Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...
Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...
Cyber Security of SCADA Systems test bed - Senior Design - Iowa ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Executive Summary<br />
Supervisory Control and Data Acquisition (<strong>SCADA</strong>) systems are the nervous systems for the body <strong>of</strong> our<br />
country’s infrastructure. This body includes many systems that are vital to the function <strong>of</strong> our society:<br />
power, water, natural gas, oil, and road traffic systems—among many others. However, the nervous<br />
systems (<strong>SCADA</strong> systems) that control our infrastructure are currently vulnerable to cyber-attack. “Since<br />
the mid-1990’s, security experts have become increasingly concerned about the threat <strong>of</strong> malicious<br />
cyber-attacks on the vital supervisory control and data acquisition (<strong>SCADA</strong>) systems used to monitor and<br />
manage our energy systems. Most <strong>SCADA</strong> system designs did not anticipate the security threats posed<br />
by today’s reliance on common s<strong>of</strong>tware and operating systems, public telecommunication networks,<br />
and the Internet.”<br />
With the critical infrastructure <strong>of</strong> the <strong>SCADA</strong> systems and the security threats on these systems, it is<br />
important to research ways to correct potential security vulnerabilities. A <strong>SCADA</strong> <strong>test</strong> <strong>bed</strong> will be used<br />
for this research. This project will expand on the initial <strong>test</strong> <strong>bed</strong> created last year and make it more<br />
suitable for real-life scenarios and cyber security attacks.<br />
The previous senior design team created the initial <strong>SCADA</strong> <strong>test</strong> <strong>bed</strong>. This <strong>test</strong> <strong>bed</strong> included 2 Control<br />
Centers, 2 RTUs, 2 Relays, 3 SCALANCEs for encrypted communication, a web server, a DTS, and a light<br />
board for demonstrating when a relay trips or is closed. The previous team also <strong>test</strong>ed basic cyberattacks<br />
against the system. They were able to demonstrate a basic man-in-the-middle attack that would<br />
disrupt commands sent by the control center. The initial <strong>test</strong> <strong>bed</strong> was a great start and this year’s senior<br />
design team will improve on the <strong>test</strong> <strong>bed</strong>.<br />
The goals <strong>of</strong> this year’s senior design team are to expand the <strong>test</strong> <strong>bed</strong> to more nodes, integrate power<br />
flow analysis and <strong>test</strong> more advanced attacks. The basic approach for these goals is to use virtualization<br />
s<strong>of</strong>tware to expand the <strong>test</strong> <strong>bed</strong>’s nodes, use power flow s<strong>of</strong>tware for the analysis and use advanced<br />
vulnerability assessment tools for <strong>test</strong>ing cyber-attacks. This approach will create a more thorough <strong>test</strong><br />
<strong>bed</strong> that is similar to real-world systems, allow for power flow analysis and create cyber-attacks that will<br />
show vulnerabilities <strong>of</strong> the system.<br />
Acknowledgement<br />
Technical expertise <strong>of</strong> the <strong>test</strong> <strong>bed</strong> has been provided by <strong>Iowa</strong> State University graduate students Adam<br />
Hahn, Aditya Ashok and Siddharth Sridhar. DigSilent expertise has been provided by <strong>Iowa</strong> State<br />
University graduate student Jie Yan.<br />
Problem Statement<br />
General Problem Statement<br />
Our goal is to improve the cyber security <strong>of</strong> <strong>SCADA</strong> systems by making our own <strong>SCADA</strong> <strong>test</strong> <strong>bed</strong>, where<br />
we can simulate power systems and the communication protocols they use, and attempt cyber-attacks<br />
on our systems. Through this process, we can <strong>test</strong> vulnerabilities <strong>of</strong> commercial <strong>SCADA</strong> protection<br />
products report their vulnerabilities. We can also demonstrate the effects a <strong>SCADA</strong> cyber-attack can<br />
SDMAY11-11 4