Abstract
A SCADA system for a single 3,000-mile-long strand of oil or gas pipeline may employ several thousand field devices to measure process parameters and operate equipment. Because of the vital tasks performed by these sensors and actuators, pipeline operators need accurate and timely information about their status and integrity. This paper describes a realtime scanner that provides situational awareness about SCADA devices and control operations. The scanner, with the assistance of lightweight, distributed sensors, analyzes SCADA network traffic, verifies the operational status and integrity of field devices, and identifies anomalous activity. Experimental results obtained using real pipeline control traffic demonstrate the utility of the scanner in industrial settings.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
ArWest Communications Corporation, Supervisory Control and Data Acquisition (SCADA), San Jose, California (www.arwestcom.com/?s=reso urces&p=scada), 2008.
Emerson Process Management, ROC Protocol User Manual, Bulletin A4199, Houston, Texas, 2007.
Emerson Process Management, St. Louis, Missouri (www.emersonpro cess.com), 2008.
C. Frayn, Genetic Programming Library (GPLib), University of Birmingham, Birmingham, United Kingdom (www.cs.bham.ac.uk/~cmf/GP Lib/index.html), 2006.
Gumstix, Portola Valley, California (www.gumstix.com), 2008.
Information Sciences Institute, RFC793: Transmission Control Protocol, University of Southern California, Marina del Rey, California (www.faqs.org/rfcs/rfc793.html), 1981.
Insecure.org, Nmap Reference Guide, Palo Alto, California (nmap.org/ book/man.html), 2005.
T. Kilpatrick, J. Gonzalez, R. Chandia, M. Papa and S. Shenoi, Forensic analysis of SCADA systems and networks, International Journal of Security and Networks, vol. 3(2), pp. 95–102, 2008.
U. Lamping, R. Sharpe and E. Warnicke, Wireshark User’s Guide: 27121 for Wireshark 1.0.0 (www.wireshark.org/download/docs/user-gui de-us.pdf), 2008.
S. Northcutt and J. Novak, Network Intrusion Detection, New Riders, Indianapolis, Indiana, 2003.
OPC Foundation, Matrikon OPC Server for Fisher ROC Plus, Scottsdale, Arizona (www.opcfoundation.org/Products/ProductDetails.aspx?CM=1 &RI=8538&CU=1), 2008.
ProSoft Technology, Fisher ROC Communications Module (3150-ROC), Bakersfield, California (www.prosoft-technology.com/prosoft/products/fo r_rockwell_automation/protocol/custom/fisher_roc/3150_roc), 2008.
S. Sanfilippo, hping2 (www.hping.org), 2006.
R. Shayto, B. Porter, R. Chandia, M. Papa and S. Shenoi, Assessing the integrity of field devices in Modbus networks, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 115–128, 2008.
VMWare, VMWare Server Virtual User’s Guide (VMware Server 2.0), Palo Alto, California (www.vmware.com/pdf/vmserver2.pdf), 2008.
Wonderware West, Wonderware Universal Server, League City, Texas (www.standard automation.com/products/universal-server), 2008.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Butts, J., Kleinhans, H., Chandia, R., Papa, M., Shenoi, S. (2009). Providing Situational Awareness for Pipeline Control Operations. In: Palmer, C., Shenoi, S. (eds) Critical Infrastructure Protection III. ICCIP 2009. IFIP Advances in Information and Communication Technology, vol 311. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04798-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-04798-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04797-8
Online ISBN: 978-3-642-04798-5
eBook Packages: Computer ScienceComputer Science (R0)