Supervisory Control And Data Acquisition Communication Research Articles

A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification

Supervisory Control and Data Acquisition (SCADA) systems play a significant role in providing remote access, monitoring and control of critical infrastructures (CIs) which includes electrical power systems, water distribution systems, nuclear power plants, etc. The growing interconnectivity, standardization of communication protocols and remote accessibility of modern SCADA systems have contributed massively to the exposure of SCADA systems and CIs to various forms of security challenges. Any form of intrusive action on the SCADA modules and communication networks can create devastating consequences on nations due to their strategic importance to CIs’ operations. Therefore, the prompt and efficient detection and classification of SCADA systems intrusions hold great importance for national CIs operational stability. Due to their well-recognized and documented efficiencies, several literature works have proposed numerous supervised learning techniques for SCADA intrusion detection and classification (IDC). This paper presents a critical review of recent studies whereby supervised learning techniques were modelled for SCADA intrusion solutions. The paper aims to contribute to the state-of-the-art, recognize critical open issues and offer ideas for future studies. The intention is to provide a research-based resource for researchers working on industrial control systems security. The analysis and comparison of different supervised learning techniques for SCADA IDC systems were critically reviewed, in terms of the methodologies, datasets and testbeds used, feature engineering and optimization mechanisms and classification procedures. Finally, we briefly summarized some suggestions and recommendations for future research works.

An Autoencoder-Based Network Intrusion Detection System for the SCADA System

The intrusion detection system (IDS) is the main tool to do security monitoring that is one of the security strategies for the supervisory control and data acquisition (SCADA) system. In this paper, we develop an IDS based on the autoencoder deep learning model (AE-IDS) for the SCADA system. The target SCADA communication protocol of the detection model is the Distributed Network Protocol 3 (DNP3), which is currently the most commonly utilized communication protocol in the power substation. Cyberattacks that we consider are data injection or modification attacks, which are the most critical attacks in the SCADA systems. In this paper, we extracted 17 data features from DNP3 communication, and use them to train the autoencoder network. We measure accuracy and loss of detection and compare them with different supervised deep learning algorithms. The unsupervised AE-IDS model shows better performance than the other deep learning IDS models.

Temporal pattern-based malicious activity detection in SCADA systems

Critical infrastructures which are crucial to our modern life such as electricity grids and water pumps are controlled by Supervisory Control and Data Acquisition (SCADA) systems. Over the last two decades connecting these critical infrastructures to the internet has become essential. This made SCADA security an increasingly important research topic. This paper copes with two challenges: (1) SCADA systems tend to repeat themselves within a well-defined time period; then a malicious attacker can change the duration time in which the system holds a certain value without changing the order of the activities, i.e., the order in which the values appear. (2) The malicious activity may affect the data payload of the communicated SCADA packets rather than the explicit defined function codes (W/R). To face these challenges we propose two machine learning algorithms. The first algorithm is supervised. It finds first frequent temporal patterns, then these patterns are recognized in the data payload of the SCADA communication protocols, and used as features for a classification algorithm. The second algorithm is unsupervised. It learns an automaton that represents the temporal behavior of the system. Then at runtime, unknown states or events are declared as malicious. Experimental evaluation on real MODUBS-SCADA dataset from Ben-Gurion University shows that the first supervised algorithm, that uses frequent temporal patterns as features, performs better than a baseline algorithm that considers the mean and standard deviation as features. The second unsupervised algorithm performs even better than the first one.

Network Intrusion Detection based on Deep Neural Networks for the SCADA system

Security monitoring is one of the security strategies for the supervisory control and data acquisition (SCADA) systems, and the intrusion detection system (IDS) is a main tool to do security monitoring. Main task of security monitoring is to develop the SCADA-specific IDS, which reflects the semantics of the SCADA domain. In this paper, we work on developing IDS based on deep learning models for the SCADA system. The target SCADA communication protocol of the detection model is the DNP3, which is currently the most commonly utilized communication protocol in the power substation. The attack of major concern is data injection or modification attacks, which is most critical attack in the SCADA system. We extract 12 data features from distributed network protocol 3 (DNP3) packets, and use them to train the deep neural network. We measure the accuracy and loss of the detection system trained based on different deep learning algorithms, and show the comparison of the results.

