The significance of the transition of Supervisory Control and Data Acquisition (SADA) Systems to TCP/IP platforms

SCADA system security is a significant United States national security issue based on the systems’ vulnerabilities and the cyber threats that seek to exploit them. Within the last fifteen years as SCADA systems have collectively transitioned to Transmission Control Protocol/ Internet Protocol (TCP/IP) networks, analysts and policy-makers have expressed increased concern over the general security and protection of SCADA systems, which are responsible for monitoring and controlling our nation’s critical infrastructure. SCADA systems are susceptible based on their ease of entry and their attractiveness as a target. In addition, there a number of cyber threats such as hackers and malware, insiders, terrorist organizations and state actors that are dangerous based on their intent and capabilities. U.S. government engagement with private sector owners and operators of critical infrastructures is essential for mitigating the abundant threats that characterize cyber-terrorism

Formally designing and implementing cyber security mechanisms in industrial control networks.

This dissertation describes progress in the state-of-the-art for developing and deploying formally verified cyber security devices in industrial control networks. It begins by detailing the unique struggles that are faced in industrial control networks and why concepts and technologies developed for securing traditional networks might not be appropriate. It uses these unique struggles and examples of contemporary cyber-attacks targeting control systems to argue that progress in securing control systems is best met with formal verification of systems, their specifications, and their security properties. This dissertation then presents a development process and identifies two technologies, TLA+ and seL4, that can be leveraged to produce a high-assurance embedded security device. The method presented in this dissertation takes an informal design of an embedded device that might be found in a control system and 1) formalizes the design within TLA+, 2) creates and mechanically checks a model built from the formal design, and 3) translates the TLA+ design into a component-based architecture of a native seL4 application. The later chapters of this dissertation describe an application of the process to a security preprocessor embedded device that was designed to add security mechanisms to the network communication of an existing control system. The device and its security properties are formally specified in TLA+ in chapter 4, mechanically checked in chapter 5, and finally its native seL4 architecture is implemented in chapter 6. Finally, the conclusions derived from the research are laid out, as well as some possibilities for expanding the presented method in the future