Security Strategies for SCADA Networks

  • Rodrigo Chandia
  • Jesus Gonzalez
  • Tim Kilpatrick
  • Mauricio Papa
  • Sujeet Shenoi
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 253)

SCADA systems have historically been isolated from other computing resources. However, the use of TCP/IP as a carrier protocol and the trend to interconnect SCADA systems with enterprise networks introduce serious security threats. This paper describes two strategies for securing SCADA networks, both of which have been implemented in a laboratory-scale Modbus network. The first utilizes a security services suite that minimizes the impact on time-critical industrial process systems while adhering to industry standards. The second engages a sophisticated forensic system for SCADA network traffic collection and analysis. The forensic system supports the post mortem analysis of security breaches and the monitoring of process behavior to optimize plant performance.

Keywords: SCADA networks, security services, forensics


Data Warehouse Security Service American Petroleum Institute Security Incident Industrial Control System 


  1. American Gas Association, Cryptographic Protection of SCADA Com- munications; Part 1: Background, Policies and Test Plan, AGA Report No. 12 (Part 1), Draft 5, Washington, DC (www.gtiservices. org/security/ AGA12Draft5r3. pdf), 2005.
  2. American Gas Association, Cryptographic Protection of SCADA Com- munications; Part 2: Retrofit Link Encryption for Asynchronous Serial Communications, AGA Report No. 12 (Part 2), Draft, Washington, DC (www.gtiservices. org/security/aga-12p2-draft-0512. pdf, 2005.
  3. American Petroleum Institute, API 1164: SCADA Security, Washington, DC, 2004.Google Scholar
  4. [4]
    M. Berg and J. Stamp, A reference model for control and automation sys- tems in electric power, Technical Report SAND2005-1000C, Sandia Na- tional Laboratories, Albuquerque, New Mexico, 2005.Google Scholar
  5. British Columbia Institute of Technology, Good Practice Guide on Fire- wall Deployment for SCADA and Process Control Networks, National Infrastructure Security Co-ordination Centre, London, United Kingdom, 2005.Google Scholar
  6. E. Byres, J. Carter, A. Elramly and D. Hoffman, Worlds in collision: Eth- ernet on the plant floor, Proceedings of the ISA Emerging Technologies Conference, 2002.Google Scholar
  7. [7]
    E. Byres, M. Franz and D. Miller, The use of attack trees in assessing vulnerabilities in SCADA systems, Proceedings of the International In- frastructure Survivability Workshop, 2004.Google Scholar
  8. [8]
    E. Byres and T. Nguyen, Using OPC to integrate control systems from competing vendors, Proceedings of the Canadian Pulp and Paper Associa- tion Technical Conference, 2000.Google Scholar
  9. [9]
    D. Davis and R. Swick, Network security via private key certificates, Op- erating Systems Review, vol. 24, pp. 64-67, 1990.CrossRefGoogle Scholar
  10. [10]
    J. Graham and S. Patel, Security considerations in SCADA communication protocols, Technical Report TR-ISRL-04-01, Intelligent System Research Laboratory, Department of Computer Engineering and Computer Science, University of Louisville, Louisville, Kentucky, 2004.Google Scholar
  11. Instrumentation Systems and Automation Society, Security Technologies for Manufacturing and Control Systems (ANSI/ISA-TR99. 00. 01-2004), Research Triangle Park, North Carolina, 2004.Google Scholar
  12. Instrumentation Systems and Automation Society, Integrating Electronic Security into the Manufacturing and Control Systems Environment (ANSI/ISA-TR99. 00. 02-2004), Research Triangle Park, North Carolina, 2004.Google Scholar
  13. [13]
    D. Kilman and J. Stamp, Framework for SCADA security policy, Technical Report SAND2005-1002C, Sandia National Laboratories, Albuquerque, New Mexico, 2005.Google Scholar
  14. [14]
    T. Kilpatrick, J. Gonzalez, R. Chandia, M. Papa and S. Shenoi, An architecture for SCADA network forensics, in Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds. ), Springer, New York, pp. 273-285, 2006.CrossRefGoogle Scholar
  15. [15]
    K. Mandia, C. Prosise and M. Pepe, Incident Response and Computer Forensics, McGraw-Hill/Osborne, Emeryville, California, 2003.Google Scholar
  16. Modbus IDA, MODBUS Application Protocol Specification v1. 1a, North Grafton, Massachusetts (www.modbus. org/specs. php), 2004.
  17. National Institute of Standards and Technology, System Protection Profile -Industrial Control Systems v1. 0, Gaithersburg, Maryland, 2004.Google Scholar
  18. [18]
    K. Shanmugasundaram, H. Bronnimann and N. Memon, Integrating digital forensics in network architectures, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds. ),Springer, New York, pp. 127-140, 2005.Google Scholar
  19. [19]
    K. Shanmugasundaram, N. Memon, A. Savant and H. Bronnimann, Fornet: A distributed forensics system, Proceedings of the Second International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, 2003.Google Scholar
  20. [20]
    M. Smith and M. Copps, DNP3 V3. 00 Data Object Library Version 0. 02, DNP Users Group, Pasadena, California, 1993.Google Scholar
  21. [21]
    K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security -Initial Public Draft, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Rodrigo Chandia
    • 1
  • Jesus Gonzalez
    • 2
  • Tim Kilpatrick
    • 1
  • Mauricio Papa
    • 1
  • Sujeet Shenoi
    • 1
  1. 1.Computer ScienceUniversity of TulsaTulsaUSA
  2. 2.CITGO Petroleum in HoustonHoustonUSA

Personalised recommendations