Security Strategies for SCADA Networks
SCADA systems have historically been isolated from other computing resources. However, the use of TCP/IP as a carrier protocol and the trend to interconnect SCADA systems with enterprise networks introduce serious security threats. This paper describes two strategies for securing SCADA networks, both of which have been implemented in a laboratory-scale Modbus network. The first utilizes a security services suite that minimizes the impact on time-critical industrial process systems while adhering to industry standards. The second engages a sophisticated forensic system for SCADA network traffic collection and analysis. The forensic system supports the post mortem analysis of security breaches and the monitoring of process behavior to optimize plant performance.
Keywords: SCADA networks, security services, forensics
KeywordsData Warehouse Security Service American Petroleum Institute Security Incident Industrial Control System
- American Gas Association, Cryptographic Protection of SCADA Com- munications; Part 1: Background, Policies and Test Plan, AGA Report No. 12 (Part 1), Draft 5, Washington, DC (www.gtiservices. org/security/ AGA12Draft5r3. pdf), 2005.
- American Gas Association, Cryptographic Protection of SCADA Com- munications; Part 2: Retrofit Link Encryption for Asynchronous Serial Communications, AGA Report No. 12 (Part 2), Draft, Washington, DC (www.gtiservices. org/security/aga-12p2-draft-0512. pdf, 2005.
- American Petroleum Institute, API 1164: SCADA Security, Washington, DC, 2004.Google Scholar
- M. Berg and J. Stamp, A reference model for control and automation sys- tems in electric power, Technical Report SAND2005-1000C, Sandia Na- tional Laboratories, Albuquerque, New Mexico, 2005.Google Scholar
- British Columbia Institute of Technology, Good Practice Guide on Fire- wall Deployment for SCADA and Process Control Networks, National Infrastructure Security Co-ordination Centre, London, United Kingdom, 2005.Google Scholar
- E. Byres, J. Carter, A. Elramly and D. Hoffman, Worlds in collision: Eth- ernet on the plant floor, Proceedings of the ISA Emerging Technologies Conference, 2002.Google Scholar
- E. Byres, M. Franz and D. Miller, The use of attack trees in assessing vulnerabilities in SCADA systems, Proceedings of the International In- frastructure Survivability Workshop, 2004.Google Scholar
- E. Byres and T. Nguyen, Using OPC to integrate control systems from competing vendors, Proceedings of the Canadian Pulp and Paper Associa- tion Technical Conference, 2000.Google Scholar
- J. Graham and S. Patel, Security considerations in SCADA communication protocols, Technical Report TR-ISRL-04-01, Intelligent System Research Laboratory, Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky, 2004.Google Scholar
- Instrumentation Systems and Automation Society, Security Technologies for Manufacturing and Control Systems (ANSI/ISA-TR99. 00. 01-2004), Research Triangle Park, North Carolina, 2004.Google Scholar
- Instrumentation Systems and Automation Society, Integrating Electronic Security into the Manufacturing and Control Systems Environment (ANSI/ISA-TR99. 00. 02-2004), Research Triangle Park, North Carolina, 2004.Google Scholar
- D. Kilman and J. Stamp, Framework for SCADA security policy, Technical Report SAND2005-1002C, Sandia National Laboratories, Albuquerque, New Mexico, 2005.Google Scholar
- K. Mandia, C. Prosise and M. Pepe, Incident Response and Computer Forensics, McGraw-Hill/Osborne, Emeryville, California, 2003.Google Scholar
- Modbus IDA, MODBUS Application Protocol Specification v1. 1a, North Grafton, Massachusetts (www.modbus. org/specs. php), 2004.
- National Institute of Standards and Technology, System Protection Profile -Industrial Control Systems v1. 0, Gaithersburg, Maryland, 2004.Google Scholar
- K. Shanmugasundaram, H. Bronnimann and N. Memon, Integrating digital forensics in network architectures, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds. ),Springer, New York, pp. 127-140, 2005.Google Scholar
- K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, Fornet: A distributed forensics system, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, 2003.Google Scholar
- M. Smith and M. Copps, DNP3 V3. 00 Data Object Library Version 0. 02, DNP Users Group, Pasadena, California, 1993.Google Scholar
- K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security -Initial Public Draft, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.Google Scholar