On the adaptation of physical-layer failure detection mechanisms to handle attacks against SCADA systems

Abstract

International audienceSupervisory Control and Data Acquisition (SCADA), is a technology to monitor industrial and critical infrastructures. The SCADA technology was conceived for centralized and isolation processes. Nowadays, it is more distributed and vulnerable to cyber attacks. SCADA systems are typically composed of three well-defined types of field devices: 1) Master Terminal Units (MTUs) and Human Machine Interfaces (HMIs), located in top and managing all communications; 2) Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs), which control and acquire data from remote equipment and connect with the master station; and 3) sensors and actuators, which act as the input and output functions of the system. Threats to SCADA systems can target the lower layers. For instance, replay and integrity attacks to alter the state estimation conducted by PLCs, actuators and sensors. Given the difficulty of handling such threats at the upper layers, detection and protection against malicious activities must be conducted at the lower layers themselves. Several approaches in the literature propose the adaptation of physical-layer failure detection mechanisms (e.g., systems for the detection of faults and accidents) to handle malicious attacks (e.g., replay and integrity attacks conducted by malicious adversaries). The talk elaborates on such approaches, and will discuss about some of their limitations. Some conclusions and perspectives for future work will be presente