Functional Security Enhancements for Existing SCADA Systems

Activity Leads: 
Industry Collaborators: 

Lawrence Berkeley National Lab (LBNL)
OSIsoft, LLC

Research Summary: 

Although SCADA systems were originally endowed with relatively minimal networking capabilities, over the years they have increasingly migrated to IP networks that allow communication with numerous devices multiplexing the same communication medium. While that migration advances the value proposition of the emerging smart grid, it also clearly provides a vulnerable cyber medium through which potential attackers can access and manipulate critical physical power equipment, and Ethernet protocols are exposed to traffic from a wide variety of sources. Therefore, securing the networked SCADA systems of the emerging smart grid is undoubtedly of great importance in assessing the impact of any potential menace on the stability and security of such systems. In this work, we proposed a novel use of network intrusion detection systems (NIDS) tailored to detect attacks against networks that support hybrid controllers of power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the power grid protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrated that our approach is able to detect a diverse range of attacks that attempt to compromise the physical process by leveraging information about the physical part of the power system. Finally, we expanded our developed security framework to work under the industry’s standard real-time data management systems.

Research Demo:

Functional Security Enhancements: Presented by Reinhard Gentz and Mahdi Jamei, UC Davis, at the TCIPG Industry Workshop in November 2014.

More Information: