Security Issues in SCADA Systems

Main Article Content

Dr. James H. Graham
Mr, Sandip C, Patel

Abstract

Supervisoiy Control and Data Acquisition (SCADA) networks control critical infrastructure of many countries. They perform vital functions for utility companies including electricity, natural gas, oil, water, sewage, an d railroads. The SCADA networks can he easy targets for unauthorized intrusions that can result in devastating attack s by terrorists. This research identifies threats faced by SCADA and investigates cost-efficient methods to enhance its security in the light of DNP3 protocols, which h as b eco m e a d e fa c to industry standard protocol for implementing the SCADA technology. We propose cost-effective implementation alternatives
including SSL/TLS, IPsec, object security, encryption, and message authentication object. The paper evaluates implementation details of the se solutions, and analyzes and com pares these approaches. Finally, we provide new research directions to m ore adequately secure SCADA networks an d the protocols over the long term.

RESEARCH ARTICLE

Article Details

Issue

2nd Edition of DTR Oct 2004 – Mar 2005

Section

Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

RESEARCH ARTICLE

How to Cite

Security Issues in SCADA Systems. (2004). DIAS Technology Review, 1(2), 51-57. https://doi.org/10.65301/dias.2004.1.2.194

References

1. American Gas Association, "Cryptographic Protection o f SCADA Communications,” Report No. 12-1, March 2003.

2. ARC Advisory Group, Market Study, “SCADA Systems for Electric Power Worldwide Outlook.” http://www.arcweb.com/research/pdfs/Study_scadapwr_ww.pdf

3. Bent, Dan, “OSSI Making Progress on NIST Certification o f Open SSL,” December 10, 2003. http:/’/www. lin uxworld. com/story/38162.htm

4. Berket, K., Agarwal, D. A. and Chevassut, O., “A Practical Approach to th e InterGroup Protocols,” Future Generation Computer

Systems, Vol. 18, No. 5, April2002, pp. 709-719.

5. CERTV ulnerability Report in TCP dated: April20,2004 http://www.us-ert.gov/cas/techalerts/TA04-ll lA.html

6. Crocker, D. and Klyne, G., “Internet Data Object Security," The G5 Messaging Forum, March 12,1998.

http://www.brandenburg.com/articles/datasecurity/

7. DNP3 ftp site, File: TD-AuthenticationObject-GG-l.doc. ftp://dnp.org/Tech%20Bulletin%20Drafts/

8. DNP3 Technical Document: “Is DNP 3.0 the Right Standard for You?, "June 2000. http://dnp. org/files/2000-06- UA-DNP.pdf

9. DNP3 Technical Document: “A DNP3 Protocol Primer,” June 2000. http://dnp.org/files/dnp3_primer.pdf

10. DOE (U. S. Department o f Energy), the Office o f Energy Assurance “21 Steps to Improve Cyber Security o f SCADA Networks,”

Reference document, http://www.ea.doe.gov/pdfs/21stepsbooklet.pdf

11. Farahmand, E, Navathe, S.B., Enslow, P.H., and Sharp, G.P., "Managing vulnerabilities o f information systems to security

incidents,” Proceedings o f the 5th international conference on Electronic commerce, Pittsburgh, Pennsylvania, September 2003, pp. 348 354.

12. Freudenthal, E.; Port, L.; Pesin, T.; Keenan, E.; Karamcheti, V., “Switchboard: secure, monitored connections for client-server

communication,” Proc. o f the 22nd International Conference on Distributed Computing Systems Workshops, 2-5 July2002, pp. 660 -665.

13. Frost and Sullivan, Company news, “European SCADA systems Market in Dynamic Shape," 11 October 2001.

http://www.engineeringtalk.com/news/fro/frol44.html IEC (The International Electrotechnical Commission) homepage.

https://domino.iec.ch/webstore/webstore.nsf/artnum/030578

14. Makhija, J. and Subramanyan, L.R., “Comparison o f protocols used in remote monitoring: DNP 3.0, IEC 870-5-101 & Modbus.”

http://www.ee.iitb.ac.in/~esgroup/es_mtech03_sem/sem03_paper_03307905.pdf

15. National Infrastructure Protection Cen ter “Terrorist Interest in Water Supply and SCADA Systems "Information Bulletin 02-001,

30 January 2002.

16. http://www.nipc.gOv/publications/infobulletins/2002/ib02-001.htm

17. News Diary, Industrial Networking, “Market Reports from ARC,” Vol. 7, No. 3, Feb. 2004.

http://www.industrialnetworking.co.uk/mag/v7-3/f_markreps.html

18. OpenSSL website, http://www.openssl.org/

19. Poulsen, K., “Brits pound OpenSSL bugs ”Security Focus, Sep 30 2003. http://www.securityfocus.com/news/7103

20. Rescorla, E., SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2001.

21. SSUTLS Web page^by Dan Kegel, http://www.kegel.com/ssl/

22. United States General Accounting Office, Statement o f Robert F. Dacey, “CRITICAL INFRASTRUCTURE PROTECTION

Challenges in Securing Control Systems” October 1,2003. http://www.gao.gov/new.items/d04140t.pdf

23. Yasinsac, A.; Childs, J.; “Analysing Internet security protocols," Proc. o f the Sixth IEEE International Symposium on High Assurance

Systems Engineering, 22-24 Oct. 2001, pp. 149-159.

Article Sidebar

PDF | Abstract
Published: 2004-04-30
DOI: https://doi.org/10.65301/dias.2004.1.2.194