Title: sSCADA: securing SCADA infrastructure communications

Authors: Yongge Wang

Addresses: Department of SIS, UNC Charlotte, 9201 University City Blvd, Charlotte, NC 28223, USA

Abstract: Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.

Keywords: supervisory control; data acquisition; SCADA; distributed control systems; DCS; cyber attacks; smart grid security; critical infrastructures; infrastructure protection; secure communications; authentication; secure channels; authenticated broadcast channels; authenticated emergency channels.

DOI: 10.1504/IJCNDS.2011.037328

International Journal of Communication Networks and Distributed Systems, 2011 Vol.6 No.1, pp.59 - 78

Received: 31 Jul 2009
Accepted: 20 Apr 2010

Published online: 03 Dec 2010 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article