Network-Attack-Resilient Intrusion-Tolerant SCADA for the Power Grid

As key components of the power grid infrastructure, Supervisory Control and Data Acquisition (SCADA) systems are likely to be targeted by nation-state-level attackers willing to invest considerable resources to disrupt the power grid. We present Spire, the first intrusion-tolerant SCADA system that is resilient to both system-level compromises and sophisticated network-level attacks and compromises. We develop a novel architecture that distributes the SCADA system management across three or more active sites to ensure continuous availability in the presence of simultaneous intrusions and network attacks. A wide-area deployment of Spire, using two control centers and two data centers spanning 250 miles, delivered nearly 99.999% of all SCADA updates initiated over a 30-hour period within 100ms. This demonstrates that Spire can meet the latency requirements of SCADA for the power grid.

[1]  Michael Dahlin,et al.  Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults , 2009, NSDI.

[2]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.

[3]  William H. Sanders,et al.  Intrusion detection in enterprise systems by combining and clustering diverse monitor data , 2016, HotSoS.

[4]  John Lane,et al.  Prime: Byzantine Replication under Attack , 2011, IEEE Transactions on Dependable and Secure Computing.

[5]  Alysson Bessani,et al.  SieveQ: A Layered BFT Protection System for Critical Services , 2016, IEEE Transactions on Dependable and Secure Computing.

[6]  Miguel Correia,et al.  Efficient Byzantine Fault-Tolerance , 2013, IEEE Transactions on Computers.

[7]  André Schiper,et al.  Bounded Delay in Byzantine-Tolerant State Machine Replication , 2013, 2013 IEEE 32nd International Symposium on Reliable Distributed Systems.

[8]  Pengfei Sun,et al.  Compromising Security of Economic Dispatch in Power System Operations , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[9]  Yair Amir,et al.  Towards a Practical Survivable Intrusion Tolerant Replication System , 2014, 2014 IEEE 33rd International Symposium on Reliable Distributed Systems.

[10]  Miguel Correia,et al.  JITeR: Just-in-time application-layer routing , 2016, Comput. Networks.

[11]  John Lane,et al.  Steward: Scaling Byzantine Fault-Tolerant Replication to Wide Area Networks , 2010, IEEE Transactions on Dependable and Secure Computing.

[12]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[13]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[14]  Scott Shenker,et al.  Attested append-only memory: making adversaries stick to their word , 2007, SOSP.

[15]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[16]  Cristiano Giuffrida,et al.  Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization , 2012, USENIX Security Symposium.

[17]  Miguel Correia,et al.  Spin One's Wheels? Byzantine Fault Tolerance with a Spinning Primary , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[18]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[19]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[20]  Cristina Nita-Rotaru,et al.  Practical Intrusion-Tolerant Networks , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[21]  Nuno André Carnido Medeiros A faut - and intrusion - tolerant architecture for EDP Distribuição scada system , 2011 .

[22]  Fred B. Schneider,et al.  Proactive obfuscation , 2010, TOCS.

[23]  Miguel Correia,et al.  Highly Available Intrusion-Tolerant Services with Proactive-Reactive Recovery , 2010, IEEE Transactions on Parallel and Distributed Systems.

[24]  Yair Amir,et al.  Deploying Intrusion-Tolerant SCADA for the Power Grid , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[25]  Per Larsen,et al.  Profile-guided automated software diversity , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[26]  Katrina Jessoe,et al.  Utilization and Customer Behavior: Smart Choices for the Smart Grid , 2016 .

[27]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[28]  Alysson Neves Bessani,et al.  OS diversity for intrusion tolerance: Myth or reality? , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[29]  David H. Ackley,et al.  Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[30]  Dong Wei,et al.  Survivable SCADA Via Intrusion-Tolerant Replication , 2014, IEEE Transactions on Smart Grid.

[31]  K. Marzullo,et al.  Towards Low Latency State Machine Replication for Uncivil Wide-area Networks , 2009 .

[32]  Wenbing Zhao,et al.  Byzantine Fault Tolerance for Electric Power Grid Monitoring and Control , 2008, 2008 International Conference on Embedded Software and Systems.

[33]  Saman A. Zonouz,et al.  Detecting Industrial Control Malware Using Automated PLC Code Analytics , 2014, IEEE Security & Privacy.

[34]  William H. Sanders,et al.  SCPSE: Security-Oriented Cyber-Physical State Estimation for Power Grid Critical Infrastructures , 2012, IEEE Transactions on Smart Grid.

[35]  Miguel Correia,et al.  The Crutial Way of Critical Infrastructure Protection , 2008, IEEE Security & Privacy Magazine.

[36]  Miguel Correia,et al.  BFT-TO: Intrusion Tolerance with Less Replicas , 2013, Comput. J..

[37]  A. Bose,et al.  GridStat: A Flexible QoS-Managed Data Dissemination Framework for the Power Grid , 2009, IEEE Transactions on Power Delivery.

[38]  Miguel Correia,et al.  EBAWA: Efficient Byzantine Agreement for Wide-Area Networks , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[39]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[40]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.