called character-oriented protocols. You
will also occasionally hear these two different types of protocols referred to as syn-
chronous and asynchronous protocols, but this is not technically accurate. In fact,
 Chapter 1 The technological evolution of scada systems 5

both are asynchronous (meaning the time between messages is highly variable and
so you can’t predict when the next one will arrive), but one uses message frames
that are an even multiple of octets (8 bits) and the other some vendor-defined
frame consisting of a large number of bits (usually several dozens). The differ-
ences between these two categories of protocols will be discussed in more detail
in a later chapter. Just understand that character-oriented serial protocols can be
sent and received with conventional ‘COM:’ (RS-232) serial ports whereas the bit-
oriented (long frame) protocols require specialized hardware for transmission and
reception. It was common to use external hardware (a single-board computer) to
receive these bit-oriented messages and then break them into octet multiples and
send each octet as a separate character into a standard ‘COM:’ port or a standard
“tty#” port. And the process was reversed for transmitted messages.
A SCADA system is used to fetch and present current data values to a human
operator. The time required to refresh the measurement data in a SCADA system
that represent the current state of the remote process, through the polling of RTUs,
depends on several factors:
• The bit rate (110, 300, or 1,200 bps) of the polling communication
circuit(s)
• The number of RTUs sharing a given communications circuit
• The length (in bits) and number of messages exchanged in the polling
process
• The number of communication circuits being used sequentially or
concurrently
• The time delay characteristics (latency) of the communication circuits
This is for polling over low-bandwidth serial communication circuits. If
high-bandwidth (a.k.a. broadband) communications are being used to communi-
cate with field sites, then the most important factor is the last one in the list above.
The protocol used by a SCADA host to communicate with its RTUs can be
designed to permit multiple RTUs to share a common communication circuit,
much like a party-line telephone circuit (if you’re old enough to remember what
those were). This means that the protocol incorporates some mechanism (usually
an RTU identification number [ID] in the message) that allows a given RTU to iden-
tify which messages are intended for that RTU and to ignore messages addressed
to other RTUs on a shared circuit. Placing multiple RTUs on communication cir-
cuits reduces the required number of such circuits, but it can lengthen the time
required to poll all RTUs for their current data values. Most SCADA systems that
support multiple polling circuits are designed to poll RTUs on all of these circuits
concurrently. Thus, if there are x circuits, the SCADA host can be polling x RTUs
concurrently (i.e., one on each circuit).
In some industries, the process dynamics are such that a human operator (or
supervisory application program) monitoring and controlling the process through
a SCADA system needs to have fresh measurements more frequently than with
Another random document with
no related content on Scribd:
climate, upon an equal soil, freely pasture his herds and flocks where
he pleases, and love his neighbor better than himself.

OUR FARMERS.

The test of profitable farming is the state of the account at the end
of the year. Under free trade the evidence multiplies that the English
farmer comes to the end of the year with no surplus, often in debt,
bare and discontented. Their laborers rarely know the luxury of
meat, not over sixteen ounces per week,[87] and never expect to own a
rood of the soil.
But under the protective policy the American farmer holds and
cultivates his own land, has a surplus at the end of the year for
permanent investments or improvements, and educates and brings
up his sons and daughters with the advantages and comforts of good
society. There are more American houses with carpets than in any
other country of the world. I believe it will not be disputed that the
down-trodden tillers of the soil in Great Britain are not well fed; that
they are coarsely underclad, and that for lack of common-school
culture they would hardly be regarded as fit associates here for
Americans who drive their teams afield, or for the young men who
start in life as laborers upon farms. The claim that free trade is the
true policy of the American farmer would seem to be, therefore, a
very courageous falsehood.
It is an unfortunate tendency of the age that nearly one-half of the
population of the globe is concentrated in cities, often badly
governed, and sharply exposed to extravagance, pauperism,
immorality, and all the crimes and vices which overtake mankind
reared in hot-beds. I would neither undervalue the men of brilliant
parts, nor blot out the material splendor of cities, but regret to see
the rural districts depopulated for their unhealthy aggrandizement.
Free trade builds up a few of these custom-house cities, where gain
from foreign trade is the chief object sought, where mechanics,
greater in numbers than any other class, often hang their heads,
though Crœsus rolls in Pactolian wealth, and Shylock wins his pound
of flesh; but protection assembles artisans and skilled workmen in
tidy villages and towns, details many squadrons of industry to other
and distant localities, puts idle and playful waterfalls at work, opens,
builds up, and illumines, as with an electric light, the whole interior
of the country; and the farmer of Texas or of New England, of Iowa
or of Wisconsin, is benefited by such reinforcements of consumers,
whether they are by his side or across the river, at Atlanta or South
Bend, at Paterson or at Providence. The farmers own and occupy
more than nineteen-twentieths of our whole territory, and their
interest is in harmony with the even-handed growth and prosperity
of the whole country.
