Security Enhancements for Distributed Control Systems

Security enhancements for distributed control systems (DCSs) must be sensitive to operational issues, especially availability. This paper presents three security enhancements for DCSs that satisfy this requirement: end-to-end security for DCS protocol communications, role-based authorization to control access to devices and prevent unauthorized changes to operational parameters, and reduced operating system kernels for enhanced device security. The security enhancements have been implemented on a laboratory-scale testbed utilizing the DNP3 protocol, which is widely used in electrical power distribution systems. The test results show that the performance penalty for implementing the security enhancements is modest, and that the implemented mechanisms do not interfere with plant operations.

[1]  Deborah A. Frincke,et al.  CONCERNS ABOUT INTRUSIONS INTO REMOTELY ACCESSIBLE SUBSTATION CONTROLLERS AND SCADA SYSTEMS , 2000 .

[2]  T. Kropp System threats and vulnerabilities [power system protection] , 2006, IEEE Power and Energy Magazine.

[3]  Nadine Hanebutte,et al.  The MILS Architecture for a Secure Global Information Grid , 2005 .

[4]  Jeffrey B. Roberts,et al.  Safeguarding IEDs, Substations, and SCADA Systems Against Electronic Intrusions , 2001 .

[5]  D.J. Gaushell,et al.  SCADA communication techniques and standards , 1993, IEEE Computer Applications in Power.

[6]  Jeffrey B. Roberts,et al.  ELECTRONIC SECURITY OF REAL-TIME PROTECTION AND SCADA COMMUNICATIONS , 2003 .

[7]  John D. Fernandez,et al.  SCADA systems: vulnerabilities and remediation , 2005 .

[8]  Ann Miller Trends in Process Control Systems Security , 2005, IEEE Secur. Priv..

[9]  Mahmut T. Kandemir,et al.  A parallel architecture for secure FPGA symmetric encryption , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[10]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[11]  Sandip C. Patel,et al.  Secure internet-based communication protocol for scada networks , 2006 .

[12]  David Geer Security of critical control systems sparks concern , 2006, Computer.

[13]  M. Naedele,et al.  Human-Assisted Intrusion Detection for Process Control Systems , 2004 .

[14]  T. Brown Security in SCADA systems: how to handle the growing menace to process automation , 2005 .

[15]  Jochen Liedtke,et al.  On micro-kernel construction , 1995, SOSP.

[16]  Andrew K. Wright,et al.  Low-Latency Cryptographic Protection for SCADA Communications , 2004, ACNS.

[17]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[18]  McClanahan SCADA and IP: is network convergence really here? , 2003 .

[19]  Jim Alves-Foss,et al.  A multi-layered approach to security in high assurance systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[20]  R.W. Thomas,et al.  Next generation SCADA security: best practices and client puzzles , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[21]  E.J. Byres,et al.  Industrial cybersecurity for power system and SCADA networks , 2005, Record of Conference Papers Industry Applications Society 52nd Annual Petroleum and Chemical Industry Conference.