Skip to main content
SpringerLink
Log in

Protection of SCADA Communication Channels

  • Chapter
Critical Infrastructure Protection

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7130))

Abstract

The modern day e-society inherently depends on Critical Infrastructures (CI) such as power grid, communication, transportation etc. For such CIs to operate efficiently, Supervisory Control and Data Acquisition (SCADA) systems direct their control and monitoring functionality. However, the technological shift is towards commercial-off-the-shelf SCADA systems that are also increasingly interconnected with each other primarily over dedicated network but slowly tending to even Internet level connectivity. This introduces new communication-level threats and vulnerabilities to SCADA systems. Therefore, the disputed concept ”security through obscurity” is no longer applicable, and previously unnoticed or ignored security issues might now be exposed. To handle such security challenges, techniques from conventional networked systems are also being adopted to the SCADA domain. This chapter discusses both adopted and newly developed techniques to secure communication in monolithic as well as highly interconnected systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies. IEEE Control Systems 21(6), 11–25 (2001)

    Article  Google Scholar 

  2. Wang, Y., Chu, B.T.: sSCADA: Securing SCADA infrastructure communications. In: Cryptology ePrint Archive, Report 2004/265 (2004), http://eprint.iacr.org/2004/265.pdf

  3. Patel, S.: Secure internet-based communication protocol for SCADA networks. In: PhD Thesis, University of Louisville, Kentucky (2006)

    Google Scholar 

  4. Igure, V.M., Laugher, S.A., Williams, R.D.: Security issues in SCADA networks. Elsevier Computers and Security Journal 25(7), 498–506 (2006)

    Google Scholar 

  5. Graham, J., Mostafa, S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., Patel, S.C.: Improvements in SCADA and DCS systems security. In: Proc. of The International Conference on Computers and Their Applications (2007)

    Google Scholar 

  6. Hieb, J.L., Graham, J.H., Patel, S.C.: Security Enhancements for Distributed Control Systems. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP, vol. 253, pp. 133–146. Springer, New York (2007)

    Chapter  Google Scholar 

  7. Lim, I.H., Hong, S., Choi, M.S., Lee, S.J., Lee, S.W., Ha, B.N.: Applying Security Algorithms against Cyber Attacks in the Distribution Automation System. In: IEEE PES (2008)

    Google Scholar 

  8. Patel, S.C., Bhatt, G.D., Graham, J.: Improving the cyber security of SCADA communication networks. Communications of ACM 52(7) (July 2009)

    Google Scholar 

  9. Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security Strategies for SCADA Networks. In: Critical Infrastructure Protection (2007) ISBN 978-0-387-75461-1

    Google Scholar 

  10. D’Antonio, S., Romano, L., Khelil, A., Suri, N.: INcreasing Security and Protection through Infrastructure rEsilience: The INSPIRE Project. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 109–118. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. D’Antonio, S., Romano, L., Khelil, A., Suri, N.: Increasing Security and Protection of SCADA Systems through Infrastructure Resilience. In: Proc. of The International Journal of System of Systems Engineering (IJSSE). INDERSCIENCE publishers (2009) (to appear)

    Google Scholar 

  12. Khelil, A., Jeckel, S., Germanus, D., Suri, N.: Towards Benchmarking of P2P Technologies from a SCADA Systems Protection Perspective. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 400–414. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Germanus, D., Khelil, A., Suri, N.: Increasing the Resilience of Critical SCADA Systems Using Peer-to-Peer Overlays. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 161–178. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Hauser, C.H., Bakken, D.E., Dionysiou, I., Gjermudd, K.K., Irava, V.S., Helkey, J., Bose, A.: Security, Trust, and QoS in Next-Generation Control and Communication for Large Power Systems. International Journal of Critical Infrastructures 4(1/2), 3–16 (2008)

    Article  Google Scholar 

  15. Gjermundrod, H., Bakken, D.E., Hauser, C.H., Bose, A.: GridStat: A Flexible QoS-Managed Data Dissemination Framework for the Power Grid. IEEE Transactions on Power Delivery 24(1), 136–143 (2009)

    Article  Google Scholar 

  16. Watts, D.: Security and vulnerability in electric power systems. In: Proc. of The 35th North American, Power Symposium (2003)

    Google Scholar 

  17. Rrushi, J.L., Campbell, R.H.: Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings. In: Proc. of The SCADA Security Scientific Symposium (2008)

    Google Scholar 

  18. American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan. AGA Report No.12, Part 1 (2006)

    Google Scholar 

  19. American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 2: Retrofit Application. AGA Report No.12, Part 2 (2006)

    Google Scholar 

  20. American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 3: Protection of Networked Systems. AGA Report No.12, Part 3 (2006)