There is not a State whose interests would not be jeopardized by
free trade, and I should like to dwell upon the salient facts as to
Missouri, Kansas, Indiana, Alabama, Illinois, and many other States,
but I shall only refer to one. The State of Texas, surpassing empires
in its vast domains, doubling its population within a decade, and
expending over twenty million dollars within a year in the
construction of additional railroads, with a promised expenditure
within the next fifteen months of over twenty-seven millions more,
has sent to market as raw material the past year 12,262,052 pounds
of hides, 20,671,639 pounds of wool, and 1,260,247 bales of cotton.
Her mineral resources, though known to be immense, are as yet
untouched. Her bullocks, in countless herds on their way to market,
annually crowd and crop the prairies from Denver to Chicago. But
now possessed of a liberal system of railroads, how long will the
dashing spirit of the Lone Star State—where precious memories still
survive of Austin, of Houston, of Rusk, and of Schleicher—be content
to send off unmanufactured her immense bulk of precious raw
materials, which should be doubled in value at home, and by the
same process largely multiply her population? With half as many in
number now as had the original thirteen, and soon to pass our
largest States, wanting indefinite quantities of future manufactures
at home, Texas should also prepare to supply the opening trade with
Mexico, in all of its magnitude and variety, and far more worthy of
ambition than in the golden days of Montezuma.
No State can run and maintain railroads unless the way-stations,
active and growing settlements and towns, are numerous enough to
offer a large, constant, and increasing support. The through business
of long lines of railroads is of great importance to the termini, and
gives the roads some prestige, but the prosperity and dividends
mainly accrue from the local business of thrifty towns on the line of
the roads. It is these, especially manufacturing towns, which make
freight both ways, to and from, that free trade must ever fail to do,
and while through freights, owing to inevitable competition, pay little
or no profit, the local freights sustain the roads, and are and must be
the basis of their chief future value. Without this efficient local
support, cheap and rapid long transportation would be wholly
impracticable.
The Southern States, in the production of cotton, have possibly
already reached the maximum quantity that can be cultivated with
greatest profit, unless the demand of the world expands. A short crop
now often brings producers a larger sum than a full crop. The
amount of the surplus sent abroad determines the price of the whole
crop. Production appears likely soon to outrun the demand. Texas
alone has latent power to overstock the world. Is it not time,
therefore, to curtail the crop, or to stop any large increase of it, while
sure to obtain as much or more for it, and to turn unfruitful capital
and labor into other and more profitable channels of industry? The
untrodden fields, where capital and labor wait to be organized for the
development of Southern manufactures and mining, offer unrivaled
temptations to leaders among men in search of legitimate wealth.
The same facts are almost equally applicable to general
agriculture, but more particularly to the great grain-growing regions
of the West. A great harvest frequently tends to render the labor of
the whole year almost profitless, whenever foreign countries are
blessed with comparatively an equal abundance. The export of corn
last year in October was 8,535,067 bushels, valued at $4,604,840,
but the export of only 4,974,661 bushels this year brings $3,605,813.
An equal difference appears in the increased value of exports of flour.
A much larger share of crops must be consumed nearer home, if any
sure and regular market is to be permanently secured. The foreign
demand, fitful and uncertain as it is, rarely exceeds one-twentieth of
even the present home requirements, and the losses from long
transportation, incident to products of great bulk, can never be
successfully avoided except by an adequate home demand.
Farmers do not look for a market for grain among farmers, but
solely among non-producing consumers, and these it is greatly to
their interest to multiply rather than to diminish by forcing them to
join in producing or doubling crops for which there may be an
insufficient demand. Every ship-load of wheat sent abroad tends to
bring down foreign prices; and such far-off markets should be sought
only when the surplus at home is excessive or when foreign prices
are extraordinarily remunerative.
The wheat regions of the West, superb as they undoubtedly are, it
is to be feared, have too little staying character to be prodigally
squandered, and their natural fertility noticeably vanishes in the rear
unless retained by costly fertilizers almost as rapidly as new fields
open in front. Some of the Middle States as well as the New England,
though seeking fertilizers far and near, already look to the West for
much of their corn and bread; and there is written all over Eastern
fields, as Western visitors may read, the old epitaph, “As we are now
so you may be.” It will take time for this threatened decadence, but
not long in the life of nations. The wheat crop runs away from the
Atlantic coast to the Pacific, and sinks in other localities as it looms
up in Minnesota, Nebraska, and Dakota. Six years of cropping in
California, it is said, reduces the yield per acre nearly one-half.
