Role based access control and authentication for SCADA field devices using a dual Bloom filter and challenge-response.

Supervisory control and data acquisition (SCADA) systems are networked control systems used in many critical infrastructure areas such as power water and transportation. Many of these systems continue to use legacy field devices that lack cyber security features. The field device security preprocessor is a bump-in-the-wire security solution of legacy field devices. This thesis describes the design and analysis of a dual Bloom filter structure for use in a field device security preprocessor. A dual Bloom filter is a variant of the traditional Bloom filter, that performs role based access checks in O(1) time. It is shown this structure, which can produce false authentications is shown to be acceptable for this security use thought analysis and penetration testing. Analysis and testing shows that in spite of false positives this structure can provide the required level of security, while maintaining the required level of performance on low cost hardware

A Review of Hybrid Battery Management System (H-BMS) for EV

Significant to a major pollution contributor in passenger vehicles, electric vehicles are more acceptable to use on the road. Electric Vehicles (EVs) burn energy based on the usage of the battery. The usage of the battery in EVs is monitored and controlled by Battery Management System (BMS). A few factors monitor and control Battery Management System (BMS). This paper reviewed the battery charging technology and Remote Terminal Unit (RTU) development as a Hybrid Battery Management System (H-BMS) for Electric Vehicle (EV)

Open source SCADA systems for small renewable power generation

Low cost monitoring and control is essential for small renewable power systems. While large renewable power systems can use existing commercial technology for monitoring and control, that is not cost-effective for small renewable generation. Such small assets require cost-effective, flexible, secure, and reliable real-time coordinated data monitoring and control systems. Supervisory control and data acquisition (SCADA) is the perfect technology for this task. The available commercial SCADA solutions are mostly pricey and economically unjustifiable for smaller applications. They also pose interoperability issues with the existing components which are often from multiple vendors. Therefore, an open source SCADA system represents the most flexible and the most cost-effective SCADA solution. This thesis has been done in two phases. The first phase demonstrates the design and dynamic simulation of a small hybrid power system with a renewable power generation system as a case study. In the second phase, after an extensive study of the proven commercial SCADA solutions and some open source SCADA packages, three different secure, reliable, low-cost open source SCADA options are developed using the most recent SCADA architecture, the Internet of Things. The implemented prototypes of the three open source SCADA systems were tested extensively with a small renewable power system (a solar PV system). The results show that the developed open source SCADA systems perform optimally and accurately, and could serve as viable options for smaller applications such as renewable generation that cannot afford commercial SCADA solutions

A SECURITY-CENTRIC APPLICATION OF PRECISION TIME PROTOCOL WITHIN ICS/SCADA SYSTEMS

Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) systems are key pieces of larger infrastructure that are responsible for safely operating transportation, industrial operations, and military equipment, among many other applications. ICS/SCADA systems rely on precise timing and clear communication paths between control elements and sensors. Because ICS/SCADA system designs place a premium on timeliness and availability of data, security ended up as an afterthought, stacked on top of existing (insecure) protocols. As precise timing is already resident and inherent in most ICS/SCADA systems, a unique opportunity is presented to leverage existing technology to potentially enhance the security of these systems. This research seeks to evaluate the utility of timing as a mechanism to mitigate certain types of malicious cyber-based operations such as a man-on-the-side (MotS) attack. By building a functioning ICS/SCADA system and communication loop that incorporates precise timing strategies in the reporting and control loop, specifically the precision time protocol (PTP), it was shown that certain kinds of MotS attacks can be mitigated by leveraging precise timing.Navy Cyber Warfare Development Group, Suitland, MDLieutenant, United States NavyApproved for public release. Distribution is unlimited

SCADA and related technologies for irrigation district modernization

Presented at SCADA and related technologies for irrigation district modernization: a USCID water management conference on October 26-29, 2005 in Vancouver, Washington.Includes bibliographical references.Overview of Supervisory Control and Data Acquisition (SCADA) -- Total Channel Control™ - The value of automation in irrigation distribution systems -- Design and implementation of an irrigation canal SCADA -- All American Canal Monitoring Project -- Taking closed piping flowmeters to the next level - new technologies support trends in data logging and SCADA systems -- Real-time model-based dam automation: a case study of the Piute Dam -- Effective implementation of algorithm theory into PLCs -- Optimal fuzzy control for canal control structures -- SCADA over Zigbee™ -- Synchronous radio modem technology for affordable irrigation SCADA systems -- A suggested criteria for the selection of RTUs and sensors -- Irrigation canals in Spain: the integral process of modernization -- Ten years of SCADA data quality control and utilization for system management and planning modernization -- Moderately priced SCADA implementation -- Increasing peak power generation using SCADA and automation: a case study of the Kaweah River Power Authority -- Eastern Irrigation District canal automation and Supervisory Control and Data Acquisition (SCADA) -- Case study on design and construction of a regulating reservoir pumping station -- Saving water with Total Channel Control® in the Macalister Irrigation District, Australia -- Leveraging SCADA to modernize operations in the Klamath Irrigation Project -- A 2005 update on the installation of a VFD/SCADA system at Sutter Mutual Water Company -- Truckee Carson Irrigation District Turnout Water Measurement Program -- The myth of a "Turnkey" SCADA system and other lessons learned -- Canal modernization in Central California Irrigation District - case study -- Remote monitoring and operation at the Colorado River Irrigation District -- Web-based GIS decision support system for irrigation districts -- Using RiverWare as a real time river systems management tool -- Submerged venturi flume -- Ochoco Irrigation District telemetry case study -- Uinta Basin Replacement Project: a SCADA case study in managing multiple interests and adapting to loss of storage -- Training SCADA operators with real-time simulation -- Demonstration of gate control with SCADA system in Lower Rio Grande Valley, in Texas -- Incorporating sharp-crested weirs into irrigation SCADA systems

