Supervisory control and data acquisition (SCADA) networks control the critical infrastructure of many countries. The lack of security in the SCADA networks has caused an urgency to upgrade existing systems to withstand hostile attacks. When new security models are proposed to enhance security of SCADA systems, the models have to be tested to verify that they provide the intended security. In this research, vulnerability and threat analyses are presented as effective methods for testing new SCADA security models. We illustrate the use of these methods on two security models for enhancing SCADA communication protocol.
[Keywords] SCADA; security models; DNP 3; threat evaluation; vulnerability Analysis
Supervisory control and data acquisition (SCADA) networks are used by industrial sectors and critical infrastructure utilities to carry data on electricity, water, oil, and gas. A SCADA system is a common process automation system that helps gather field data from sensors and instruments, transmit and display this data at a central site, and send control messages to the field devices. That is, SCADA networks enables receiving such data from remote field devices and sending control messages to remote devices from a control station. The field data is usually viewed on one or more SCADA host computers, referred as the master terminal units or MTUs, located at the central or master site. Real- world SCADA MTUs can monitor and control several hundred field devices known as remote terminal units or RTUs. In addition to infrastructure utilities, SCADA networks are also used in industrial process plants, such as steel production, power generation (conventional and nuclear) and distribution, and nuclear fusion. The size of such plants ranges from a few thousand to several thousand input/output (I/O) channels. However, SCADA systems evolve rapidly and are now penetrating the market of plants with I/O channels of up to several hundred thousand.
The reliability of operations of modern infrastructures and many critical industries depends heavily on SCADA networks. SCADA disruptions can directly and indirectly affect many different infrastructures, impact large geographic regions, and send ripples throughout the national and global economy. Cyber interdependencies are a result of the pervasive computerization and automation of infrastructures (Rinaldi et al., 2001). For example, the disruption of the electric power infrastructure disrupts fuels (natural gas and petroleum), which, in turn, disrupts, transportation, water, banking and finance, and telecommunication.
The architecture of a SCADA system consists of one or more MTUs that are used by engineers in a control station to monitor and control a large number of RTUs. An MTU is a midrange computer running SCADA utility programs. RTUs are generally small dedicated devices with some processing power, designed for rough field or industrial environment. One or more SCADA MTUs retrieve real-time analog and status data from RTUs, store, and analyze these data. MTUs automatically send control commands to the RTUs or enable the engineers to do so manually. The modern SCADA control systems lack security and are very vulnerable to cyber attacks (Byres, Hoffman, and Kube, 2006).
Modern SCADA networks, integrated with corporate networks and the Internet, have become far more vulnerable to unauthorized cyber attacks. By sending a false control message, an unauthorized intruder for example, can manipulate traffic signals, electric-power switching stations, chemical process-control systems, or sewage-water valves, creating major damage to public safety and health. Risk management is a decision-making process and a phase in the life cycle of information security management (Conklin et al., 2004). It is an iterative process to manage risk, identify the threats, and determine what could happen to an organization if the threats were to happen, and then analyze what can be done to control the impact. …