An embedded defense-in-depth module for detecting cyberattacks on interdependent SCADA controllers
Date of Award
Doctor of Philosophy (PhD)
David J. Coe
Dalton S. Nelson
Computer security--Industrial applications., Programmable controllers--Security measures., Programmable logic devices--Security measures.
Supervisory Control and Data Acquisition (SCADA) is a process control architecture with interconnected computers monitoring and controlling physical processes using sensors and actuators. SCADA manages large cyber-physical systems like water treatment, gas pipelines, oil terminals, and power systems. These processes use a decentralized computing architecture. Small ruggedized digital computers (programmable logic controllers or PLCs) adapted for the control of industrial processes perform the distributed control. These computers do not have security built into them and rely on external nodes for the detection of cyber-attacks. This dissertation introduces an embedded intrusion detection system (IDS) inside the PLCs. The embedded intrusion detection system detects anomalies related to the PLC's network traffic and abnormalities of the sensors and actuators in the physical process. Additionally, the embedded IDS has a peer-to-peer network to share system state among PLCs. The shared states allow the embedded IDS to detect the legitimacy of sensors connected to neighboring nodes. The evaluation of the intrusion detection framework needs a modular high fidelity SCADA testbed capable of reproducing large scale cascading events. Moreover, the framework should support the examination of the interdependencies between subsystems. Because such testbeds are lacking in the SCADA research community, this dissertation introduces a novel modeling and simulation approach by segmenting SCADA components into five segments. This technology is employed to replicate a virtual midstream oil terminal adhering to the American Petroleum Institute (API) standards. The virtual midstream oil terminal acts as a foundation for testing the intrusion detection framework and is one of the major contributions of this research. Hence, the contributions of this research are towards two primary domains related to SCADA cyber-security: a modular SCADA virtualization framework and an embedded intrusion detection system.
Das, Rishabh, "An embedded defense-in-depth module for detecting cyberattacks on interdependent SCADA controllers" (2020). Dissertations. 204.