Dong-Hoon Shin,Shibo He,Junshan Zhang

DOI: https://doi.org/10.1109/INFOCOM.2014.6848232

2014-01-01

Abstract:Wide-area monitoring, protection and control (WAMPAC) plays a critical role in smart grid, for protection against possible contingencies, by using the Supervisory Control and Data Acquisition (SCADA) system. However, a general consensus is that such a hierarchical system can be highly vulnerable to component (i.e., nodes and links) failures, calling for a robust and cost-effective communication system for smart grid. To this end, we consider a middleware approach to leverage the existing commercial communication infrastructure with abundant connectivity. In this approach, a natural question is how to use the middleware to cohesively “glue” the power grid and the commercial communication infrastructure together, in order to enhance robustness and cost-effectiveness. We tackle this problem while taking into consideration the multi-stage deployment of power devices and their redundant connections. We show that this problem can be cast as a minimum-cost middleware design under incremental deployment-an “online” problem where the input is provided gradually due to the incremental deployment. We design a randomized “online” algorithm, and show that it achieves the order-optimal average competitive ratio. Simulation results demonstrate the performance of our proposed algorithm, compared to the optimal offline solution.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/tsg.2011.2159818

IF: 10.275

2011-01-01

IEEE Transactions on Smart Grid

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.

Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-03-08

Abstract:In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Cryptography and Security,Computers and Society

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

z zhang,y tian,r deng,j ma

DOI: https://doi.org/10.1109/JIOT.2022.3161790

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The smart grid (SG), as one of the largest evolutionary critical infrastructures, witnesses the deep integration of electricity facilities and Internet of Things (IoT). But recent events show that the vulnerabilities exposed in IoT devices can be exploited by adversaries to construct the cyberattacks on SG. To address this threat, plenty of countermeasures have been proposed to enhance the SG’s security. However, the additional costs introduced by some countermeasures make the utilities hesitate to implement them practically. To alleviate this concern, in this article, we propose a double-benefit moving target defense (dB-MTD) to protect the SG from cyber–physical attacks (CPAs) and also gain generation-cost benefits. The dB-MTD enables the prevention of stealthy CPAs on the transmission lines by perturbing the reactances with the distributed flexible AC transmission system (D-FACTS). To reduce the infrastructure cost, we minimize the number of required D-FACTS devices for a specific protection goal. Although it needs investment on D-FACTS, we find that the utility can make profits from the generation costs by appropriately setting the reactance perturbations. Therefore, we formulate an optimization problem to compute the optimal reactance perturbations to maximize the generation-cost benefits, without sacrificing the protection performance of dB-MTD. Finally, using the real-world load profiles, we conduct extensive simulations to evaluate the impact of CPA on the system operation and the benefits obtained by the dB-MTD from the aspects of the D-FACTS deployment and the generation-cost profits.

Longhua Guo,Mianxiong Dong,Kaoru Ota,Jun Wu,Jianhua Li

DOI: https://doi.org/10.1109/GLOCOM.2016.7841519

2016-01-01

Abstract:With the rapid growth of the Internet, the current TCP/IP based network cannot well satisfy the requirements such as scalable content distribution, mobility, security and so on. The new networking architectures which aren't based on TCP/IP have been a trade of next generation networking such as Information-Centric Networking (ICN). In smart grid, parts of communication protocol in IEC 61850 are also not based on TCP/IP architecture such as Sampled Value (SV) and Generic Object-Oriented Substation Event (GOOSE). IEC 61850 based smart substation employing wireless network has significantly improved the interoperability and interconnection of substation devices. However, with the amount and openness growth of Intelligent Electronic Devices (IED) nodes, these changes introduce new efficiency, reliability and security challenges especially in wireless network. The strict time requirement has limited the use of heavyweight security protocols to fight against cyber-attacks. To address these issues, a name-based security mechanism using ICN is proposed for the non TCP/IP based SV and GOOSE communication. Publish/subscribe (pub/sub) based access control and lightweight encryption algorithm are utilized to secure the decentralized large-scale smart grid data sharing. The results show the proposed mechanism is secure and efficient for IEC 61850 communication employing wireless network.

