Security Enhancements for Distributed Control Systems

Hieb, Jeffrey L.; Graham, James H.; Patel, Sandip C.

doi:10.1007/978-0-387-75462-8_10

Cited by 22 publications

(24 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These protocols provide interconnectivity with DNP3 over the Internet. Therefore, this protocol is also defined as an open or non-proprietary protocol in SCADA systems [1][2][3][6][7][8][9][10][11].…”

Section: Dnp3mentioning

confidence: 99%

“…The security percentage is computed from the second scenario and this shows the significant enhancements of DNP3 security in automated polling during open connectivity with protocols such as TCP/IP. This also shows great enhancements compared to the first scenario and third scenario and with existing end-to-end developments [8][9][10][11][12][13][14][16][17][18][19]22,24,34,50,52]. …”

Section: Attack Detection and Securitymentioning

confidence: 99%

“…Therefore, a specified time is crucial for each node during SCADA transmission [6,10]. Several security designs for that type of transmission are inappropriate due to time limitations [6,[10][11][12].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

et al. 2015

View full text Add to dashboard Cite

Modern technology enhancements have been used worldwide to fulfill the requirements of the industrial sector, especially in supervisory control and data acquisition (SCADA) systems as a part of industrial control systems (ICS). SCADA systems have gained popularity in industrial automations due to technology enhancements and connectivity with modern computer networks and/or protocols. The procurement of new technologies has made SCADA systems important and helpful to processing in oil lines, water treatment plants, and electricity generation and control stations. On the other hand, these systems have vulnerabilities like other traditional computer networks (or systems), especially when interconnected with open platforms. Many international organizations and researchers have proposed and deployed solutions for SCADA security enhancement, but most of these have been based on node-to-node security, without emphasizing critical sessions that are linked directly with industrial processing and automation. This study concerns SCADA security measures related to critical processing with specified sessions of automated polling, analyzing cryptography mechanisms and deploying the appropriate explicit inclusive security solution in a distributed network protocol version 3 (DNP3) stack, as part of a SCADA system. The bytes flow through the DNP3 stack with security OPEN ACCESSSymmetry 2015, 7 1946 computational bytes within specified critical intervals defined for polling. We took critical processing knowledge into account when designing a SCADA/DNP3 testbed and deploying a cryptography solution that did not affect communications.

show abstract

Section: Dnp3mentioning

confidence: 99%

Section: Attack Detection and Securitymentioning

confidence: 99%

See 1 more Smart Citation

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

et al. 2015

View full text Add to dashboard Cite

show abstract

“…Note that it is necessary to extract and isolate security-related code from control system software. For example, in a field device that supports security-enhanced DNP3 [7], the code that performs authentication and message integrity checking for DNP3 messages must be removed from the main body of code and placed in its own protected compartment. The isolation of security-related code has the added benefit of reducing the complexity of control applications, especially when security-related code has to be added or upgraded.…”

Section: Security-hardened Field Devicesmentioning

confidence: 99%

“…Hieb and Graham [6] have investigated techniques for creating security-hardened RTUs with reduced commercial kernels or microkernels. Hieb, Patel and Graham [7] have discussed security enhancements for DCSs involving protocol enhancements and a minimal kernel RTU (a reduced version of LyxnOS, a commercial RTOS).…”

Section: Introductionmentioning

confidence: 99%

Designing Security-Hardened Microkernels For Field Devices

Hieb

Graham

Critical Infrastructure Protection II

Self Cite

View full text Add to dashboard Cite

Distributed control systems (DCSs) play an essential role in the operation of critical infrastructures. Perimeter field devices are important DCS components that measure physical process parameters and perform control actions. Modern field devices are vulnerable to cyber attacks due to their increased adoption of commodity technologies and that fact that control networks are no longer isolated. This paper describes an approach for creating security-hardened field devices using operating system microkernels that isolate vital field device operations from untrusted network-accessible applications. The approach, which is influenced by the MILS and Nizza architectures, is implemented in a prototype field device. Whereas, previous microkernel-based implementations have been plagued by poor inter-process communication (IPC) performance, the prototype exhibits an average IPC overhead for protected device calls of 64.59 µs. The overall performance of field devices is influenced by several factors; nevertheless, the observed IPC overhead is low enough to encourage the continued development of the prototype.

show abstract