Detecting Cyber Attacks on SCADA and Other Critical Infrastructures

Detecting Cyber Attacks on SCADA and Other Critical Infrastructures

Maurilio Pereira Coutinho (Itajuba Federal University, Brazil), Germano Lambert-Torres (Itajuba Federal University, Brazil), Luiz Eduardo Borges da Silva (Itajuba Federal University, Brazil), Horst Lazarek (Technische Universität Dresden, Germany) and Elke Franz (Technische Universität Dresden, Germany)
DOI: 10.4018/978-1-4666-2659-1.ch002
OnDemand PDF Download:
No Current Special Offers


Nowadays, critical infrastructure plays a fundamental role in our modern society. Telecommunication and transportation services, water and electricity supply, and banking and financial services are examples of such infrastructures. They expose society to security threats. To safeguard against these threats, providers of critical infrastructure services also need to maintain the security objectives of their interdependent data networks. As an important part of the electric power system critical infrastructure, Supervisory Control and Data Acquisition (SCADA) systems require protection from a variety of threats, and their network infrastructures are potentially vulnerable to cyber attacks because security has not been part of their design. The diversity and lack of interoperability in the communication protocols also create obstacles for anyone attempting to establish secure communication. In order to improve the security of SCADA systems, anomaly detection can be used to identify corrupted values caused by malicious attacks and injection faults. The aim of this chapter is to present an alternative technique for implementing anomaly detection to monitor electric power electric systems. The problem is addressed here by the use of rough set theory.
Chapter Preview


Critical infrastructure services are essential to the society. Their continuous and reliable operation and increasing use of Information Technology (IT) have made these critical infrastructures increasingly complex and interdependent, exposing the society to security vulnerabilities and threats. The protection of these services relates to the protection of the cyberspace at the most fundamental level, due to its dependency on the use of computer networks, routers, switches, cables and the entire infrastructure to ensure its functionality.

The great complexity and the resulting interdependence have led to the creation of a layered approach where each of the layers relates to the others and with others infrastructures. There are three main layers, named: physical, cybernetic and operational layer. Although the problems with security and protection traditionally exist in the physical and operational layers, the biggest concerns of providers of such essential services currently reside in the cybernetic layer. The main reason is because of the increased number of vulnerabilities present in this layer.

Due to the scope and influence of these infrastructures in Society throughout the globalised world, several initiatives have been taken by public and private sectors, building new guidelines at governmental level, and establishing best practices and standards for the industry as a whole. In the paper “Cybersecurity standards for the electric power industry- a survival kit”, the authors presented and commented on some industry standard initiatives such as ISO/IEC 2700x Series, the IEC62351 Technical Specifications, the IEEE P1711 & P1689 drafts, the ANSI NASI/ISA 99 Technical reports and Standards Series, the NERC CIP Standards, the NIST SP800-53 and SP800-82 Special Publications and the British CPNI Guidelines (Pietre-Cambacedes et al., 2008).

Regarding the electricity sector, the infrastructure consists of several facilities such as: generating units, transmission lines, substations, transmission and distribution substations, national, regional and local control centres, remote terminal units (RTUs), intelligent electronic devices (IEDs) and communications links. The various control centres that make up this infrastructure are arranged hierarchically and each contain one or several workstations, connected via Local Area Network (LAN), running different applications, such as Energy Management Systems (EMS) and database applications. These control centres interact with the supervisory and control systems, called SCADA (Supervisory Control and Data Acquisition) systems, which consist of specialised software to interface with the hardware units, such as RTUs and IEDs, which in their turn monitor sensors and interface with the various physical devices from the electric power system, such as circuit breakers, breakers switches, transformers, protection relays, etc.

The RTUs and IEDs are connected with the Control Centre networks via Wide Area Network (WAN). These connections can be owned by the electric power utilities (private) or by telecommunication service utilities (public). All these facilities make up the national interconnected electric power system (National Electric Grid). This system is highly dynamic and interconnected, consisting of several utilities, private or public, which perform services of generation, transmission, distribution and marketing of electric power, constituting the so-called market deregulated electricity sector. Figure 1 presents a diagram with the interrelationships of these various sectors. In this way, these facilities and applications provide important functions for essential services of the electrical system as part of the National Critical Infrastructure and require special protection against a variety of threats, physical or cybernetic.

Figure 1.

Power system control centre interactions


Complete Chapter List

Search this Book: