Abstract
SCADA systems are widely used in electricity generation, distribution, and transmission control systems. NERC CIP 002-009 requires bulk electric providers to secure critical cyber assets electronically and physically. Transmission and distribution substations contain cyber critical assets including remote terminal units (RTU), intelligent electronic devices (IED) such as relays, phasor measurement units (PMU) and phasor data concentrators (PDC). Substation critical cyber assets are isolated in electronic security perimeters using firewalls. In this paper a retrofit data logger solution for serial communication based MODBUS and DNP3 network appliances is offered. The retrofit data logger allows existing control systems to be updated to log network transactions in support of substation based network intrusion detection. Substation based intrusion detection supports a defense in depth approach to cyber security in which multiple overlapping layers of security are used to protect critical cyber assets. The data logger is an embedded bump-in-the-wire retrofit device which captures, time stamps, cryptographically signs, encrypts, and store network traffic. Network traffic is forwarded to the existing network. Additionally, the data logger architecture supports use of signature based and statistics based intrusion detection algorithms at the network appliance edge.
Paper version not known (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call