There was in 1880 devoted to wheat culture over thirty-five million
acres, or nearly double the acreage of 1875. In twenty-five years a
hundred million people will more than overtake any present or
prospective surplus, and we may yet need all of our present
magnificent wheat fields to give bread to our own people. Certainly
we need not be in haste to slaughter and utterly exhaust the native
fertility of our fields on the cheap terms now presented.
England, with all her faults, is great, but unfortunately has not
room to support her greatness, and must have cheap food and be
able to offer better wages or part with great numbers of her people. I
most sincerely hope her statesmen—and she is never without those
of eminence—will prove equal to their great trust and to any crisis;
but we cannot surrender the welfare of our Republic to any foreign
empire. Free trade may or may not be England’s necessity. Certainly
it is not our necessity; and it has not reached, and never will reach,
the altitude of a science. An impost on corn there, it is clear, would
now produce an exodus of her laboring population that would soon
leave the banner of Victoria waving over a second-rate power.
Among the nations of the world the high position of the United
States was never more universally and cordially admitted. Our rights
are everywhere promptly conceded, and we ask nothing more. It is
an age of industry, and we can only succeed by doing our best. Our
citizens under a protective tariff are exceptionally prosperous and
happy, and not strangers to noble deeds nor to private virtues. A
popular government based on universal suffrage will be best and
most certainly perpetuated by the elevation of laboring men through
the more liberal rewards of diversified employments, which give
scope to all grades of genius and intelligence and tend to secure to
posterity the blessings of universal education and the better hope of
personal independence.
 Speech of Hon. J. D. Cameron, of Penna.

On the Reduction of Revenue as Affecting the Tariff. Delivered in the

United States Senate January 16, 1882.
Mr. Cameron, of Pennsylvania. I move to take up the resolution
submitted by me in relation to internal-revenue taxes.
The motion was agreed to; and the Senate proceeded to consider
the following resolution submitted by Mr. Cameron, of
Pennsylvania, December 6, 1881:
Resolved, That in the opinion of the Senate it is expedient to
reduce the revenue of the Government by abolishing all existing
internal revenue taxes except those imposed upon high wines and
distilled spirits.
Mr. Cameron, of Pennsylvania. Mr. President, the surplus revenue
of this Government applicable to the payment of the public debt for
the year ending June 30, 1881, was $100,069,404.98.
The inference from these figures must be that if such surplus
receipts are applied to the reduction of the debt it will be paid within
ten or twelve years. The question then is: Should the people continue
to be taxed as heavily as they now are to pay it off within so short a
period? Is it wise or prudent?
No one will deny the wisdom of the legislators who inaugurated
the system of reducing the debt, or the patriotism of the people who
have endured a heavy load of taxation to pay the interest and reduce
the principal of such indebtedness. Both have been causes of wonder
to the world, and have shown the strength, honesty, and prudence
attainable under a republican form of government in matters where
it was thought to be weak. It is acknowledged that the course thus
pursued by Congress, and supported by the people, has had several
good results. The exercise of the power of the Government and the
cheerful submission to the enacting nature of the laws by the people
has had an undoubted tendency to elevate and strengthen the moral
tone of the nation, giving the people more confidence in each other,
and compelling the approval of the world. It has reduced the
principal sum of our national indebtedness until it is entirely within
the ready control of the financial ability of the people either to pay off
or to pay the interest thereon. It has established the credit of the
country, and brought it up from a position where the 6 per cent. gold
bonds of the United States before the war would not command par to
a present premium of 17 per cent, on a 4 per cent. bond, and to the
ready exchange of called 6 per cent. bonds into new ones bearing 3½
per cent. interest. It has demonstrated the ability of the country not
only to carry on a most expensive internal war, but to pay off its cost
in a time unknown to any other people; and further, that the ability
of the country to furnish men and material of war and to meet
increased financial demands is cumulative. The burden carried by
this country from 1861 to the present day has been much greater
than it would be if laid upon this nation and people from 1881 to
1900.
The burden, therefore, of the present debt would fall but lightly on
the country if the payment thereof should be for a time delayed, or
the rate at which it has been paid be decreased. It thus becomes a
question of prudence with the Government whether they will
continue the burden upon the people, or relieve them of part of it.
The burdens of general taxation borne by the people are very
onerous. They have not only the General Government to sustain, on
which devolves the expenses of legislation, of the Federal judiciary,
of the representatives of our country in all the principal governments
and cities of the world, of the management of such of our internal
affairs and conveniences as belong to Congress, the keeping up of our
Army and Navy, the erection of public buildings, the improvement of
the rivers and harbors, and many other items that require large
annual expenditures. With the increase of population and the filling
up of our unoccupied lands almost all these annual outlays and
expenses will tend to increase in place of decreasing, and all such
expenditures must be in some way met by the people of the country.
