Abstract
The modern day e-society inherently depends on Critical Infrastructures (CI) such as power grid, communication, transportation etc. For such CIs to operate efficiently, Supervisory Control and Data Acquisition (SCADA) systems direct their control and monitoring functionality. However, the technological shift is towards commercial-off-the-shelf SCADA systems that are also increasingly interconnected with each other primarily over dedicated network but slowly tending to even Internet level connectivity. This introduces new communication-level threats and vulnerabilities to SCADA systems. Therefore, the disputed concept ”security through obscurity” is no longer applicable, and previously unnoticed or ignored security issues might now be exposed. To handle such security challenges, techniques from conventional networked systems are also being adopted to the SCADA domain. This chapter discusses both adopted and newly developed techniques to secure communication in monolithic as well as highly interconnected systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, Understanding, and Analyzing Critical Infrastructure Interdependencies. IEEE Control Systems 21(6), 11–25 (2001)
Wang, Y., Chu, B.T.: sSCADA: Securing SCADA infrastructure communications. In: Cryptology ePrint Archive, Report 2004/265 (2004), http://eprint.iacr.org/2004/265.pdf
Patel, S.: Secure internet-based communication protocol for SCADA networks. In: PhD Thesis, University of Louisville, Kentucky (2006)
Igure, V.M., Laugher, S.A., Williams, R.D.: Security issues in SCADA networks. Elsevier Computers and Security Journal 25(7), 498–506 (2006)
Graham, J., Mostafa, S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., Patel, S.C.: Improvements in SCADA and DCS systems security. In: Proc. of The International Conference on Computers and Their Applications (2007)
Hieb, J.L., Graham, J.H., Patel, S.C.: Security Enhancements for Distributed Control Systems. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP, vol. 253, pp. 133–146. Springer, New York (2007)
Lim, I.H., Hong, S., Choi, M.S., Lee, S.J., Lee, S.W., Ha, B.N.: Applying Security Algorithms against Cyber Attacks in the Distribution Automation System. In: IEEE PES (2008)
Patel, S.C., Bhatt, G.D., Graham, J.: Improving the cyber security of SCADA communication networks. Communications of ACM 52(7) (July 2009)
Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security Strategies for SCADA Networks. In: Critical Infrastructure Protection (2007) ISBN 978-0-387-75461-1
D’Antonio, S., Romano, L., Khelil, A., Suri, N.: INcreasing Security and Protection through Infrastructure rEsilience: The INSPIRE Project. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 109–118. Springer, Heidelberg (2009)
D’Antonio, S., Romano, L., Khelil, A., Suri, N.: Increasing Security and Protection of SCADA Systems through Infrastructure Resilience. In: Proc. of The International Journal of System of Systems Engineering (IJSSE). INDERSCIENCE publishers (2009) (to appear)
Khelil, A., Jeckel, S., Germanus, D., Suri, N.: Towards Benchmarking of P2P Technologies from a SCADA Systems Protection Perspective. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 400–414. Springer, Heidelberg (2010)
Germanus, D., Khelil, A., Suri, N.: Increasing the Resilience of Critical SCADA Systems Using Peer-to-Peer Overlays. In: Giese, H. (ed.) ISARCS 2010. LNCS, vol. 6150, pp. 161–178. Springer, Heidelberg (2010)
Hauser, C.H., Bakken, D.E., Dionysiou, I., Gjermudd, K.K., Irava, V.S., Helkey, J., Bose, A.: Security, Trust, and QoS in Next-Generation Control and Communication for Large Power Systems. International Journal of Critical Infrastructures 4(1/2), 3–16 (2008)
Gjermundrod, H., Bakken, D.E., Hauser, C.H., Bose, A.: GridStat: A Flexible QoS-Managed Data Dissemination Framework for the Power Grid. IEEE Transactions on Power Delivery 24(1), 136–143 (2009)
Watts, D.: Security and vulnerability in electric power systems. In: Proc. of The 35th North American, Power Symposium (2003)
Rrushi, J.L., Campbell, R.H.: Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings. In: Proc. of The SCADA Security Scientific Symposium (2008)
American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 1: Background, Policies and Test Plan. AGA Report No.12, Part 1 (2006)
