Security and protection of SCADA: a bigdata algorithmic approach

Due to technological advances, it has been a common practice for quite some time to use embedded computers for the monitoring and control of physical processes/plants. These are essentially networked computer-based systems consisting of application-specific control-processing systems, actuators, sensors etc., used for digitally controlling physical systems (often in a federated manner) within a defined geographical location such as power plants, chemical plants etc. Different terminologies like distributed control systems (DCS), cyber-physical systems (CPS), supervisory control and data acquisition systems(SCADA) etc., are used to denoting similar usage. Technology has further made it possible to federate/ integrate heterogeneous (even built by different manufacturers) systems. While such capabilities have provided the needed flexibility and user convenience, it has also created challenges for system designers not only from the correctness point of view but also from the point of view of security and protection of the underlying physical plants. With the arrival of complex malwares, it has become very challenging to secure network and information systems from intruders and protect the systems from attackers. Recently, complex malwares like Stuxnet, Flame etc., have specifically targeted SCADA of public infrastructures like power grids/plants, and thus, bringing to the forefront the challenges in securing and protecting SCADA. The above mentioned malwares are horrendously complex and hence, need a wholesome approach for detection and protection. In these scenarios, apart from the classical IT security, there is a need to look at other plausible new attacks considering the domain of the physical systems in conjunction with the capabilities of the embedded computers, and arrive at methods of protection and risk evaluation. In this paper, we shall describe an algorithmic data-intensive approach (referred to as Bigdata approach) for protecting and securing SCADA from malware attacks. The approach is based on using the data used by control-system designers for making the system robust, and then reducing the security and protection problem of control systems or SCADA, in general, to the problem of monitoring distributed streaming data. We further show that the method is algorithmically scalable and argue that such algorithmic Bigdata approaches enable securing and protecting of IT controlled public infrastructures.

[1]  Morten Lauge Pedersen,et al.  Encyclopedia of Life Support Systems (EOLSS) , 2005 .

[2]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[3]  Gills Vilar Lopes,et al.  RESEÑA: CLARKE, Richard A.; KNAKE, Robert K. Cyber war: the next threat to national security and what to do about it. 2. ed. New York: HarperCollins, 2012. , 2014 .

[4]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  Somesh Jha,et al.  Mining specifications of malicious behavior , 2008, ISEC '08.

[6]  Éric Filiol,et al.  Computer Viruses: from theory to applications (Collection IRIS) , 2005 .

[7]  Ernesto Damiani,et al.  Composite Intrusion Detection in Process Control Networks , 2008 .

[8]  Michèle Basseville Statistical Methods for Change Detection , 2011 .

[9]  SchusterAssaf,et al.  A geometric approach to monitoring threshold functions over distributed data streams , 2007 .

[10]  Éric Filiol Computer Viruses: from Theory to Applications , 2005 .

[11]  Somesh Jha,et al.  Testing malware detectors , 2004, ISSTA '04.

[12]  R. K. Shyamasundar,et al.  Can we certify systems for freedom from malware , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[13]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[14]  Assaf Schuster,et al.  A geometric approach to monitoring threshold functions over distributed data streams , 2007, ACM Trans. Database Syst..

[15]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.