Optimization of trust system placement for power grid security and compartmentalization

Summary form only given. This article proposes a robust mathematical method to strategically place trust nodes to compartmentalize a time-critical SCADA network. The trust nodes combine firewall and intrusion detection technology to provide communication network security for protection, control, and SCADA systems. The mathematical technique optimizes the placement of the trust nodes based on the timing requirements of existing systems and the number of trust nodes that are available in the system given constraints, which may arise due to budgetary limitations or the restrictions of existing utility hardware. The intent is to create a planning tool to allow utility system operators to determine the best locations to place trust nodes to increase system security given limited resources and/or hardware constraints. The operational requirements of the environment are translated into a mathematical model. Mixed integer linear programming is used to process this model in search of an optimal solution. Because the problem is provably NP-Hard, a heuristic is also given to quickly find good, but not optimal, solutions. Experiments show promise for the proposed techniques.