American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 2: Retrofit Application. AGA Report No.12, Part 2 (2006)
American Gas Association (AGA). Cryptographic Protection of SCADA Communications, Part 3: Protection of Networked Systems. AGA Report No.12, Part 3 (2006)
Distributed Network Protocol
Dawson, R., Boyd, C., Dawson, E., Nieto, J.M.G.: SKMA-A Key Management Architecture for SCADA Systems. In: Proc. of The Australasian Workshops on Grid Computing and e-Research (2006)
Industrial Control System Security Current Trends and Risk Mitigation (2009), http://www.intekras.com/IndustrialControlSystemSecurity.pdf
Byres, E.J., Eng, P., Lissimore, D., Kube, N.: Who Turned Out The Lights? Security Testing for SCADA and Control Systems. In: Proc. of The CanSecWest Applied Security Conference (2006)
Wikipedia. The stuxnet worm (2010)
Cyberspies penetrate electrical grid: report (2009), http://www.reuters.com/article/idUSTRE53729120090408
’Smart Grid’ Raises Security Concerns (2009), http://www.washingtonpost.com/wp-dyn/content/article/2009/07/27/AR2009072702988.html?referrer=emailarticle
Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid (2007), http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html
Slay, J., Miller, M.: Lessons Learned from the Maroochy Water Breach. IFIP, vol. 253. Springer, Boston (2007)
Top 10 Vulnerabilities of Control Systems and their Associated Mitigations (2007)
Byres, E.J., Hoffman, D., Kube, N.: On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols. In: Proc. of The 5th American Nuclear Society International Topical Meeting on Nuclear Plant Implementation, Controls, and Human Machine Interface Technology (2006)
US Department of Energy Office of Independent Oversight The President’s Critical Infrastructure Protection Board & the Office of Energy Assurance and Performance Assurance. 21 Steps to Improve Cyber Security of SCADA Networks. U.S. Department of Energy (2002)
National Vulnerability Database, NVD (2007)
Open Source Vulnerability Database, OSVDB (2007)
D’Antonio, S., Romano, L., Khelil, A., Suri, N.: INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project. In: Setola, R., Geretshuber, S. (eds.) CRITIS 2008. LNCS, vol. 5508, pp. 109–118. Springer, Heidelberg (2009)
Kozik, R., Choraś, M., Hołubowicz, W.: Fusion of Bayesian and Ontology Approach Applied to Decision Support System for Critical Infrastructures Protection. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 451–463. Springer, Heidelberg (2010)
IEC technical committee 57. Data and communications security, part 5: Security for iec 60870-5 and derivatives. IEC 62351-5 Second Committee Draft (2005)
Escudero, J.I., Rodrguez, J.A., Romero, M.C.: IDOLO: Multimedia Data Deployment On Scada Systems. In: Proc. of The IEEE PES Power Systems Conference And Exposition (2004)
Avallone, S., D’Antonio, S.: Using MPLS in a Wireless Mesh Network to Improve the Resiliency of SCADA Systems. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 440–450. Springer, Heidelberg (2010)
Lim, I.H., Kim, Y.I., Lim, H.T., Choi, M.S., Hong, S., Lee, S.J., Lim, S.I., Lee, S.W., Ha, B.N.: Distributed Restoration System Applying Multi-Agent in Distribution Automation System. In: IEEE PES General Meeting (2008)
Lo, Y.L., Wang, C.H., Lu, C.N.: A Multi-agent Based Service Restoration in Distribution Network with Distributed Generations. In: Proc. of The 15th International Conference on Intelligent System Applications to Power Systems, ISAP (2009)
Pridgen, A., Julien, C.: A secure modular mobile agent system. In: Proc. of The 2006 International Workshop on Software Engineering for Large-Scale Multi-Agent Systems, SELMAS (2006)
Suri, N., Bradshaw, J.M., Breedy, M.R., Groth, P.T., Hill, G.A., Jeffers, R., Mitrovich, T.S., Pouliot, B.R., Smith, D.S.: NOMADS: toward a strong and safe mobile agent system. In: Proc. of The Fourth International Conference on Autonomous Agents, AGENTS (2000)
Ketel, M.: A mobile agent based framework for web services. In: Proc. of The 47th Annual Southeast Regional Conference, ACM-SE (2009)
Pietre-Cambacedes, L., Sitbon, P.: Cryptographic Key Management for SCADA systems - Issues and Perspectives. In: Proc. of The International Conference on Information Security and Assurance (2008)