Moving target defense for securing smart grid communications: Architectural design, implementation and evaluation

Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary and consequently exploiting their limited resources. In this thesis, a novel approach to mitigate such static vulnerabilities is proposed by implementing a Moving Target Defense (MTD) strategy in a power grid SCADA environment, which leverages the existing communication network with an end-to-end IP Hopping technique among the trusted peer devices. This offers a proactive L3 layer network defense, minimizing IP-specific threats and thwarting worm propagation, APTs, etc., which utilize the cyber kill chain for attacking the system through the SCADA network. The main contribution of this thesis is to show how MTD concepts provide proactive defense against targeted cyber-attacks, and a dynamic attack surface to adversaries without compromising the availability of a SCADA system. Specifically, the thesis presents a brief overview of the different type of MTD designs, the proposed MTD architecture and its implementation with IP hopping technique over a Control Center–Substation network link along with a 3-way handshake protocol for synchronization on the Iowa State’s Power Cyber testbed. The thesis further investigates the delay and throughput characteristics of the entire system with and without the MTD to choose the best hopping rate for the given link. It also includes additional contributions for making the testbed scenarios more realistic to real world scenarios with multi-hop, multi-path WAN. Using that and studying a specific attack model, the thesis analyses the best ranges of IP address for different hopping rate and different number of interfaces. Finally, the thesis describes two case studies to explore and identify potential weaknesses of the proposed mechanism, and also experimentally validate the proposed mitigation alterations to resolve the discovered vulnerabilities. As part of future work, we plan to extend this work by optimizing the MTD algorithm to be more resilient by incorporating other techniques like network port mutation to further increase the attack complexity and cost

A survey on cyber security for smart grid communications

A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE

Design and Implementation of Node-Red Based Open-Source SCADA Architecture for a Hybrid Power System

At present, hybrid renewable power systems (HRPS) are considered reliable combinations for power generation under various conditions. The challenge facing researchers and engineers today is designing and implementing a reliable, efficient, and applicable SCADA system for adequate monitoring and control of hybrid power systems. In order to analyze, observe, and control the essential parameters of an HRPS, a SCADA system is crucial. As part of this study, a low-cost, low-power, open-source SCADA (Supervisory, Control, and Data Acquisition) system for hybrid renewable energy systems is presented. The system utilizes two remote terminal units (RTUs), an Arduino Mega2560 and a Wio terminal, to communicate with all actuators and measure vital system characteristics such as voltage, current, and power. Using the Firmata protocol, a laptop serves as the main terminal unit (MTU) to communicate with the Arduino. In addition to being the system’s central component, Node-Red is utilized for processing, analyzing, storing, and displaying data. In contrast, a Wio terminal is used to display the values of all sensors in real-time on its LCD screen. As a whole, the proposed SCADA system is designed to keep the HRPS running smoothly and safely by displaying vital parameters, reporting any significant faults, and controlling the generator so that the batteries can be charged and discharged correctly. This article presents a complete description of all algorithms, experimental setups, testing, and results

Cybersecurity of Industrial Cyber-Physical Systems: A Review

Industrial cyber-physical systems (ICPSs) manage critical infrastructures by controlling the processes based on the "physics" data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the "security by obscurity" principle provided by air-gapping is no longer followed. As the interconnectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition while the most common ones are related to weak boundary protection. Although there are existing surveys in this context, very little is mentioned regarding these reports. This paper bridges this gap by defining and reviewing ICPSs from a cybersecurity perspective. In particular, multi-dimensional adaptive attack taxonomy is presented and utilized for evaluating real-life ICPS cyber incidents. We also identify the general shortcomings and highlight the points that cause a gap in existing literature while defining future research directions.Comment: 32 pages, 10 figure

Remote control and monitoring of power systems

Includes synopsis.Includes bibliographical references (leaves 87-93).Power systems are typically complex and can be affected by their environment in ways that cannot be completely predicted by their designers. It is thus imperative that monitoring is considered as part of the design of new power systems. Due to the associated costs of maintenance, repair, and downtime, monitoring these systems is particularly important when the installations are remote. Remote locations benefit greatly from renewable energy sources. As a result, this work focuses on a novel Hybrid Inverter system developed by Optimal Power Solutions Pty. Ltd. (OPS). This system uses renewable energy sources, grid power, and diesel generators together with a bi-directional inverter to supply a remote location with grid-quality power