Evaluating resilience of DNP3-controlled SCADA systems against event buffer flooding
- Los Alamos National Laboratory
- UNIV OF IL
The DNP3 protocol is widely used in SCADA systems (particularly electrical power) as a means of communicating observed sensor state information back to a control center. Typical architectures using DNP3 have a two level hierarchy, where a specialized data aggregator device receives observed state from devices within a local region, and the control center collects the aggregated state from the data aggregator. The DNP3 communication between control center and data aggregator is asynchronous with the DNP3 communication between data aggregator and relays; this leads to the possibility of completely filling a data aggregator's buffer of pending events, when a relay is compromised or spoofed and sends overly many (false) events to the data aggregator. This paper investigates how a real-world SCADA device responds to event buffer flooding. A Discrete-Time Markov Chain (DTMC) model is developed for understanding this. The DTMC model is validated by a Moebius simulation model and data collected on real SCADA testbed.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC52-06NA25396
- OSTI ID:
- 1044891
- Report Number(s):
- LA-UR-10-08350; LA-UR-10-8350; TRN: US201214%%560
- Resource Relation:
- Conference: The 41st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'11) ; June 27, 2011 ; Hong Kong, China
- Country of Publication:
- United States
- Language:
- English
Similar Records
Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid
Data Analytics for Electrical Distribution Systems with Micro PMUs (GMLC 1.4.9 Technical Report)