Patel, S.C., Yu, Y.: Analysis of SCADA Security Models. The International Management Review 3(2), 68–76 (2007)
Graham, J.H., Mostafa, S., Arazi, B., Tantawy, A., Hieb, J., Ralston, P., Patel, S.C.: Improvements in SCADA and DCS systems security. In: Proc. of The International Conference on Computers and Their Applications (2007)
Graham, J.H., Patel, S.C.: Correctness Proofs for SCADA Communication Protocols. In: Proc. of The 9th World Multi-Conference on Systemics, Cybernetics and Informatics (2005)
Hieb, J.L., Graham, J.H., Patel, S.C.: Cyber Security Enhancements for SCADA and DCS Systems. In: Critical Infrastructure Protection: Issues and Solutions. Springer, Heidelberg (2007)
Patel, S.C.: Secure Internet-Based Communication Protocol for SCADA Networks. In: Doctoral Dissertation, University of Louisville, Louisville, Kentucky, USA (2006)
Lee, S., Choi, D., Park, C., Kim, S.: An Efficient Key Management Scheme for Secure SCADA Communication. In: Proc. of The International Conference on Power Electronics and Power Engineering, ICPEPE (2008)
Camtepe, S.A., Yener, B.: Key Distribution Mechanisms for Wireless Sensor Networks: a Survey. TR-05-07, Dept. of Computer Science, Rensselaer Polytechnic Institute (2005)
Wright, A.K., Kinast, J.A., McCarty, J.: Low-Latency Cryptographic Protection for SCADA Communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 263–277. Springer, Heidelberg (2004)
Beaver, C., Gallup, D., Neuman, W., Torgerson, M.: Key management for SCADA. Technical Report, SANDIA (2002)
UK National Infrastructure Security Coordination Centre. Good Practice Guide on Firewall Deployment for SCADA and Process Control Networks. TR - British Columbia Institute of Technology (2005)
Bace, R., Mell, P.: Nist special publication on intrusion detection systems (2001)
Lazarevic, A., Kumar, V., Srivastava, J.: Intrusion detection: A survey (2009)
Tucker, C.J., Furnell, S.M., Ghita, B.V., Brooke, P.J.: A new taxonomy for comparing intrusion detection systems. Internet Research 17(1) (2007)
Google Directory. Intrusion Detection Systems
Dmoz Open Security Project. Intrusion Detection Systems
Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K.: Using Model-based Intrusion Detection for SCADA Networks. In: Proc. of The SCADA Security Scientific Symposium (2007)
Rrushi, J.L., Campbell, R.H.: Detecting Attacks in Power Plant Interfacing Substations through Probabilistic Validation of Attack-Effect Bindings. In: Proc. of The SCADA Security Scientific Symposium (2008)
Yi, P., Tong, T., Liu, N., Wu, Y., Ma, J.: Security in Wireless Mesh Networks: Challenges and Solutions. In: Proc. of The Sixth International Conference on Information Technology: New Generations, ITNG (2009)
Patira, R., Saxena, M.: A Survey on Security and Challenges of Ad-Hoc Networks. In: Proc. of Recent Innovations in Software and Computers, RISC (2010)
Stoica, I., Morris, R., Karger, D., Kaashoek, F.M., Balakrishnan, H.: Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. In: Proc. of The ACM SIGCOMM Conference (2001)
Maymounkov, P., Mazières, D.: Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002)
Rowstron, A.I.T., Druschel, P.: Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems. In: Liu, H. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)
Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., Cayirci, E.: A Survey on Sensor Networks. IEEE Communications Magazine 40(8), 102–114 (2002)
Alzaid, H., Park, D., Nieto, J.G., Boyd, C., Foo, E.: A Forward and Backward Secure Key Management in Wireless Sensor Networks for PCS/SCADA. In: Hailes, S., Sicari, S., Roussos, G. (eds.) S-CUBE 2009. LNICST, vol. 24, pp. 66–82. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Khelil, A., Germanus, D., Suri, N. (2012). Protection of SCADA Communication Channels. In: Lopez, J., Setola, R., Wolthusen, S.D. (eds) Critical Infrastructure Protection. Lecture Notes in Computer Science, vol 7130. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28920-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-28920-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28919-4
Online ISBN: 978-3-642-28920-0
eBook Packages: Computer ScienceComputer Science (R0)