SCADA systems have historically been isolated from other computing resources. However, the use of TCP/IP as a carrier protocol and the trend to interconnect SCADA systems with enterprise networks introduce serious security threats. This paper describes two strategies for securing SCADA networks, both of which have been implemented in a laboratory-scale Modbus network. The first utilizes a security services suite that minimizes the impact on time-critical industrial process systems while adhering to industry standards. The second engages a sophisticated forensic system for SCADA network traffic collection and analysis. The forensic system supports the post mortem analysis of security breaches and the monitoring of process behavior to optimize plant performance.
Keywords: SCADA networks, security services, forensics
Chapter PDF
Similar content being viewed by others
Keywords
- Data Warehouse
- Security Service
- American Petroleum Institute
- Security Incident
- Industrial Control System
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
American Gas Association, Cryptographic Protection of SCADA Com- munications; Part 1: Background, Policies and Test Plan, AGA Report No. 12 (Part 1), Draft 5, Washington, DC (www.gtiservices. org/security/ AGA12Draft5r3. pdf), 2005.
American Gas Association, Cryptographic Protection of SCADA Com- munications; Part 2: Retrofit Link Encryption for Asynchronous Serial Communications, AGA Report No. 12 (Part 2), Draft, Washington, DC (www.gtiservices. org/security/aga-12p2-draft-0512. pdf, 2005.
American Petroleum Institute, API 1164: SCADA Security, Washington, DC, 2004.
M. Berg and J. Stamp, A reference model for control and automation sys- tems in electric power, Technical Report SAND2005-1000C, Sandia Na- tional Laboratories, Albuquerque, New Mexico, 2005.
British Columbia Institute of Technology, Good Practice Guide on Fire- wall Deployment for SCADA and Process Control Networks, National Infrastructure Security Co-ordination Centre, London, United Kingdom, 2005.
E. Byres, J. Carter, A. Elramly and D. Hoffman, Worlds in collision: Eth- ernet on the plant floor, Proceedings of the ISA Emerging Technologies Conference, 2002.
E. Byres, M. Franz and D. Miller, The use of attack trees in assessing vulnerabilities in SCADA systems, Proceedings of the International In- frastructure Survivability Workshop, 2004.
E. Byres and T. Nguyen, Using OPC to integrate control systems from competing vendors, Proceedings of the Canadian Pulp and Paper Associa- tion Technical Conference, 2000.
D. Davis and R. Swick, Network security via private key certificates, Op- erating Systems Review, vol. 24, pp. 64-67, 1990.
J. Graham and S. Patel, Security considerations in SCADA communication protocols, Technical Report TR-ISRL-04-01, Intelligent System Research Laboratory, Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky, 2004.
Instrumentation Systems and Automation Society, Security Technologies for Manufacturing and Control Systems (ANSI/ISA-TR99. 00. 01-2004), Research Triangle Park, North Carolina, 2004.
Instrumentation Systems and Automation Society, Integrating Electronic Security into the Manufacturing and Control Systems Environment (ANSI/ISA-TR99. 00. 02-2004), Research Triangle Park, North Carolina, 2004.
D. Kilman and J. Stamp, Framework for SCADA security policy, Technical Report SAND2005-1002C, Sandia National Laboratories, Albuquerque, New Mexico, 2005.
T. Kilpatrick, J. Gonzalez, R. Chandia, M. Papa and S. Shenoi, An architecture for SCADA network forensics, in Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds. ), Springer, New York, pp. 273-285, 2006.
K. Mandia, C. Prosise and M. Pepe, Incident Response and Computer Forensics, McGraw-Hill/Osborne, Emeryville, California, 2003.
Modbus IDA, MODBUS Application Protocol Specification v1. 1a, North Grafton, Massachusetts (www.modbus. org/specs. php), 2004.
National Institute of Standards and Technology, System Protection Profile -Industrial Control Systems v1. 0, Gaithersburg, Maryland, 2004.
K. Shanmugasundaram, H. Bronnimann and N. Memon, Integrating digital forensics in network architectures, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds. ),Springer, New York, pp. 127-140, 2005.
K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, Fornet: A distributed forensics system, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, 2003.
M. Smith and M. Copps, DNP3 V3. 00 Data Object Library Version 0. 02, DNP Users Group, Pasadena, California, 1993.
K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security -Initial Public Draft, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S. (2008). Security Strategies for SCADA Networks. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_9
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_9
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)