This paper describes the implementation of a customized intrusion detection and event monitoring system for a SCADA/sensor testbed. The system raises alerts upon detecting potential unauthorized access and changes in device settings. By markedly increasing the logging of critical network events, the system shows dramatic improvements in both the security and overall auditing capabilities. In addition to its role in securing SCADA networks, the system assists operators in identifying common configuration errors.
Keywords: Intrusion detection, real-time monitoring, SCADA networks
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Office of Energy Assurance, 21 Steps to Improve Cyber Security of SCADA Networks, U. S. Department of Energy, Washington, DC, 2002.
P. Oman, A. Krings, D. Conte de Leon and J. Alves-Foss, Analyzing the security and survivability of real-time control systems, Proceedings of the Fifth Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop, pp. 342-349, 2004.
P. Oman, E. Schweitzer and D. Frincke, Concerns about intrusions into remotely accessible substation controllers and SCADA systems, Proceed- ings of the Twenty-Seventh Annual Western Protective Relay Conference, 2000.
P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack - Part 1: Recognizing our vulnerabilities, Utility Automation & Enginering T&D, vol. 6(7), pp. 16-22, 2001.
P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack - Part 2: Safeguarding IEDs, substations and SCADA systems, Utility Automation & Enginering T&D, vol. 7(1), pp. 25-32, 2002.
M. Phillips, Event Monitoring and Intrusion Detection in SCADA Sys- tems, M. S. Thesis, Department of Computer Science, University of Idaho, Moscow, Idaho, 2005.
M. Roesch, Snort (www.snort.org).
F. Sheldon, T. Potok, A. Krings and P. Oman, Critical energy infrastruc- ture survivability: Inherent limitations, obstacles and mitigation strategies, International Journal of Power and Energy Systems, pp. 86-92, 2004.
U. S. House of Representatives (Committee on Government Reform), Telecommunications and SCADA: Secure links or open portals to the security of our nation’s critical infrastructure, Serial No. 108-196, U. S. Government Printing Office, Washington, DC, March 30, 2004.
J. Waite, A Testbed for SCADA Security and Survivability Research and Instruction, M. S. Thesis, Department of Computer Science, University of Idaho, Moscow, Idaho, 2004.
J. Waite, J. Oman, M. Phillips, S. Melton and V. Nair, A SCADA testbed for teaching and learning, Proceedings of the Thirty-Sixth Annual North American Power Symposium, pp. 447-451, 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Oman, P., Phillips, M. (2008). Intrusion Detection and Event Monitoring in SCADA Networks. In: Goetz, E., Shenoi, S. (eds) Critical Infrastructure Protection. ICCIP 2007. IFIP International Federation for Information Processing, vol 253. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-75462-8_12
Download citation
DOI: https://doi.org/10.1007/978-0-387-75462-8_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-75461-1
Online ISBN: 978-0-387-75462-8
eBook Packages: Computer ScienceComputer Science (R0)