Skip to main content
Springer Nature Link
Log in

Toward Safe Integration of Legacy SCADA Systems in the Smart Grid

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13285))

Included in the following conference series:

Abstract

A SCADA system is a distributed network of cyber-physical devices used for instrumentation and control of critical infrastructures such as an electric power grid. With the emergence of the smart grid, SCADA systems are increasingly required to be connected to more open systems and security becomes crucial. However, many of these SCADA systems have been deployed for decades and were initially not designed with security in mind. In particular, the field devices in these systems are vulnerable to false command injection from an intruding or compromised device. But implementing cryptographic defence on these old-generation devices is challenging due to their computation constraints. As a key requirement, solutions to protect legacy SCADA systems have to be an add-on. This paper discusses two add-on defence strategies for legacy SCADA systems—the data diode and the detect-and-respond approach—and compares their security guarantees and applicable scenarios. A generic architectural framework is also proposed to implement the detect-and-respond strategy, with an instantiation to demonstrate its practicality.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Earlier SCADA systems were designed based on proprietary protocols. DNP3 is a standard adopted in newer SCADA systems for connecting RTUs and IEDs with an MTU.

  2. 2.

    Although different hardware implementations of a data diode exist, supporting different physical channels (e.g. RS-232, EIA-485, USB, Ethernet), most implementations make use of optical couplers to guarantee physical isolation.

  3. 3.

    A wireless channel is assumed here simply because it is one of the common approaches for adding new communication channels between a remote substation and a control centre.

References

  1. Alcaraz, C., Agudo, I., Nuñez, D., López, J.: Managing incidents in smart grids à la cloud. In: Proceedings of IEEE CloudCom 2011, pp. 527–531 (2011)

    Google Scholar 

  2. Alcaraz, C., López, J., Wolthusen, S.D.: Policy enforcement system for secure interoperable control in distributed smart grid systems. J. Netw. Comput. Appl. 59, 301–314 (2016)

    Article  Google Scholar 

  3. Alcaraz, C., López, J., Zhou, J., Roman, R.: Secure SCADA framework for the protection of energy control systems. Concurr. Comput. Pract. Exp. 23(12), 1431–1442 (2011)

    Article  Google Scholar 

  4. Amoah, R., Camtepe, S., Foo, E.: Securing DNP3 broadcast communications in SCADA systems. IEEE Trans. Industr. Inf. 12(4), 1474–1485 (2016)

    Article  Google Scholar 

  5. Bowen, C.L., Buennemeyer, T.K., Thomas, R.W.: Next generation SCADA security: best practices and client puzzles. In: Proceedings of the 6th Annual IEEE SMC Information Assurance Workshop, June 2005

    Google Scholar 

  6. Bratus, S., Hansen, A., Shubina, A.: LZfuzz: a fast compression-based fuzzer for poorly documented protocols. Darmouth Computer Science, Technical report TR2008-634, September 2008

    Google Scholar 

  7. Castellanos, J.H., Antonioli, D., Tippenhauer, N.O., Ochoa, M.: Legacy-compliant data authentication for industrial control system traffic. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 665–685. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_33

    Chapter  Google Scholar 

  8. Chan, A.C.-F., Wong, J.W., Zhou, J., Teo, J.: Scalable two-factor authentication using historical data. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 91–110. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_5

    Chapter  Google Scholar 

  9. Common Criteria. Common methodology for information technology security evaluation, Rev. 5 (ISO/IEC 18045), April 2017

    Google Scholar 

  10. de Freitas, M.B., Rosa, L., Cruz, T., Simões, P.: SDN-Enabled virtual data diode. In: Katsikas, S.K., et al. (eds.) SECPRE/CyberICPS -2018. LNCS, vol. 11387, pp. 102–118. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12786-2_7

    Chapter  Google Scholar 

  11. Hahn, A.: Cyber security of the smart grid: attack exposure analysis, detection algorithms, and testbed evaluation. Iowa State University Graduate Theses and Dissertations (2013)

    Google Scholar 

  12. Hasan, M.M., Mouftah, H.T.: Optimization of trust node assignment for securing routes in smart grid SCADA networks. IEEE Syst. J. 13(2), 1505–1513 (2018)