They have also to sustain their State governments with the expenses
and outlays incident to them, their legislatures, judiciaries,
penitentiaries, places of reform, hospitals, and all means of aiding
the afflicted, to sustain the common schools, to pay the cost of such
improvements of rivers, of canals, of railways, or of roads as the
States may undertake. They have also the heavy cost to meet of city
governments, of county, town and borough governments; they must
pay the inferior Legislatures, erect buildings, provide water, police,
jails, poor-houses, and build roads and take care of them.
On the liberality of the people the country depends for the building
of charitable institutions, universities, colleges, private schools of
high grade, and every variety of relief to the poor and the afflicted. In
addition to these burdens almost all the States, most of the large
cities, and many of the counties and towns in the States still labor
under the burdens of indebtedness incurred during the war to
sustain the General Government, which indebtedness, incurred on
the then value of paper currency, has now to be paid in gold. They
have not had the means at command to pay off much of such
indebtedness like the General Government, nor to refund it at a
lower rate of interest. The superior credit of the General Government
has been made partially at the expense of the local governments. I
have stated these facts that Senators might keep in mind that the
question should not be considered as merely one of our ability to
reduce our indebtedness by paying off annually one hundred
millions of dollars and by continuing our present laws for raising
revenues, as if it were but a small matter for the people to do, but it
should be considered in connection with the total burden of taxation
imposed by the revenue laws of the General Government, as well as
by those of the State and the subordinate governments within their
bounds.
There is, therefore, a strong argument to be found in these facts of
the other burdens of taxation borne by the people in favor of
reducing the amount of revenue applicable to the payment of the
public debt when it can be done without injury to the credit of the
Government and without risking in the least the ability of the
Government either to pay such indebtedness as it matures or to
interfere with the ability of the Government to fully provide for the
wants of the country as they may be developed. A complete
statement of the percentage of taxation borne by each male citizen of
the United States over twenty-one years of age in the various ways
stated would astound the Senate and the country. There is probably
no country in the world where the taxation direct and indirect is so
heavy, and only a people situated and circumstanced as the
American people are could prosper under such a burden. If no other
reason could be advanced in favor of a reduction of the amount of
moneys derived from our internal-revenue laws than this one of
reducing the burdens of the people, it would be amply sufficient, in
my judgment, to warrant the proposed reduction. Yet I will say
frankly that I have another object in wishing to have the internal
revenue reduced, and I hope before long that every vestige of that
system will cease to exist. That object is to prevent any material
change being made in the tariff upon imports as it now exists, for
upon its existence depends the prosperity, the happiness, the
improvement, the education of the laboring people of the country,
although I do not object to a careful revision of it by a competent
commission.
I want to say a word here about the arrears of pension act. This act
never should be repealed, and in my judgment it never will or can be.
It has lately been held up to contempt by that class of people who
twenty years ago were engaged in exhorting these same pensioners to
go to the front, and who now object to rewarding them; but their
opinion is not shared by the people at large; in fact, no more
essentially just law was ever placed upon the statute book. Its effect
is simply and solely to prevent the Government from pleading the
statute of limitation against its former defenders. It did not increase
the rate of pensions in any way whatever, but merely said that a man
entitled to a pension for physical injury received in Government
service should not be debarred from receiving it because he was late
in making his application. To the payment of these pensions every
sentiment of honesty and gratitude should hold us firmly committed.
My friend the Senator from Kentucky [Mr. Beck] is very honest, is
generally very astute, and has great capacity as a leader. My personal
friendship makes me desire his success, and as an individual I want
him to be the recipient of all the honors his party can bestow upon
him, but I am very sure that he is now opposing a measure that is
intended to promote the welfare of and is in accord with the wishes
of the people of the country. He is leading his party astray, he is
holding it back, he is tying it to the carcass of free trade.
 Politically I am glad that he is; on his own account I regret it. He is
opposing the principle of protection, and, in my judgment, no man
can do that and retain the support of the people. No party can to-day
proclaim the doctrine of “a tariff for revenue only” and survive.
Opposition to an earnest prosecution of the war for the suppression
of the rebellion failed to destroy the Democratic party because of the
recruits it received from the South, but opposition to the doctrine of
protection to American productions, hostility to the elevation of
American labor, no party in this enlightened day can advocate and
live. I am astonished that the Democratic party does not learn by
experience. The “tariff-for-a-revenue-only” plank in the Cincinnati
platform lost it Indiana, lost it New York, and in 1884 it will lose it
one-half of the Southern States.
The President pro tempore. The morning hour has expired. Is it
the pleasure of the Senate that unanimous consent be given to the
Senator from Pennsylvania to proceed with his remarks?
Mr. Beck. I move that unanimous consent be granted.