Aamir Shahzad,Malrey Lee,Neal Naixue Xiong,Gisung Jeong,Young-Keun Lee,Jae-Young Choi,Abdul Wheed Mahesar,Iftikhar Ahmad

DOI: https://doi.org/10.3390/s16030322

2016-03-03

Abstract:In Industrial systems, Supervisory control and data acquisition (SCADA) system, the pseudo-transport layer of the distributed network protocol (DNP3) performs the functions of the transport layer and network layer of the open systems interconnection (OSI) model. This study used a simulation design of water pumping system, in-which the network nodes are directly and wirelessly connected with sensors, and are monitored by the main controller, as part of the wireless SCADA system. This study also intends to focus on the security issues inherent in the pseudo-transport layer of the DNP3 protocol. During disassembly and reassembling processes, the pseudo-transport layer keeps track of the bytes sequence. However, no mechanism is available that can verify the message or maintain the integrity of the bytes in the bytes received/transmitted from/to the data link layer or in the send/respond from the main controller/sensors. To properly and sequentially keep track of the bytes, a mechanism is required that can perform verification while bytes are received/transmitted from/to the lower layer of the DNP3 protocol or the send/respond to/from field sensors. For security and byte verification purposes, a mechanism needs to be proposed for the pseudo-transport layer, by employing cryptography algorithm. A dynamic choice security buffer (SB) is designed and employed during the security development. To achieve the desired goals of the proposed study, a pseudo-transport layer stack model is designed using the DNP3 protocol open library and the security is deployed and tested, without changing the original design.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/PES.2011.6039697

2011-01-01

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless technologies including 802.15.4, 802.11, and the Zigbee protocol. Each of these will expose the power grid to cyber security threats. In order to address this issue, this work proposes a Distributed Intrusion Detection System for Smart Grids (SGDIDS) by developing and deploying an intelligent module, the Analyzing Module (AM) in the multiple layers of smart grids. Multiple AMs will be embedded at each level of the smart grid - the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN) - where they will use Artificial Immune System (AIS) to detect and classify malicious data and possible cyber attacks. AMs at each level will be trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for identifying malicious network traffic and improving system security.

Mansi Girdhar,Kuchan Park,Wencong Su,Junho Hong,Akila Herath,Chen-Ching Liu

2024-11-12

Abstract:In recent years, critical infrastructure and power grids have increasingly been targets of cyber-attacks, causing widespread and extended blackouts. Digital substations are particularly vulnerable to such cyber incursions, jeopardizing grid stability. This paper addresses these risks by proposing a cybersecurity framework that leverages software-defined networking (SDN) to bolster the resilience of substations based on the IEC-61850 standard. The research introduces a strategy involving smart cyber switching (SCS) for mitigation and concurrent intelligent electronic device (CIED) for restoration, ensuring ongoing operational integrity and cybersecurity within a substation. The SCS framework improves the physical network's behavior (i.e., leveraging commercial SDN capabilities) by incorporating an adaptive port controller (APC) module for dynamic port management and an intrusion detection system (IDS) to detect and counteract malicious IEC-61850-based sampled value (SV) and generic object-oriented system event (GOOSE) messages within the substation's communication network. The framework's effectiveness is validated through comprehensive simulations and a hardware-in-the-loop (HIL) testbed, demonstrating its ability to sustain substation operations during cyber-attacks and significantly improve the overall resilience of the power grid.

Cryptography and Security,Emerging Technologies

Sohini Roy

DOI: https://doi.org/10.48550/arXiv.2008.00958

2020-07-30

Networking and Internet Architecture

Abstract:Critical infrastructure systems like power grid require an improved critical in-formation infrastructure (CII) that can not only help in monitoring of the crit-ical entities but also take part in failure analysis and self-healing. Efficient designing of a CII is challenging as each kind of communication technology has its own advantages and disadvantages. Wired networks are highly scala-ble and secure, but they are neither cost effective nor dynamic in nature. Wireless communication technologies on the other hand are easy to deploy, low cost etc. but they are vulnerable to cyber-attacks. In order to optimize cost, power consumption, dynamic nature, accuracy and scalability a hybrid communication network is designed in this paper where a portion of the communication network is built using wireless sensor networks (WSN) and the rest is a wired network of fiber optic channels. To offer seamless opera-tion of the hybrid communication network and provide security a Secure Smart Grid Monitoring Technique (SSGMT) is also proposed. The perfor-mance of the proposed hybrid CII for the generation and transmission sys-tem of power grid coupled with the SSGMT during different cyber-attacks is tested using NS2 simulator. The simulation results show that the SSGMT for a joint power communication network of IEEE 118-Bus system performs better than the prevailing wireless CIIs like Lo-ADI and Modified AODV.