    Google Scholar 

  21. Distributed Network Protocol

    Google Scholar 

  22. Dawson, R., Boyd, C., Dawson, E., Nieto, J.M.G.: SKMA-A Key Management Architecture for SCADA Systems. In: Proc. of The Australasian Workshops on Grid Computing and e-Research (2006)

    Google Scholar 

  23. Industrial Control System Security Current Trends and Risk Mitigation (2009), http://www.intekras.com/IndustrialControlSystemSecurity.pdf

  24. Byres, E.J., Eng, P., Lissimore, D., Kube, N.: Who Turned Out The Lights? Security Testing for SCADA and Control Systems. In: Proc. of The CanSecWest Applied Security Conference (2006)

    Google Scholar 

  25. Wikipedia. The stuxnet worm (2010)

    Google Scholar 

  26. Cyberspies penetrate electrical grid: report (2009), http://www.reuters.com/article/idUSTRE53729120090408

  27. ’Smart Grid’ Raises Security Concerns (2009), http://www.washingtonpost.com/wp-dyn/content/article/2009/07/27/AR2009072702988.html?referrer=emailarticle

  28. Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid (2007), http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html

  29. Slay, J., Miller, M.: Lessons Learned from the Maroochy Water Breach. IFIP, vol. 253. Springer, Boston (2007)

    Google Scholar 

  30. Top 10 Vulnerabilities of Control Systems and their Associated Mitigations (2007)

    Google Scholar 

  31. Byres, E.J., Hoffman, D., Kube, N.: On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols. In: Proc. of The 5th American Nuclear Society International Topical Meeting on Nuclear Plant Implementation, Controls, and Human Machine Interface Technology (2006)

    Google Scholar 

  32. US Department of Energy Office of Independent Oversight The President’s Critical Infrastructure Protection Board & the Office of Energy Assurance and Performance Assurance. 21 Steps to Improve Cyber Security of SCADA Networks. U.S. Department of Energy (2002)

    Google Scholar 

  33. National Vulnerability Database, NVD (2007)

    Google Scholar 

  34. Open Source Vulnerability Database, OSVDB (2007)

    Google Scholar 

  35. D’Antonio, S., Romano, L., Khelil, A., Suri, N.: INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 109–118. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  36. Kozik, R., Choraś, M., Hołubowicz, W.: Fusion of Bayesian and Ontology Approach Applied to Decision Support System for Critical Infrastructures Protection. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 451–463. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  37. IEC technical committee 57. Data and communications security, part 5: Security for iec 60870-5 and derivatives. IEC 62351-5 Second Committee Draft (2005)

    Google Scholar 

  38. Escudero, J.I., Rodrguez, J.A., Romero, M.C.: IDOLO: Multimedia Data Deployment On Scada Systems. In: Proc. of The IEEE PES Power Systems Conference And Exposition (2004)

    Google Scholar 

  39. Avallone, S., D’Antonio, S.: Using MPLS in a Wireless Mesh Network to Improve the Resiliency of SCADA Systems. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 440–450. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  40. Lim, I.H., Kim, Y.I., Lim, H.T., Choi, M.S., Hong, S., Lee, S.J., Lim, S.I., Lee, S.W., Ha, B.N.: Distributed Restoration System Applying Multi-Agent in Distribution Automation System. In: IEEE PES General Meeting (2008)

    Google Scholar 

  41. Lo, Y.L., Wang, C.H., Lu, C.N.: A Multi-agent Based Service Restoration in Distribution Network with Distributed Generations. In: Proc. of The 15th International Conference on Intelligent System Applications to Power Systems, ISAP (2009)

    Google Scholar 

  42. Pridgen, A., Julien, C.: A secure modular mobile agent system. In: Proc. of The 2006 International Workshop on Software Engineering for Large-Scale Multi-Agent Systems, SELMAS (2006)

    Google Scholar 

  43. Suri, N., Bradshaw, J.M., Breedy, M.R., Groth, P.T., Hill, G.A., Jeffers, R., Mitrovich, T.S., Pouliot, B.R., Smith, D.S.: NOMADS: toward a strong and safe mobile agent system. In: Proc. of The Fourth International Conference on Autonomous Agents, AGENTS (2000)

    Google Scholar 

  44. Ketel, M.: A mobile agent based framework for web services. In: Proc. of The 47th Annual Southeast Regional Conference, ACM-SE (2009)

    Google Scholar 

  45. Pietre-Cambacedes, L., Sitbon, P.: Cryptographic Key Management for SCADA systems - Issues and Perspectives. In: Proc. of The International Conference on Information Security and Assurance (2008)

    Google Scholar 

  46. Patel, S.C., Yu, Y.: Analysis of SCADA Security Models. The International Management Review 3(2), 68–76 (2007)

    Google Scholar 

  47. Graham, J.H., Mostafa, S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., Patel, S.C.: Improvements in SCADA and DCS systems security. In: Proc. of The International Conference on Computers and Their Applications (2007)