The President pro tempore. The Chair hears no objection, and
the morning hour will be continued until the Senator from
Pennsylvania closes his remarks.
Mr. Cameron, of Pennsylvania. The great question of protection to
American labor will be the question which will obliterate old
dissensions and unite the States in one common brotherhood. The
Democratic party has made its last great fight. It will struggle hard,
and in its death throes will, with the aid of a few unsuccessful and
disappointed Republicans, possibly have temporary local successes,
but death has marked it for its victim, die it will, and on its tomb will
be inscribed, “Died because of opposition to the education, the
elevation, the advancement of the people.”
The historic policy of this country has been to raise its revenues
mainly from duties on imports and from the sale of the public lands.
There are many reasons in favor of this policy. It is more just and
equal in its burdens on the States and on the people; it is less
inquisitorial, less expensive, less liable to corruption; it is free from
many vexed questions which our experience of twenty years in
collecting internal revenue has developed. The internal revenue
brings the General Government in contact with the people in almost
every thing they eat, wear, or use. The collection of revenue by duties
on imports is so indirect as to remove much of the harshness felt
when the citizen comes in direct contact with the iron grip of the law
compelling him to affix a stamp to what he makes or uses. No one
will question the fact that the collection of internal duties
unfavorably affected the general morals of the nation.
The internal revenue laws were adopted by the Government as a
war measure, as an extraordinary and unusual means of raising
money for an emergency, and it is proper and in accordance with
public opinion that with the end of the emergency such policy should
cease. I cannot but think that every Senator will agree with me that
the end of the emergency has been reached. The emergency
embraced not only the time of the expenditures, but their
continuation until the debt incurred during the emergency was so
reduced as to be readily managed, if not exclusively by the ordinary
revenues of the Government, yet with a greatly reduced system of
internal revenues and for a limited time. But in determining wherein
such reduction shall be made, two great interests of the country are
to be considered:
First, the system of duties on foreign goods, wares, &c.
Second, our national banking system.
It has been proposed to meet this question of reduction by
lowering the rates of duty, and thus to continue in this country
indefinitely the use of direct and indirect taxation, supposing that
such reduction would require the prolonged continuation of internal
taxation.
The first effect of this would be to increase the revenues, as lower
duties would lead for awhile to increased importations; but
ultimately these increased importations would destroy our
manufactures and impoverish the people to the point of inability to
buy largely abroad, and when that point would be reached, we should
have no other source of revenue than internal taxes upon an
impoverished people. At first we should have more revenue than we
need, but in the end much less.
This statement of the effect of lower duties may at first seem
anomalous and questionable, but that such would be the result is
proven by the effect on the revenues of the country of the reduction
in duties in the tariff of 1846 below that of 1842. This will be evident
from the Treasury statistics of the years 1844, 1845, 1846, 1847, &c.,
which will show for the latter years a large increase of revenues. A
reduction of duties which would affect the ability of our
manufacturers to compete with foreign makers would cause a large
importation of goods, with two objects: first, to find a market, the
effect of which would be to keep the mills of England and other
countries fully employed; and, second, a repetition of the custom of
English manufacturers to put goods on our markets at low and losing
prices for the purpose of crippling and breaking down our operators.
And the increase of out national revenues would continue until our
fires were stopped, our mills and mines closed, our laborers starved,
and our capital and skill, the work of many years, lost. This time
would be marked, by a renewal of our vassalage to England. Then the
tables would be turned, our revenues would fall off with our inability
to purchase, our taxation would continue and become very onerous,
and in place of a strong, reliant, and self-supporting people,
exercising a healthful influence over the nations of the world, we
would be owned and be the servants of Europe, tilling the ground for
the benefit of its people; our laborers would be brought down to a
level with the pauper labor of Europe.
Our form of government will not permit the employment of
ignorant pauper labor. It is a government of the people, and to have
it continue to grow and prosper the people must be paid such wages
as will enable them to be educated sufficiently to realize and
appreciate the benefits of its free institutions; and knowing these
benefits, they will maintain them. If, on the other hand, it is
desirable that the revenues from duties should be decreased, and
thereby retain both kinds of taxation, the direct and the indirect, the
best possible way to do this would be to largely increase the duties on
imported goods, which would for a time decrease the imports,
thereby decreasing the amount of duties received. This tendency
would last until, through this policy, the wealth and purchasing
power of the country would so largely increase that the revenues
would again increase, both by reason of decreased cost in foreign
countries and because of the purchase by us of articles of special
beauty, skill, and luxury. It may be said (and however paradoxical it
may appear, the assertion is proven by the history of the tariff) that
while the immediate tendency with free-trade duties is to increase
imports and revenues, the ultimate result of such low duties is to
decrease the imports and revenues, due to the decreasing ability of
the country to purchase. The immediate tendency of protective tariffs
is to decrease imports and revenues, but the final result is to increase
the imports and duties, arising from the greater ability of the country
to purchase. But my intention is not to discuss at this time the
question of a tariff, but to show the effect of a change in the duties on
imports upon the revenues of the country.