Vivek Kumar Singh,Manimaran Govindarasu

DOI: https://doi.org/10.1007/978-3-030-54275-7_22

2020-09-22

Abstract:Today’s electric power grid is a complex, automated, and interconnected cyber-physical system (CPS) that relies on supervisory control and data acquisition (SCADA)-based communication infrastructure for operating wide-area monitoring, protection, and control (WAMPAC) applications. With a push towards making the grid smarter, the critical SCADA infrastructure like power system is getting exposed to countless cyberattacks that necessitate the development of state-of-the-art intrusion detection systems (IDS) to provide comprehensive security solutions at different layers in the smart grid network. While considering the continuously evolving attack surfaces at physical, communication, and application layers, existing conventional IDS solutions are insufficient and incapable to resolve multi-dimensional cybersecurity threats because of their specific nature of the operation, either a data-centric or protocol-centric, to detect specific types of attacks. This chapter presents a hybrid intrusion detection system framework by integrating a network-based IDS, model-based IDS, and state-of-the-art machine learning-based IDS to detect unknown and stealthy cyberattacks targeting the SCADA networks. We have applied the cyber-kill model to develop and demonstrate attack vectors and their associated mechanisms. The hybrid IDS utilizes attack signatures in grid measurements and network packets as well as leverages secure phasor measurements to detect different stages of cyber-attacks while following the kill-chain process. As a proof of concept, we present the experimental case study in the context of centralized wide-area protection (CWAP) cybersecurity by utilizing resources of the PowerCyber testbed at Iowa State University (ISU). We also describe different classes of implemented cyber-attacks and generated heterogeneous datasets using the IEEE 39 bus system. Finally, the performance of the hybrid IDS is evaluated based in terms of detection rate in real-time cyber-physical environment.

Jin Wang,Liping Wang,Ruiqing Wang

DOI: https://doi.org/10.3390/e25081210

IF: 2.738

2023-08-15

Entropy

Abstract:Software defined networking (SDN) improves the flexibility and programmability of the network by separating the control plane and the data plane and effectively realizes the global control of the network infrastructure. However, the centralized structure design of SDN exposes the controller to potential threats. Attackers have used the active flow table delivery mode to launch distributed denial of service (DDoS) attacks on the SDN controller, resulting in the controller failure and seriously affecting the network performance. To overcome this problem, this paper proposes a defense framework called CC-Guard. The framework consists of four modules: attack detection triggering, switch migration, anomaly detection, and mitigation. Among them, the attack detection trigger module improves the system's timely response to DDoS attacks. The switch migration module effectively unclogs the controller congestion problem and provides convenience for network flow transmission. The anomaly detection module uses a coarse-grained method for two-stage detection, which improves the detection accuracy. The mitigation module uses the idea of cross-domain cooperation of the controller to clear the abnormal flow in the blacklist. Experimental results show that our proposed CC-Guard has real-time DDoS attack defense capability and high detection accuracy, as well as efficient network resource utilization.