A Nearly Zero-Energy Microgrid Testbed Laboratory: Centralized Control Strategy Based on SCADA System

Currently, despite the use of renewable energy sources (RESs), distribution networks are facing problems, such as complexity and low productivity. Emerging microgrids (MGs) with RESs based on supervisory control and data acquisition (SCADA) are an effective solution to control, manage, and finally deal with these challenges. The development and success of MGs is highly dependent on the use of power electronic interfaces. The use of these interfaces is directly related to the progress of SCADA systems and communication infrastructures. The use of SCADA systems for the control and operation of MGs and active distribution networks promotes productivity and efficiency. This paper presents a real MG case study called the LAMBDA MG testbed laboratory, which has been implemented in the electrical department of the Sapienza University of Rome with a centralized energy management system (CEMS). The real-time results of the SCADA system show that a CEMS can create proper energy balance in a LAMBDA MG testbed and, consequently, minimize the exchange power of the LAMBDA MG and main grid.

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.

Low-Cost, Open Source IoT-Based SCADA System Design Using Thinger.IO and ESP32 Thing

Supervisory Control and Data Acquisition (SCADA) is a technology for monitoring and controlling distributed processes. SCADA provides real-time data exchange between a control/monitoring centre and field devices connected to the distributed processes. A SCADA system performs these functions using its four basic elements: Field Instrumentation Devices (FIDs) such as sensors and actuators which are connected to the distributed process plants being managed, Remote Terminal Units (RTUs) such as single board computers for receiving, processing and sending the remote data from the field instrumentation devices, Master Terminal Units (MTUs) for handling data processing and human machine interactions, and lastly SCADA Communication Channels for connecting the RTUs to the MTUs, and for parsing the acquired data. Generally, there are two classes of SCADA hardware and software; Proprietary (Commercial) and Open Source. In this paper, we present the design and implementation of a low-cost, Open Source SCADA system by using Thinger.IO local server IoT platform as the MTU and ESP32 Thing micro-controller as the RTU. SCADA architectures have evolved over the years from monolithic (stand-alone) through distributed and networked architectures to the latest Internet of Things (IoT) architecture. The SCADA system proposed in this work is based on the Internet of Things SCADA architecture which incorporates web services with the conventional (traditional) SCADA for a more robust supervisory control and monitoring. It comprises of analog Current and Voltage Sensors, the low-power ESP32 Thing micro-controller, a Raspberry Pi micro-controller, and a local Wi-Fi Router. In its implementation, the current and voltage sensors acquire the desired data from the process plant, the ESP32 micro-controller receives, processes and sends the acquired sensor data via a Wi-Fi network to the Thinger.IO local server IoT platform for data storage, real-time monitoring and remote control. The Thinger.IO server is locally hosted by the Raspberry Pi micro-controller, while the Wi-Fi network which forms the SCADA communication channel is created using the Wi-Fi Router. In order to test the proposed SCADA system solution, the designed hardware was set up to remotely monitor the Photovoltaic (PV) voltage, current, and power, as well as the storage battery voltage of a 260 W, 12 V Solar PV System. Some of the created Human Machine Interfaces (HMIs) on Thinger.IO Server where an operator can remotely monitor the data in the cloud, as well as initiate supervisory control activities if the acquired data are not in the expected range, using both a computer connected to the network, and Thinger.IO Mobile Apps are presented in the paper.

