ASESMEN KERENTANAN KEAMANAN INFORMASI SISTEM SCADA DENGAN METODE OCTAVE ALLEGRO

System SCADA (Supervisory Control And Data Acquisition) merupakan sebuah system yang dibuat untuk pengambilan data, menyimpannya, analisa dan juga untuk mengendalikan suatu plant/system yang umumnya dilakukan secara jarak jauh. Untuk meningkatkan efisiensi, saat ini, system SCADA telah dipakai secara luas dalam berbagai bidang industry, seperti manufaktur, pembangkit listrik, oil & gas, telekomunikasi dan transportasi. Dalam perkembangannya, system ini tidak hanya terkoneksi secara intern saja, bahkan terkoneksi dengan internet untuk komunikasi antar komponennya maupun pengambilan informasi data sebagai bagian dari pendukung keputusan. Dengan terkoneksinya dengan system ekstern dalam hal ini internet, maka keamanan informasi system SCADA ini akan menjadi sangat rentan. Oleh karena itu, identifikasi terhadap resiko keamanan yang mungkin saja terjadi untuk memperoleh gambaran yang lengkap status keamanan system ini menjadi sangat diperlukan. Paper ini pengaplikasikan metode operationally critical threat, asset and vulnerability evaluation (OCTAVE) allegro untuk meng-asses resiko keamanan dari system SCADA. Metode ini focus pada asset informasi dan membandingkan wadah informasi yang berbeda-beda seperti database, kertas fisik dan manusia. Tujuan studi ini adalah untuk menyoroti berbagai kerentanan, resiko serta mengusulkan pendekatan mitigasi resiko yang teridentifikasi dari  keamanan system SCADA. Penelitian ini diharapkan bisa digunakan sebagai dasar untuk meningkatkan keamanan system SCADA.   Kata Kunci      SCADA, OCTAVE Allegro, Informasi, Resiko Keamanan

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

Modern technology enhancements have been used worldwide to fulfill the requirements of the industrial sector, especially in supervisory control and data acquisition (SCADA) systems as a part of industrial control systems (ICS). SCADA systems have gained popularity in industrial automations due to technology enhancements and connectivity with modern computer networks and/or protocols. The procurement of new technologies has made SCADA systems important and helpful to processing in oil lines, water treatment plants, and electricity generation and control stations. On the other hand, these systems have vulnerabilities like other traditional computer networks (or systems), especially when interconnected with open platforms. Many international organizations and researchers have proposed and deployed solutions for SCADA security enhancement, but most of these have been based on node-to-node security, without emphasizing critical sessions that are linked directly with industrial processing and automation. This study concerns SCADA security measures related to critical processing with specified sessions of automated polling, analyzing cryptography mechanisms and deploying the appropriate explicit inclusive security solution in a distributed network protocol version 3 (DNP3) stack, as part of a SCADA system. The bytes flow through the DNP3 stack with security computational bytes within specified critical intervals defined for polling. We took critical processing knowledge into account when designing a SCADA/DNP3 testbed and deploying a cryptography solution that did not affect communications

New Security Development and Trends to Secure the SCADA Sensors Automated Transmission during Critical Sessions

Modern technology enhancements have been used worldwide to fulfill the requirements of the industrial sector, especially in supervisory control and data acquisition (SCADA) systems as a part of industrial control systems (ICS). SCADA systems have gained popularity in industrial automations due to technology enhancements and connectivity with modern computer networks and/or protocols. The procurement of new technologies has made SCADA systems important and helpful to processing in oil lines, water treatment plants, and electricity generation and control stations. On the other hand, these systems have vulnerabilities like other traditional computer networks (or systems), especially when interconnected with open platforms. Many international organizations and researchers have proposed and deployed solutions for SCADA security enhancement, but most of these have been based on node-to-node security, without emphasizing critical sessions that are linked directly with industrial processing and automation. This study concerns SCADA security measures related to critical processing with specified sessions of automated polling, analyzing cryptography mechanisms and deploying the appropriate explicit inclusive security solution in a distributed network protocol version 3 (DNP3) stack, as part of a SCADA system. The bytes flow through the DNP3 stack with security computational bytes within specified critical intervals defined for polling. We took critical processing knowledge into account when designing a SCADA/DNP3 testbed and deploying a cryptography solution that did not affect communications