Autonomic computing paradigm is based on intelligent computing systems that can autonomously take actions under given conditions. These technologies have been successfully applied to many problem domains requiring autonomous operation. One such area of national interest is SCADA systems that monitor critical infrastructures such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks. The SCADA systems have evolved into a complex, highly connected system requiring high availability. On the other hand, cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. This highlights the need for newer measures that can proactively and autonomously react to an impending threat. This article proposes a SCADA system framework to leverage autonomic computing elements in the architecture for coping with the current challenges and threats of cyber security.
Top1. Introduction
Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator.
Supervisory Control and Data Acquisition (SCADA) systems are used to monitor and control complex infrastructures of national importance such as transportation networks, power generation and manufacturing plants. SCADA systems can be visualised as a layered architecture, as shown in Figure 1. The field devices (sensors, etc.) at the lowest layer interact with the physical processes. At layer 2, the Programmable Logic Controllers (PLC), and Remote Terminal Units (RTUs) aggregate data values from the lower layer and communicate the commands and their responses through the communications network to the SCADA server and Human Machine Interface (HMI). The generation of commands at the top layer and collection of responses from the lowest layer results in the monitoring and control of the process. The applicability of SCADA systems has become widespread due to industrial automation, cost reduction and growth in global economies (Nazir et al., 2017).
Traditionally, SCADA systems were developed as closed systems with security being the overriding factor, and no Internet connectivity. However, to leverage efficiency and gain a competitive advantage, the systems are increasingly becoming connected to the Internet and cloud technologies. SCADA system security vulnerabilities were first highlighted by the Stuxnet attack (Karnouskos, 2011). Subsequently, there has been an increase in the frequency and sophistication, of the attacks as evidenced by Constantin (2014).
Figure 1. Layered architecture of a SCADA system
Isolation and obscurity as a mechanism for protection is no longer an option for critical infrastructures (Mahoney and Gandhi, 2011). At the same time systems are getting so complex that it is difficult to develop effective defence strategies, as there is a lack of understanding of the complex interactions between the many system entities (Khadraoui and Feltus, 2015). Digital forensics becomes difficult due to the increased numbers and complexity of the cases (Taveras, 2013). The systems complexity and interactions go beyond the capability of system developers and integrators as a result of interconnectivity (Kephart and Chess, 2003). Thus, increasingly there is a lack of understanding of the holistic system, which makes it very difficult to tune a system and to make decisions in case of changed requirements. This has led to a realization that conventional and inflexible techniques will not help. What is needed is a new way of looking at the problem of cyber security that is robust, manageable and self-realising with a minimum requirement to monitor systems to make decisions. What is proposed is an entirely new way of thinking about the problem where the system itself is intelligent and helps to maintain and extend its behaviour, with the use of autonomic computing (Kephart and Chess, 2003).
The basic principles of autonomic computing are highly relevant for the protection of the increasingly complex SCADA system because: (1) the boundaries between physical and virtual systems have been blurred through virtualisation. It is possible to host a cluster of machines in a virtual environment; (2) even with hardware there are sufficient advances in other domains with self-healing materials; (3) advances in machine learning, artificial intelligence and the knowledge base need to be capitalised for protection; (4) the systems are highly interconnected and the distributed nature of the systems pose an exponential complexity.