Intrusion Detection and Event Monitoring in SCADA Networks
This paper describes the implementation of a customized intrusion detection and event monitoring system for a SCADA/sensor testbed. The system raises alerts upon detecting potential unauthorized access and changes in device settings. By markedly increasing the logging of critical network events, the system shows dramatic improvements in both the security and overall auditing capabilities. In addition to its role in securing SCADA networks, the system assists operators in identifying common configuration errors.
Keywords: Intrusion detection, real-time monitoring, SCADA networks
KeywordsIntrusion Detection Circuit Breaker Protective Relay Device Setting SCADA System
- Office of Energy Assurance, 21 Steps to Improve Cyber Security of SCADA Networks, U. S. Department of Energy, Washington, DC, 2002.Google Scholar
- P. Oman, A. Krings, D. Conte de Leon and J. Alves-Foss, Analyzing the security and survivability of real-time control systems, Proceedings of the Fifth Annual IEEE Systems, Man and Cybernetics Information Assurance Workshop, pp. 342-349, 2004.Google Scholar
- P. Oman, E. Schweitzer and D. Frincke, Concerns about intrusions into remotely accessible substation controllers and SCADA systems, Proceed- ings of the Twenty-Seventh Annual Western Protective Relay Conference, 2000.Google Scholar
- P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack - Part 1: Recognizing our vulnerabilities, Utility Automation & Enginering T&D, vol. 6(7), pp. 16-22, 2001.Google Scholar
- P. Oman, E. Schweitzer and J. Roberts, Protecting the grid from cyber attack - Part 2: Safeguarding IEDs, substations and SCADA systems, Utility Automation & Enginering T&D, vol. 7(1), pp. 25-32, 2002.Google Scholar
- M. Phillips, Event Monitoring and Intrusion Detection in SCADA Sys- tems, M. S. Thesis, Department of Computer Science, University of Idaho, Moscow, Idaho, 2005.Google Scholar
- M. Roesch, Snort (www.snort.org).
- F. Sheldon, T. Potok, A. Krings and P. Oman, Critical energy infrastruc- ture survivability: Inherent limitations, obstacles and mitigation strategies, International Journal of Power and Energy Systems, pp. 86-92, 2004.Google Scholar
- U. S. House of Representatives (Committee on Government Reform), Telecommunications and SCADA: Secure links or open portals to the security of our nation’s critical infrastructure, Serial No. 108-196, U. S. Government Printing Office, Washington, DC, March 30, 2004.Google Scholar
- J. Waite, A Testbed for SCADA Security and Survivability Research and Instruction, M. S. Thesis, Department of Computer Science, University of Idaho, Moscow, Idaho, 2004.Google Scholar
- J. Waite, J. Oman, M. Phillips, S. Melton and V. Nair, A SCADA testbed for teaching and learning, Proceedings of the Thirty-Sixth Annual North American Power Symposium, pp. 447-451, 2004.Google Scholar