Loading...

Media is loading
 

Faculty Mentor Name

Akhan Almagambetov

Format Preference

Poster Presentation with Audio

Abstract

Supervisory Control and Data Acquisition (SCADA) systems provide an architecture for autonomously monitoring and controlling devices in a large system. SCADA systems are used for many safety-critical applications including oil pipelines, water management systems, and the power grid. Over the past decade, SCADA systems have moved from landline or radio communications to internet communications. This, combined with the critical applications for SCADA systems, makes SCADA an increasingly lucrative target for cyber-attacks. Rather than preventing an attacker from penetrating a system, we propose an architecture that focuses on correct system operation, despite having one or more compromised nodes. If a remote terminal unit (RTU) is compromised, as detected by an off-the-shelf intrusion detection system (IDS), control of corresponding physical hardware is passed to another RTU within the network. Simultaneously, the attacked RTU severs its control logic from its physical hardware. The RTU then returns valid responses to the attacker, based on historical data, thus preventing the attacker from realizing that they have failed to compromise the security of the system. An alarm is triggered at the master terminal unit (MTU) to inform the operator that the RTU has been attacked and control has successfully been passed to another RTU in the system.

  • Original: POSTER PRESENTATION; AUDIO added when event went online only.
  • IGNITE AWARD

Download

Share

COinS
 

Provably Secure SCADA Architectures

Supervisory Control and Data Acquisition (SCADA) systems provide an architecture for autonomously monitoring and controlling devices in a large system. SCADA systems are used for many safety-critical applications including oil pipelines, water management systems, and the power grid. Over the past decade, SCADA systems have moved from landline or radio communications to internet communications. This, combined with the critical applications for SCADA systems, makes SCADA an increasingly lucrative target for cyber-attacks. Rather than preventing an attacker from penetrating a system, we propose an architecture that focuses on correct system operation, despite having one or more compromised nodes. If a remote terminal unit (RTU) is compromised, as detected by an off-the-shelf intrusion detection system (IDS), control of corresponding physical hardware is passed to another RTU within the network. Simultaneously, the attacked RTU severs its control logic from its physical hardware. The RTU then returns valid responses to the attacker, based on historical data, thus preventing the attacker from realizing that they have failed to compromise the security of the system. An alarm is triggered at the master terminal unit (MTU) to inform the operator that the RTU has been attacked and control has successfully been passed to another RTU in the system.

  • Original: POSTER PRESENTATION; AUDIO added when event went online only.
  • IGNITE AWARD