ABSTRACT:
Supervisory Control and Data Acquisition (SCADA) systems are used to control and monitor critical processes. Modern SCADA systems are increasingly built with off-the-shelf components simplifying their integra- tion into existing networks. The benefits of increased flexibility and reduced costs are accompanied by newly introduced challenges regarding SCADA security/dependability. Peer-to-Peer (P2P) technologies allow for the con- struction of self-organizing, dependable and large-scale overlays on top of existing physical networks.
In this paper, we build the base for using P2P to enhance the resilience of deployed SCADA systems. To this end, we provide a general analysis of both domains and their compatibility. In addition, we refine the existing classi- fications of P2P technologies w.r.t. the needs and capabilities of SCADA systems. Consequently, we identify core P2P-based protection mechanisms for SCADA systems, based on data and path replication. Our main results are generic guidelines for the exploitation of P2P technologies to enhance the SCADA resilience.
Key words: SCADA, Critical Infrastructure Protection, P2P, Dependabil- ity, Security
INTRODUCTION
For life in modern-day societies the dependability of Critical Infrastructures (CI), e.g., power grid or water supply, is of essential character. Supervisory Control and Data Acquisition (SCADA) systems are embedded in these CI for the purpose of monitoring and controlling them. While the first SCADA systems were built using proprietary standards and dedicated hardware in closed architectures, the trend is towards more flexible systems and open protocols like the Internet Protocol (IP). IP-enabled SCADA components allow usage of commercial off-the-shelf (COTS) products and integration into existing network structures, e.g., corporate LAN or WAN like the Internet, thus saving costs of specialized hard-/software and allow- ing faster adaption to changing requirements. At the same time, this technological shift towards a networked system, eventually even connected to the Internet, intro- duces new threats and vulnerabilities to SCADA systems and since the disputed concept security through obscurity is no longer applicable, previously unnoticed or ignored security issues might now be exposed. To handle these security challenges, techniques from conventional networked systems can be transferred to the SCADA domain.
DOWNLOAD....
Abdelmajid Khelil, Sebastian Jeckel, Daniel Germanus, Neeraj Suri⋆
Technische Universita ̈t Darmstadt, Hochschulstr. 10, 64289 Darmstadt, Germany Tel. +49 6151 16{3414—3711—5321—3513}, Fax. +49 6151 16 4310 {khelil,jeckel,germanus,suri}@cs.tu-darmstadt.de
No comments:
Post a Comment