What's under the hood? Improving SCADA security with process awareness

Abstract

SCADA networks are an essential part of monitoring and controlling physical infrastructures, such as the power grid. Recent news items show that tampering with the data exchanged in a SCADA network occurs and has severe consequences. A possible way of improving the security of SCADA networks is to use intrusion detection systems. By monitoring and analysing the traffic, it is possible to detect whether information has a legitimate source or was tampered with. However, in many cases the knowledge of just the traffic is not enough. Detecting intrusions could be improved by including awareness about the physical processes that are controlled. This paper shows a simple analysis of a small scenario of a power distribution system, to illustrate the benefits of including the knowledge about the process in detecting breaches in SCADA.