I clearly recognize that while the public mind is decidedly in favor
of encouraging home manufacturers by levying what are called
protective duties, yet the people are opposed to placing those duties
so high that they become prohibitory and making thereby an
exclusive market for our manufacturers at home. It seems very clear
to my mind, in view of these statements as to the result of decreasing
or increasing the duties on our imports, that no reduction of revenue
is practicable by changes in our tariff.
The second great interest of the people, which will very shortly be
directly affected by the large and increasing surplus revenues of the
country, is the system of national banks, and this through the
decrease of the public indebtedness by the application of the annual
surplus to its payment. The large annual reduction of the public debt
will very shortly begin to affect the confidence of the public in the
continuation of the system. It will increase public anxieties and
excite their fears as to a substitution of any other system for this that
has proven so acceptable and so valuable to the country. If the
national banking system is to be worked out of existence, it will
inevitably cause serious financial trouble.
Financial difficulties among a people like those of this country,
however ill-based or slight, are always attended by disastrous
consequences, because in times of prosperity the energies and
hopefulness of the people are stretched to the utmost limits, and the
shock of financial trouble has the effect of an almost total paralysis
on the business of the country. It is certainly the part of
statesmanship to avoid such a calamity whenever it is possible.
I unhesitatingly declare and believe that the value of our system of
national banks is so great in the benefits the country derives
therefrom and the dangers and losses its continuance will avoid that
it were better to continue in existence an indebtedness equal to the
wants of the banks which the country may from time to time require
until some equally conservative plan may be offered that will enable
us to dispense with the system.
It is also important in this connection for Senators to bear in mind
that the increasing business of the country will annually require
increased banking facilities, and consequently increased bonds as the
basis on which they can be organized; and it should not be
overlooked that a possible determination by Congress to pay off by
retiring or by funding the greenbacks will create a great hiatus in the
circulating medium of the country, which can only be replaced by
additional national-bank notes based upon an equivalent amount of
public indebtedness.
In view of the statements I have made, I cannot but conclude that
the wisest and most prudent course for Congress is to leave the
question of changes in the tariff laws to be adjusted as they may from
time to time require, and to make whatever reduction of the income
of the Government that may be found desirable by reducing the
changes in the internal-revenue laws.
The national revenue laws as they now are may be greatly and
profitably changed. They are very burdensome to a heavily-taxed
people, and such burdens should be relieved wherever it is possible.
This can now be done with safety by providing that so much of the
public debt may be paid off from time to time as may not be required
to sustain the system of national banks.
I move that the resolution be referred to the Committee on
Finance.
The motion was agreed to.
 Extracts from Speech of Hon. Thomas H.
Benton,

On Proposed Amendments of the Constitution in relation to the

election of President and Vice-President, Delivered in the U. S.
Senate Chamber, A. D. 1824.
He said:—The evil of a want of uniformity in the choice of
Presidential electors, is not limited to its disfiguring effect upon the
face of our government, but goes to endanger the rights of the
people, by permitting sudden alterations on the eve of an election,
and to annihilate the rights of the small States, by enabling the large
ones to combine, and to throw all their votes into the scale of a
particular candidate. These obvious evils make it certain that any
uniform rule would be preferable to the present state of things. But,
in fixing on one, it is the duty of statesmen to select that which is
calculated to give to every portion of the Union its due share in the
choice of a chief magistrate, and to every individual citizen a fair
opportunity of voting according to his will. This would be effected by
adopting the District System. It would divide every State into
districts equal to the whole number of votes to be given, and the
people of each district would be governed by its own majority, and
not by a majority existing in some remote part of the State. This
would be agreeable to the rights of individuals: for in entering into
society, and submitting to be bound by the decision of the majority,
each individual retained the right of voting for himself wherever it
was practicable, and of being governed by a majority of the vicinage,
and not by majorities brought from remote sections to overwhelm
him with their accumulated numbers. It would be agreeable to the
interests of all parts of the States; for each State may have different
interests in different parts; one part may be agricultural, another
manufacturing, another commercial; and it would be unjust that the
strongest should govern, or that two should combine and sacrifice
the third. The district system would be agreeable to the intention of
our present constitution, which, in giving to each elector a separate
vote, instead of giving to each State a consolidated vote, composed of
all its electoral suffrages, clearly intended that each mass of persons
entitled to one elector, should have the right of giving one vote,
according to their own sense of their own interest.