A Trusted-ID Referenced Key Scheme for Securing SCADA Communication in Iron and Steel Plants

Supervisory control and data acquisition (SCADA) is a widely implemented structure to achieve remote measurement and control in many iron and steel plants. In traditional consideration, more attention on physical network separation methods is paid to isolate the SCADA system from management network to keep SCADA in a considered ”safe” state. In addition, lots of security solution providers are focusing on the network side security assurance without involving the SCADA communication level protection. This paper investigates a new trusted-ID referenced key scheme for securing SCADA communications efficiently. The advanced encryption standard algorithm is used in the data transmission for its fast calculating speed, and the elliptic curve cryptography digital signature algorithm is used to confirm the data package that is from the right ID which can avoid the measured values and the control instructions to be maliciously modified by attacker. This solution for securing SCADA communication provides an efficient way to protect the data and protocol between the controllers and the remote terminal units (RTUs), and offers an authentication for the communication, which can avoid Man-In-The-Middle attack. Random numbers are used as a session key that can avoid the replay attack. cipher-block chaining mode message authentication code calculation is used to meet the data integrity requirement. Gong Needham Yahalom logic is used to prove the security of this solution, and an example is given to verify its validity.

Augmented Reality Applications for Substation Management by Utilizing Standards-Compliant SCADA Communication

Most electrical substations are remotely monitored and controlled by using Supervisory Control and Data Acquisition (SCADA) applications. Current SCADA systems have been significantly enhanced by utilizing standardized communication protocols and the most prominent is the IEC 61850 international standard. These enhancements enable improvements in different domains of SCADA systems such as communication engineering, data management and visualization of automation process data in SCADA applications. Process data visualization is usually achieved through Human Machine Interface (HMI) screens in substation control centres. However, this visualization method sometimes makes supervision, control and maintenance procedures executed by engineers slow and error-prone because it separates equipment from its automation data. Augmented reality (AR) and mixed reality (MR) visualization techniques have matured enough to provide new possibilities of displaying relevant data wherever needed. This paper presents a novel methodology for visualizing process related SCADA data to enhance and facilitate human-centric activities in substations such as regular equipment maintenance. The proposed solution utilizes AR visualization techniques together with standards-based communication protocols used in substations. The developed proof-of-concept AR application that enables displaying SCADA data on the corresponding substation equipment with the help of AR markers demonstrates originality and benefits of the proposed visualization method. Additionally, the application enables displaying widgets and 3D models of substation equipment to make the visualization more user-friendly and intuitive. The visualized SCADA data needs to be refreshed considering soft real-time data delivery restrictions. Therefore, the proposed solution is thoroughly tested to demonstrate the applicability of proposed methodology in real substations.

Testing and Validation of Modbus/TCP Protocol for Secure SCADA Communication in CPS using Formal Methods

Cyber-Physical Systems (CPS's) evident representation is Supervisory Control, and Data Acquisition (SCADA). As SCADA is being refurbished with advanced computing and communication technologies, the risk involved in adopting/updating to new technology needs to be validated and verified thoroughly. One of the greatest challenges is security testing of protocols. All CPS systems being live and attached to physical process can not be scheduled for penetration testing and verification. This paper presents design and implementation of industrial compliant SCADA test bed, the formal analysis of semantics and security of Modbus/TCP protocol using Coloured Petri Nets(CPN) tool. A novel method is proposed to differentiate attack vector by identifying influential nodes using formal concept analysis. Modbus/TCP conceptualized attack from analysis is tested and verified on the test bed.

Applying encryption schemed to supervisory control and data acquisition systems for security management

Supervisory Control and Data Acquisition (SCADA) is the combination of telemetry and data acquisition. Supervisory Control and Data Acquisition system is compose of collecting of the information, transferring it to the central site, carrying out any necessary analysis and control and then displaying that information on the operator screens. Encryption Schemes are needed to secure communication in SCADA Systems. In the case of Symmetric key encryption, a secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. While in the case of Asymmetric Encryption, two keys are used. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it. These schemes can be integrated to SCADA communication for managing security level. In this paper, author compares Encryption Schemes as used in Communication between SCADA components to show the escalation of security level. Key words: Supervisory Control and Data Acquisition, encryption, internet, communication, control system.