physics, multidisciplinary

Wajid Rafique,Xin He,Zifan Liu,Yuhu Sun,Wanchun Dou

DOI: https://doi.org/10.1109/HPCC/SmartCity/DSS.2019.00080

2019-01-01

Abstract:Managing the Internet of Things (IoT) infrastructure has become a critical challenge due to an enormous increase in the connected devices and the lack of available security solutions. Software-Defined Networking (SDN) has been extensively involved in network infrastructure management. Moreover, numerous recent studies demonstrate the use of SDN for managing IoT networks. In SDN, policy consistency and security of the data plane is maintained through Waypoint Enforcement (WPE) which ensures that the traffic traverses policy nodes/switches to implement high-level network requirements. Previous studies on SDN primarily secure SDN infrastructure against traditional Distributed Denial of Service (DDoS) attacks. However, we investigate Crossfire Attack (CFA), which is a novel DDoS attack capable of interrupting communication of data plane switches using low-rate legitimate traffic. CFA has the potential to isolate policy switch from the rest of the data plane devices which introduces many security anomalies and routing inconsistencies. We first demonstrate how CFA is lethal on policy switch attacks and then present the design and implementation of a novel CFA countermeasure called CFADefense, which employs link selection, attack detection, and malicious flows interception modules. CFADefense has been developed as an application at the application layer of the open-source Floodlight controller. Our evaluation demonstrates that CFADefense accurately detects and efficiently mitigates CFA and poses minimal overhead on the controller in dealing with this attack.

Abhijeet Sahu,Patrick Wlazlo,Nastassja Gaudet,Ana Goulart,Edmond Rogers,Katherine Davis

2023-06-27

Abstract:Electric power delivery relies on a communications backbone that must be secure. SCADA systems are essential to critical grid functions and include industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power systems, as cyber-physical critical infrastructure, must be protected against. For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5 specifies that an electronic system perimeter is needed, accomplished with firewalls. This paper presents how these electronic system perimeters can be optimally found and generated using a proposed meta-heuristic approach for optimal security zone formation for large-scale power systems. Then, to implement the optimal firewall rules in a large scale power system model, this work presents a prototype software tool that takes the optimization results and auto-configures the firewall nodes for different utilities in a cyber-physical testbed. Using this tool, firewall policies are configured for all the utilities and their substations within a synthetic 2000-bus model, assuming two different network topologies. Results generate the optimal electronic security perimeters to protect a power system's data flows and compare the number of firewalls, monetary cost, and risk alerts from path analysis.

Systems and Control

Gengshen Lin,Mianxiong Dong,Kaoru Ota,Jianhua Li,Wu Yang,Jun Wu

DOI: https://doi.org/10.1109/icc.2019.8761217

2019-01-01

Abstract:Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

Xiao Chun Yin,Zeng Guang Liu,Lewis Nkenyereye,Bruce Ndibanje

DOI: https://doi.org/10.3390/s19224952

2019-11-14

Abstract:We present an innovative approach for a Cybersecurity Solution based on the Intrusion Detection System to detect malicious activity targeting the Distributed Network Protocol (DNP3) layers in the Supervisory Control and Data Acquisition (SCADA) systems. As Information and Communication Technology is connected to the grid, it is subjected to both physical and cyber-attacks because of the interaction between industrial control systems and the outside Internet environment using IoT technology. Often, cyber-attacks lead to multiple risks that affect infrastructure and business continuity; furthermore, in some cases, human beings are also affected. Because of the traditional peculiarities of process systems, such as insecure real-time protocols, end-to-end general-purpose ICT security mechanisms are not able to fully secure communication in SCADA systems. In this paper, we present a novel method based on the DNP3 vulnerability assessment and attack model in different layers, with feature selection using Machine Learning from parsed DNP3 protocol with additional data including malware samples. Moreover, we developed a cyber-attack algorithm that included a classification and visualization process. Finally, the results of the experimental implementation show that our proposed Cybersecurity Solution based on IDS was able to detect attacks in real time in an IoT-based Smart Grid communication environment.