    Google Scholar 

  48. Graham, J.H., Patel, S.C.: Correctness Proofs for SCADA Communication Protocols. In: Proc. of The 9th World Multi-Conference on Systemics, Cybernetics and Informatics (2005)

    Google Scholar 

  49. Hieb, J.L., Graham, J.H., Patel, S.C.: Cyber Security Enhancements for SCADA and DCS Systems. In: Critical Infrastructure Protection: Issues and Solutions. Springer, Heidelberg (2007)

    Google Scholar 

  50. Patel, S.C.: Secure Internet-Based Communication Protocol for SCADA Networks. In: Doctoral Dissertation, University of Louisville, Louisville, Kentucky, USA (2006)

    Google Scholar 

  51. Lee, S., Choi, D., Park, C., Kim, S.: An Efficient Key Management Scheme for Secure SCADA Communication. In: Proc. of The International Conference on Power Electronics and Power Engineering, ICPEPE (2008)

    Google Scholar 

  52. Camtepe, S.A., Yener, B.: Key Distribution Mechanisms for Wireless Sensor Networks: a Survey. TR-05-07, Dept. of Computer Science, Rensselaer Polytechnic Institute (2005)

    Google Scholar 

  53. Wright, A.K., Kinast, J.A., McCarty, J.: Low-Latency Cryptographic Protection for SCADA Communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 263–277. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  54. Beaver, C., Gallup, D., Neuman, W., Torgerson, M.: Key management for SCADA. Technical Report, SANDIA (2002)

    Google Scholar 

  55. UK National Infrastructure Security Coordination Centre. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks. TR - British Columbia Institute of Technology (2005)

    Google Scholar 

  56. Bace, R., Mell, P.: Nist special publication on intrusion detection systems (2001)

    Google Scholar 

  57. Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: A survey (2009)

    Google Scholar 

  58. Tucker, C.J., Furnell, S.M., Ghita, B.V., Brooke, P.J.: A new taxonomy for comparing intrusion detection systems. Internet Research 17(1) (2007)

    Google Scholar 

  59. Google Directory. Intrusion Detection Systems

    Google Scholar 

  60. Dmoz Open Security Project. Intrusion Detection Systems

    Google Scholar 

  61. Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K.: Using Model-based Intrusion Detection for SCADA Networks. In: Proc. of The SCADA Security Scientific Symposium (2007)

    Google Scholar 

  62. Rrushi, J.L., Campbell, R.H.: Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings. In: Proc. of The SCADA Security Scientific Symposium (2008)

    Google Scholar 

  63. Yi, P., Tong, T., Liu, N., Wu, Y., Ma, J.: Security in Wireless Mesh Networks: Challenges and Solutions. In: Proc. of The Sixth International Conference on Information Technology: New Generations, ITNG (2009)

    Google Scholar 

  64. Patira, R., Saxena, M.: A Survey on Security and Challenges of Ad-Hoc Networks. In: Proc. of Recent Innovations in Software and Computers, RISC (2010)

    Google Scholar 

  65. Stoica, I., Morris, R., Karger, D., Kaashoek, F.M., Balakrishnan, H.: Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. In: Proc. of The ACM SIGCOMM Conference (2001)

    Google Scholar 

  66. Maymounkov, P., Mazières, D.: Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  67. Rowstron, A.I.T., Druschel, P.: Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems. In: Liu, H. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  68. Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: A Survey on Sensor Networks. IEEE Communications Magazine 40(8), 102–114 (2002)

    Article  Google Scholar 

  69. Alzaid, H., Park, D., Nieto, J.G., Boyd, C., Foo, E.: A Forward and Backward Secure Key Management in Wireless Sensor Networks for PCS/SCADA. In: Hailes, S., Sicari, S., Roussos, G. (eds.) S-CUBE 2009. LNICST, vol. 24, pp. 66–82. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Technische Universität Darmstadt, Hochschulstr. 10, Darmstadt, Germany

    Abdelmajid Khelil, Daniel Germanus & Neeraj Suri

Authors
  1. Abdelmajid Khelil
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Germanus
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Neeraj Suri
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Malaga, 29071, Málaga, Spain

    Javier Lopez

  2. Complex Systems & Security Lab, University CAMPUS Bio-Medico, Via Alavro del Portilla, 21, 00128, Roma, Italy

    Roberto Setola

  3. Information Security Group, Department of Mathematics, University of London, Royal Holloway, Egham Hill, TW20 0EX, Egham, Surrey, UK

    Stephen D. Wolthusen

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Khelil, A., Germanus, D., Suri, N. (2012). Protection of SCADA Communication Channels. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds) Critical Infrastructure Protection. Lecture Notes in Computer Science, vol 7130. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28920-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28920-0_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28919-4

  • Online ISBN: 978-3-642-28920-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation