Direction of Security Monitoring for Substation Automation Systems

Hong, Sugwon; Lee, Jae Myeong

doi:10.11159/eee19.117

World Congress on Electrical Engineering and Computer Systems and Science

2019

DOI: 10.11159/eee19.117

|View full text |Cite

Direction of Security Monitoring for Substation Automation Systems

Sugwon Hong¹,

Jae Myeong Lee²

Abstract: All security measures which have been proposed ultimately come under three security strategies: network separation, communication message security, and security monitoring. However, considering the recent sophisticated attacks against SCADA/ICS systems, these security strategies cannot provide sufficient security measures. These attacks try to hijack or take control of host systems, control servers and eventually control devices, once they penetrate the networks in one way or another. Their attack vectors are … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2020

Publication Types

Select...

Article1

Relationship

Self Cite1

Independent0

Authors

Journals

Cited by 1 publication

(1 citation statement)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even though these three strategies give us a holistic approach to SCADA security, recent attacks on SCADA/ICS systems such as Stuxnet, Black Energy 3, Triton, and Industroyer make us realize that these strategies are necessary but not sufficient. The nature of these attacks is that once attackers penetrate the SCADA network, they take control of host systems by process manipulation, whether they are control servers or local device controllers [7]. Moreover, attackers use specially designed malware for SCADA to invade the core system of SCADA and achieve their attack goals [8], [9].…”

mentioning

confidence: 99%

Keeping Host Sanity for Security of the SCADA Systems

Lee

Hong

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

Cyber attacks targeting the Supervisory Control and Data Acquisition (SCADA) systems are becoming more complex and more intelligent. Currently proposed security measures for the SCADA systems come under three categories: physical/logical network separation, communication message security, and security monitoring. However, the recent malwares which were used successfully to disrupt the critical systems show that these security strategies are necessary, but not sufficient to defend these malwares. The malware attacks on the SCADA system exploit weaknesses of host system software environment and take over the control of host processes in the SCADA system. In this paper, we explain how the malware interferes in the important process logics, and invades the SCADA host process by using Dynamic Link Library (DLL) Injection. As a security measure, we propose an algorithm to block DLL Injection efficiently, and show its effectiveness of defending real world malwares using DLL Injection technique by implementing as a library and testing against several DLL Injection scenarios. It is expected that this approach can prevent all the hosts in the SCADA system from being taken over by this kind of malicious attacks, consequently keeping its sanity all the time. INDEX TERMS SCADA security, malware, DLL injection, code injection, host system security. I. INTRODUCTION The Supervisory Control and Data Acquisition (SCADA), more broadly the Industrial Control System (ICS), is a system to monitor and control geographically distributed large-scale process field devices. The cyber attacks on the SCADA/ICS systems are considered severe threats for the critical industrial facilities like power grid due to their catastrophic impact on industry development and social safety. For this reason, to maintain the health and sanity of the SCADA/ICS system against cyber attacks poses daunting challenges. All security measures which have been considered and published for the SCADA/ICS systems can be classified into three categories: physical/logical network separation, communication message security, and security monitoring [1]. Network separation is based on the concept of Defense in Depth [2], [3]. The logical separation is to separate a SCADA/ICS network into several segmented zones or domains depending on criticality or functionality. The associate editor coordinating the review of this manuscript and approving it for publication was Jiafeng Xie.

show abstract

mentioning

confidence: 99%

Keeping Host Sanity for Security of the SCADA Systems

Lee

Hong

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Direction of Security Monitoring for Substation Automation Systems

Cited by 1 publication

References 2 publications

Keeping Host Sanity for Security of the SCADA Systems

Keeping Host Sanity for Security of the SCADA Systems

Contact Info

Product

Resources

About