The general ticket system now existing in ten States, was the
offspring of policy, and not of any disposition to give fair play to the
will of the people. It was adopted by the leading men of those States,
to enable them to consolidate the vote of the State. It would be easy
to prove this by referring to facts of historical notoriety. It
contributes to give power and consequence to the leaders who
manage the elections, but it is a departure from the intention of the
constitution; violates the rights of the minorities, and is attended
with many other evils.
The intention of the constitution is violated because it was the
intention of that instrument to give to each mass of persons, entitled
to one elector, the power of giving an electoral vote to any candidate
they preferred. The rights of minorities are violated, because a
majority of one will carry the vote of the whole State. The principle is
the same, whether the elector is chosen by general ticket, or by
legislative ballot; a majority of one, in either case, carries the vote of
the whole State. In New York, thirty-six electors are chosen; nineteen
is a majority, and the candidate receiving this majority is fairly
entitled to receive nineteen votes; but he counts in reality thirty-six:
because the minority of seventeen are added to the majority. These
seventeen votes belong to seventeen masses of people, of 40,000
souls each, in all 680,000 people, whose votes are seized upon, taken
away, and presented to whom the majority pleases. Extend the
calculation to the seventeen States now choosing electors by general
ticket or legislative ballot, and it will show that three millions of
souls, a population equal to that which carried us through the
Revolution, may have their votes taken from them in the same way.
To lose their votes is the fate of all minorities, and it is theirs only to
submit; but this is not a case of votes lost, but of votes taken away,
added to those of the majority, and given to a person to whom the
minority was opposed.
 He said, this objection (to the direct vote of the people) had a
weight in the year 1787, to which it is not entitled in the year 1824.
Our government was then young, schools and colleges were scarce,
political science was then confined to few, and the means of diffusing
intelligence were both inadequate and uncertain. The experiment of
a popular government was just beginning; the people had been just
released from subjection to an hereditary king, and were not yet
practiced in the art of choosing a temporary chief for themselves. But
thirty-six years have reversed this picture; thirty-six years, which
have produced so many wonderful changes in America, have
accomplished the work of many centuries upon the intelligence of its
inhabitants. Within that period, schools, colleges, and universities
have multiplied to an amazing extent. The means of diffusing
intelligence have been wonderfully augmented by the establishment
of six hundred newspapers, and upwards of five thousand post-
offices. The whole course of an American’s life, civil, social, and
religious, has become one continued scene of intellectual and of
moral improvement. Once in every week, more than eleven thousand
men, eminent for learning and for piety, perform the double duty of
amending the hearts, and enlightening the understandings, of more
than eleven thousand congregations of people. Under the benign
influence of a free government, both our public institutions and
private pursuits, our juries, elections, courts of justice, the liberal
professions, and the mechanical arts, have each become a school of
political science and of mental improvement. The federal legislature,
in the annual message of the President, in reports of heads of
departments, and committees of Congress, and speeches of
members, pours forth a flood of intelligence which carries its waves
to the remotest confines of the republic. In the different States,
twenty-four State executives and State legislatures, are annually
repeating the same process within a more limited sphere. The habit
of universal travelling, and the practice of universal interchange of
thought, are continually circulating the intelligence of the country,
and augmenting its mass. The face of our country itself, its vast
extent, its grand and varied features, contribute to expand the
human intellect and magnify its power. Less than half a century of
the enjoyment of liberty has given practical evidence of the great
moral truth, that under a free government, the power of the intellect
is the only power which rules the affairs of men; and virtue and
intelligence the only durable passports to honor and preferment. The
conviction of this great truth has created an universal taste for
learning and for reading, and has convinced every parent that the
endowments of the mind and the virtues of the heart, are the only
imperishable, the only inestimable riches which he can leave to his
posterity.
This objection (the danger of tumults and violence at the elections)
is taken from the history of the ancient republics; and the tumultuary
elections of Rome and Greece. But the justness of the example is
denied. There is nothing in the laws of physiology which admits a
parallel between the sanguinary Roman, the volatile Greek, and the
phlegmatic American. There is nothing in the state of the respective
countries, or in the manner of voting, which makes one an example
for the other. The Romans voted in a mass, at a single voting place,
even when the qualified voters amounted to millions of persons.
They came to the polls armed, and divided into classes, and voted,
not by heads, but by centuries.
In the Grecian republics all the voters were brought together in a
great city, and decided the contest in one great struggle.
In such assemblages, both the inducement to violence, and the
means of committing it, were prepared by the government itself. In
the United States all this is different. The voters are assembled in
small bodies, at innumerable voting places, distributed over a vast
extent of country. They come to the polls without arms, without
odious instructions, without any temptation to violence, and with
every inducement to harmony.