Performance Comparison of BPL, EtherLoop and SHDSL technology performance on existing pilot cable circuits under the presence of induced voltage

Pilot cable is originally used for utility protection. Then, pilot cable is further utilized for SCADA communication with low frequency PSK modem in the early 1990. However, the quality of pilot cable communication drops recently. Pilot cable starts to deteriorate due to aging and other unknown factors. It is also believed that the presence of induced voltage causes interference to existing modem communication which operates at low frequency channel. Therefore, BPL (Broadband Power Line), EtherLoop and SHDSL (Symmetrical High-speed Digital Subscriber Line) modem technology are proposed as alternative communication solutions for pilot cable communication. The performance of the 3 selected technologies on existing pilot cable circuits under the presence of induced voltage are measured and compared. Total of 11 pilot circuits with different length and level of induced voltage influence are selected for modem testing. The performance of BPL, EtherLoop and SHDSL modem technology are measured by the delay, bandwidth, packet loss and the long term usability SCADA (Supervisory Control and Data Acquisition) application. The testing results are presented and discussed in this paper. The results show that the 3 selected technologies are dependent on distance and independent on the level of induced voltage.

Secure SCADA communication by using a modified key management scheme

This paper presents and evaluates a new cryptographic key management scheme which increases the efficiency and security of the Supervisory Control And Data Acquisition (SCADA) communication. In the proposed key management scheme, two key update phases are used: session key update and master key update. In the session key update phase, session keys are generated in the master station. In the master key update phase, the Elliptic Curve Diffie–Hellman (ECDH) protocol is used. The Poisson process is also used to model the Security Index (SI) and Quality of Service (QoS). Our analysis shows that the proposed key management not only supports the required speed in the MODBUS implementation but also has several advantages compared to other key management schemes for secure communication in SCADA networks.

SSCADA: securing SCADA infrastructure communications

Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.

An Efficient Key Management Scheme for Secure SCADA Communication

A SCADA (Supervisory Control And Data Acquisition) system is an industrial control and monitoring system for national infrastructures. The SCADA systems were used in a closed environment without considering about security functionality in the past. As communication technology develops, they try to connect the SCADA systems to an open network. Therefore, the security of the SCADA systems has been an issue. The study of key management for SCADA system also has been performed. However, existing key management schemes for SCADA system such as SKE(Key establishment for SCADA systems) and SKMA(Key management scheme for SCADA systems) cannot support broadcasting communication. To solve this problem, an Advanced Key Management Architecture for Secure SCADA Communication has been proposed by Choi et al.. Choi et al.'s scheme also has a problem that it requires lots of computational cost for multicasting communication. In this paper, we propose an enhanced scheme which improving computational cost for multicasting communication with considering the number of keys to be stored in a low power communication device (RTU). Keywords—SCADA system, SCADA communication, Key management, Distributed networks.

Security issues in SCADA networks

The increasing interconnectivity of SCADA (Supervisory Control and Data Acquisition) networks has exposed them to a wide range of network security problems. This paper provides an overview of all the crucial research issues that are involved in strengthening the cyber security of SCADA networks. The paper describes the general architecture of SCADA networks and the properties of some of the commonly used SCADA communication protocols. The general security threats and vulnerabilities in these networks are discussed followed by a survey of the research challenges facing SCADA networks. The paper discusses the ongoing work in several SCADA security areas such as improving access control, firewalls and intrusion detection systems, SCADA protocol analyses, cryptography and key management, device and operating system security. Many trade and research organizations are involved in trying to standardize SCADA security technologies. The paper concludes with an overview of these standardization efforts.

SCADA communication techniques and standards

An overview of supervisory control and data acquisition (SCADA) communication techniques is provided. Modulation techniques, frequency division multiplexing (FDM) and time division multiplexing (TDM), are discussed. Message formats and data transfer are detailed. An update on the development of standards for SCADA systems is given.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>