• DocumentCode
    2283738
  • Title

    A retrofit network transaction data logger and intrusion detection system for transmission and distribution substations

  • Author

    Morris, Thomas ; Pavurapu, Kalyan

  • Author_Institution
    Electr. & Comput. Eng., Mississippi State Univ., Starkville, MS, USA
  • fYear
    2010
  • fDate
    Nov. 29 2010-Dec. 1 2010
  • Firstpage
    958
  • Lastpage
    963
  • Abstract
    SCADA systems are widely used in electricity generation, distribution, and transmission control systems. NERC CIP 002-009 requires bulk electric providers to secure critical cyber assets electronically and physically. Transmission and distribution substations contain cyber critical assets including remote terminal units (RTU), intelligent electronic devices (IED) such as relays, phasor measurement units (PMU) and phasor data concentrators (PDC). Substation critical cyber assets are isolated in electronic security perimeters using firewalls. In this paper a retrofit data logger solution for serial communication based MODBUS and DNP3 network appliances is offered. The retrofit data logger allows existing control systems to be updated to log network transactions in support of substation based network intrusion detection. Substation based intrusion detection supports a defense in depth approach to cyber security in which multiple overlapping layers of security are used to protect critical cyber assets. The data logger is an embedded bump-in-the-wire retrofit device which captures, time stamps, cryptographically signs, encrypts, and store network traffic. Network traffic is forwarded to the existing network. Additionally, the data logger architecture supports use of signature based and statistics based intrusion detection algorithms at the network appliance edge.
  • Keywords
    SCADA systems; data loggers; security of data; substations; SCADA; distribution substation; intrusion detection system; network traffic; phasor measurement unit; remote terminal unit; retrofit network transaction data logger; serial communication; substation; Data Logging; Intrusion Detection; Process Control System Cyber Security; SCADA Cyber Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Power and Energy (PECon), 2010 IEEE International Conference on
  • Conference_Location
    Kuala Lumpur
  • Print_ISBN
    978-1-4244-8947-3
  • Type

    conf

  • DOI
    10.1109/PECON.2010.5697717
  • Filename
    5697717
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2283738