If heated during the day of election, they cool off upon returning to
their homes, and resuming their ordinary occupations.
But let us admit the truth of the objection. Let us admit that the
American people would be as tumultuary at this presidential election
as were the citizens of the ancient republics at the election of their
chief magistrates. What then? Are we thence to infer the inferiority
of the officers thus elected, and the consequent degradation of the
countries over which they presided? I answer no. So far from it, that
I assert the superiority of these officers over all others ever obtained
for the same countries, either by hereditary succession, or the most
select mode of election. I affirm those periods of history to be the
most glorious in arms, the most renowned in arts, the most
celebrated in letters, the most useful in practice, and the most happy
in the condition of the people, in which the whole body of the citizens
voted direct for the chief officer of their country. Take the history of
that commonwealth which yet shines as the leading star in the
firmament of nations. Of the twenty-five centuries that the Roman
state has existed, to what period do we look for the generals and
statesmen, the poets and orators, the philosophers and historians,
the sculptors, painters and architects, whose immortal works have
fixed upon their country the admiring eyes of all succeeding ages? Is
it to the reign of the seven first kings?—to the reigns of the emperors,
proclaimed by the prætorian bands?—to the reigns of the Sovereign
Pontiffs, chosen by a select body of electors in a conclave of most
holy cardinals? No.—We look to none of these, but to that short
interval of four centuries and a half which lies between the expulsion
of the Tarquins, and the re-establishment of monarchy in the person
of Octavius Cæsar. It is to this short period, during which the
consuls, tribunes, and prætors, were annually elected by a direct vote
of the people, to which we look ourselves, and to which we direct the
infant minds of our children, for all the works and monuments of
Roman greatness; for roads, bridges, and aqueducts, constructed; for
victories gained, nations vanquished, commerce extended, treasure
imported, libraries founded, learning encouraged, the arts
flourishing, the city embellished, and the kings of the earth humbly
suing to be admitted into the friendship, and taken under the
protection of the Roman people. It was of this magnificent period
that Cicero spoke, when he proclaimed the people of Rome to be the
masters of kings, and the conquerors and commanders of all the
nations of the earth. And, what is wonderful, during this whole
period, in a succession of four hundred and fifty annual elections, the
people never once prepared a citizen to the consulship who did not
carry the prosperity and glory of the Republic to a point beyond that
at which he had found it.
It is the same with the Grecian Republics. Thirty centuries have
elapsed since they were founded; yet it is to an ephemeral period of
one hundred and fifty years only the period of popular elections
which intervened between the dispersing of a cloud of petty tyrants,
and the coming of a great one in the person of Philip, King of
Macedon, that we are to look for that galaxy of names which shed so
much lustre upon their country, and in which we are to find the first
cause of that intense sympathy which now burns in our bosoms at
the name of Greece.
These short and brilliant periods exhibit the great triumph of
popular elections; often tumultuary, often stained with blood, but
always ending gloriously for the country.
Then the right of suffrage was enjoyed; the sovereignty of the
people was no fiction. Then a sublime spectacle was seen, when the
Roman citizen advanced to the polls and proclaimed: “I vote for Cato
to be consul;” the Athenian, “I vote for Aristides to be Archon;” the
Hebran, “I vote for Pelopidas to be Bœotrach;” the Lacedemonian, “I
vote for Leonidas to be first of the Ephori,” and why not an
American citizen the same? Why may he not go up to the poll and
proclaim, “I vote for Thomas Jefferson to be President of the United
States?” Why is he compelled to put his vote in the hands of another,
and to incur all the hazards of an irresponsible agency, when he
himself could immediately give his own vote for his own chosen
candidate, without the slightest assistance from agents or managers?
But I have other objections to these intermediate electors. They are
the peculiar and favorite institution of aristocratic republics, and
elective monarchies. I refer the Senate to the late republics of Venice
and Genoa; of France, and her litter; to the Kingdom of Poland; the
empire of Germany, and the Pontificate of Rome. On the contrary, a
direct vote by the people is the peculiar and favorite institution of
democratic republics; as we have just seen in the governments of
Rome, Athens, Thebes, and Sparta; to which may be added the
principal cities of the Amphyctionic and Achaian leagues, and the
renowned republic of Carthage when the rival of Rome.
I have now answered the objections which were brought forward
in the year ’78. I ask for no judgment upon their validity of that day,
but I affirm them to be without force or reason in the year 1824.
Time and EXPERIENCE have so decided. Yes, time and experience,
the only infallible tests of good or bad institutions, have now shown
that the continuance of the electoral system will be both useless and
dangerous to the liberties of the people, and that the only effectual
mode of preserving our government from the corruptions which have
undermined the liberties of so many nations, is, to confide the
election of our chief magistrates to those who are farthest removed