The Controllis system uses a mutual authentication system to verify the remote management server and the controller to each other before allowing the software to be upgraded on the remote SCADA device. The company calls the system SAMASU: the Secure Automated Mutual Authenticated Software Upgrade.
“The system is similar in principal to the way in which cellular networks and handsets authenticate each other” said Software Director Mark Anderson. “Unless both parts pass authentication the software remains the same, the process is designed to eliminate third party attacks on secure installations such as power grids, pipelines, critical pumps, switching systems and other critical infrastructure.”
A number of SCADA systems have come under attack in recent years including power systems, industrial processes and building systems. As recently as November 2011 hackers were blamed for damage to a water distribution system in the US by exploiting vulnerabilities in a conventional SCADA system.
The Controllis system also has additional security features that limit the local access to the device and ensure that viruses and malware cannot be installed on the device locally. In addition all communications between the central server and the remote management device is within a secure VPN tunnel.
The Controllis development team has a background in telecommunications, power generation, defence and formula 1 motorsport sectors. The company, founded in 2008, is privately owned and funded by the management team, a number of private investors and Cambridge based Martlet.