    Article  Google Scholar 

  13. He, Y., Mendis, J., Wei, J.: Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism. IEEE Trans. Smart Grid 8(5), 2505–2516 (2017)

    Article  Google Scholar 

  14. Heine, E., Khurana, H., Yardley, T.: Exploring convergence for SCADA networks. In: Proceedings of the ISGT 2011, January 2011

    Google Scholar 

  15. Herder, C., Yu, M.-D.M., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014)

    Article  Google Scholar 

  16. Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security – a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)

    Article  Google Scholar 

  17. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  18. Lin, H., Slagell, A., Kalbarczyk, Z.T., Sauer, P.W., Iyer, R.K.: Runtime semantic security analysis to detect and mitigate control-related attacks in power grids. IEEE Trans. Smart Grid 9(1), 163–178 (2016)

    Article  Google Scholar 

  19. McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.-R., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)

    Article  Google Scholar 

  20. Modbus. Modbus over serial line – specification and implementation guide V1.02. Modbus Documentation, December 2006

    Google Scholar 

  21. Nakibly, G., Kirshon, A., Gonikman, D., Boneh, D.: Persistent OSPF attacks. In: Proceedings of the NDSS 2012, February 2012

    Google Scholar 

  22. Nazir, S., Patel, S., Patel, D.: Assessing and augmenting SCADA cyber security: a survey of techniques. Comput. Secur. 70, 436–454 (2017)

    Article  Google Scholar 

  23. Nourian, A., Madnick, S.: A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet. IEEE Trans. Dependable Secure Comput. 15(1), 2–13 (2018)

    Article  Google Scholar 

  24. Okhravi, H., Sheldon, F.T.: Data diodes in support of trustworthy cyber infrastructure. In: Proceedings of the CSIIRW 2010, pp. 1–4, April 2010

    Google Scholar 

  25. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297, 2026–2030 (2002)

    Article  Google Scholar 

  26. Pidikiti, D.S., Kalluri, R., Kumar, R.K.S., Bindhumadhava, B.S.: SCADA communication protocols: vulnerabilities, attacks and possible mitigations. CSIT 1, 135–141 (2013)

    Article  Google Scholar 

  27. Siemens. SINAUT ST-7 station control system – system manual. SINAUT Docummentation, Edition 05/2001, May 2001

    Google Scholar 

  28. Tweed, K.: Bulletproofing the grid. IEEE Spectr. 51(5), 13–14 (2014)

    Article  Google Scholar 

  29. Wright, A.K., Kinast, J.A., McCarty, J.: Low-latency cryptographic protection for SCADA communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 263–277. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24852-1_19

    Chapter  Google Scholar 

  30. Yun, J.-H., Chang, Y., Kim, K.-H., Kim, W.: Security validation for data diode with reverse channel. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds.) CRITIS 2016. LNCS, vol. 10242, pp. 271–282. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-71368-7_23

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Hong Kong, Pok Fu Lam, Hong Kong

    Aldar C.-F. Chan

  2. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

Authors
  1. Aldar C.-F. Chan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aldar C.-F. Chan .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Bristol, Bristol, UK

    Sridhar Adepu

  3. University of Malaga, Malaga, Spain

    Cristina Alcaraz

  4. Radboud University Nijmegen, Málaga, The Netherlands

    Lejla Batina

  5. Sapienza University of Rome, Rome, Roma, Italy

    Emiliano Casalicchio

  6. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  7. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  8. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  9. University of Padua, Padua, Italy

    Eleonora Losiouk

  10. Concordia University, Montreal, QC, Canada

    Suryadipta Majumdar

  11. Technical University Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  12. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  13. Zhejiang Gongshang University, Hangzhou, China

    Jun Shao

  14. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  15. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

  16. Delft University of Technology, Delft, The Netherlands

    Yury Zhauniarovich

  17. Rutgers University, Piscataway, NJ, USA

    Saman Zonouz

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chan, A.CF., Zhou, J. (2022). Toward Safe Integration of Legacy SCADA Systems in the Smart Grid. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16815-4_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16814-7

  • Online ISBN: 978-3-031-16815-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation