SCADA and DPI

Supervisory Control And Data Acquisition (SCADA) system remotely monitors and controls remote stations from a central SCADA center through coded signals over communication (or control) network. The addition of control network to better manage and gather system data comes with its own set of vulnerabilities including false data injection and fabricated system data which leads to bad state estimation. Among security enhancements such as advanced encryption and authentication, deep packet inspection (DPI) is used to detect malicious packets. However, DPI introduces delay in the poacket transmission in highly time critical IEC 61850 messages. Our work focus on the placement of the DPIs in the control network in order to maximize the amount of scanned packets.

Objectives:

  • To optimally place the DPIs in the control network without violating the time delay constraint
  • Investigate other ways to detect malicious packets in SCADA network

Publications:

  • S. Mishra, T. N. Dinh, M. T. Thai, and I. Shin. “Optimal Inspection Points for Malicious Attack Detection in Smart Grids,” in Proceedings of the 20th Int Computing and Combinatorics Conference (COCOON), 2014