L. Rajesh,Penke Satyanarayana

DOI: https://doi.org/10.1007/s11277-023-10738-0

IF: 2.017

2023-09-21

Wireless Personal Communications

Abstract:Industrial control systems (ICS) like supervisory control and data acquisition (SCADA) systems play a crucial role in monitoring and controlling various process industries in national critical infrastructures. They are connecting to internet and highly inter-connected corporate networks for sharing the field data to third party heterogeneous systems like enterprise resource planning, third party SCADA systems etc. Even though it helps to share the data for monitoring and control of systems, it also opens the doors for cyber-attacks. It needs to strengthen the cyber security of these SCADA systems. There are various components in SCADA systems which requires to build security in these components. Generally, most of the SCADA systems uses MODBUS communication protocol for scanning the PLC devices to acquire the field data. The communication protocol security is one of the main components which was little addressed. The MODBUS protocol was developed without security in mind because security aspect was not a concern in closed environments of industrial control systems. It is highly vulnerable to cyber-attacks. There are some methods already developed by scholars to implement security in MODBUS protocol, but the existing methods modified the MODBUS frame formats. Hence, they are not suitable to the existing legacy systems because they do not support interoperability between various industry manufacturer’s products. Another critical problem in existing methods is all the required security features were not implemented in a single method which would satisfy the security features like integrity, confidentiality, non-repudiation, authorization and authentication. In this paper, we designed and developed a new method by developing Secure Modbus Gateway Server and Client modules to provide secure data transfer between data acquisition servers and PLCs. In this methodology, the modules were developed using RSA and AES algorithms for achieving confidentiality and non-repudiation, SHA algorithm to provide integrity of the message. These modules also support authorization and authentication features. The time stamp in the Modbus frame was also included and transmitted to prevent replay attacks. The advantages of these modules/methodology are, it supports all required features for secure data transfer like integrity, confidentiality, non-repudiation, authorization and authentication. They also provide time stamp, frame filtering and exception response alarm triggering features. These modules also support interoperability and they can be easily installed in existing legacy systems. We measured performance metrics like attack resilience rate (ARP), attack penetration rate (APR) and overheads. This method protects the ICS system for 97% of attacks. The overhead on protocol was also calculated and it is found that 3.5% extra delay in round trip time which is very minor and can be tolerated in exchange of the important security benefits offered.

telecommunications

Dennis Agnew,Sharon Boamah,Janise McNair

2023-06-26

Abstract:Smart grids are replacing conventional power grids due to rising electricity use, failing infrastructure, and reliability problems. Two-way communication, demand-side administration, and real-time pricing make smart grids (SGs) dependent on its communication system. Manual network administration slows down SG communication. SG networks additionally utilize hardware and software from several vendors, allowing devices to communicate. Software-defined SGs (SD-SG) use software-defined networking (SDN) to monitor and regulate SG global communication networks to address these concerns. SDN separates the data plane (routers and switches) from the control plane (routing logic) and centralizes control into the SDN controller. This helps network operators manage visibility, control, and security. These benefits have made SDN popular in SG architectural and security studies. But because SD-SGs are vulnerable to cyberattacks, there are concerns about the security of these SD-SG networks. Cybercriminals can attack software-defined communication networks, affecting the power grid. Unauthorized access can be used to intercept messages and introduce false data into system measurements, flood communication channels with fraudulent data packets, or target controllers, a potential single point of failure, to cripple SDN networks. Current research reflects this paradigm as defense and security against such attacks have developed and evolved. There is a need for a current study that provides a more detailed analysis and description of SD-SG network security dangers and countermeasures, as well as future research needs and developing threats for the sector. To fill this void, this survey is presented.

Systems and Control

Dong Li,Huaqun Guo,Jianying Zhou,Luying Zhou,Jun Wen Wong

DOI: https://doi.org/10.1016/j.cose.2018.10.002

2019-01-01

Abstract:Many firewalls have been extending their security capabilities to support Supervisory Control and Data Acquisition (SCADA) systems or to protect the operations within industrial process control. A SCADA firewall usually needs to inspect deeper into the payload to understand exactly what detailed industrial applications are being executed. However, security features in traditional SCADA firewalls have drawbacks in two main aspects. First, a traditional Deep Packet Inspection (DPI) enabled SCADA firewall only partially inspects the content of payload. Specially-crafted packets carrying malicious payload can exploit this drawback to bypass the firewall’s inspection. Second, existing SCADA firewalls have poor capability for protecting proprietary industrial protocols. In this paper, we propose a new SCADA firewall model called SCADAWall. This model is powered by our Comprehensive Packet Inspection (CPI) technology. SCADAWall also includes a new Proprietary Industrial Protocols Extension Algorithm (PIPEA) to extend capabilities to proprietary industrial protocol protection, and an Out-of-Sequence Detection Algorithm (OSDA) to detect abnormality within industrial operations. We have compared our security features with two commercial SCADA firewalls. Our experiment also shows that SCADAWall can effectively mitigate those drawbacks without sacrificing SCADA system’s low latency requirement.

computer science, information systems