Mauricio Papa scite author profile

Distributed Network Protocol (DNP3) is the predominant SCADA protocol in the energy sector-more than 75% of North American electric utilities currently use DNP3 for industrial control applications. This paper presents a taxonomy of attacks on the protocol. The attacks are classified based on targets (control center, outstation devices and network/communication paths) and threat categories (interception, interruption, modification and fabrication). To facilitate risk analysis and mitigation strategies, the attacks are associated with the specific DNP3 protocol layers they exploit. Also, the operational impact of the attacks is categorized in terms of three key SCADA objectives: process confidentiality, process awareness and process control. The attack taxonomy clarifies the nature and scope of the threats to DNP3 systems, and can provide insights into the relative costs and benefits of implementing mitigation strategies.

show abstract

Attack taxonomies for the Modbus protocols

Huitsing

Chandia

Papa

et al. 2008

International Journal of Critical Infrastructure Protection

193

107

View full text Add to dashboard Cite

Security Strategies for SCADA Networks

Chandia

González²,

Kilpatrick

et al.

View full text Add to dashboard Cite

SCADA systems have historically been isolated from other computing resources. However, the use of TCP/IP as a carrier protocol and the trend to interconnect SCADA systems with enterprise networks introduce serious security threats. This paper describes two strategies for securing SCADA networks, both of which have been implemented in a laboratory-scale Modbus network. The first utilizes a security services suite that minimizes the impact on time-critical industrial process systems while adhering to industry standards. The second engages a sophisticated forensic system for SCADA network traffic collection and analysis. The forensic system supports the post mortem analysis of security breaches and the monitoring of process behavior to optimize plant performance.

show abstract

An Architecture for SCADA Network Forensics

Kilpatrick

González

Chandia

et al. 2006

View full text Add to dashboard Cite

Supervisory control and data acquisition (SCADA) systems are widely used in industrial control and automation. Modern SCADA protocols often employ TCPlIP to transport sensor data and control signals.Meanwhile, corporate IT infrastructures are interconnecting with previously isolated SCADA networks. The use of TCPlIP as a carrier protocol and the interconnection of IT and SCADA networks raise serious security issues. This paper describes an architecture for SCADA network forensics. In addition to supporting forensic investigations of SCADA network incidents , the architecture incorporates mechanisms for monitoring process behavior, analyzing trends and optimizing plant performance.

show abstract

Passive Scanning in Modbus Networks

González¹,

Papa

View full text Add to dashboard Cite

This paper describes the design and implementation of a passive scanner for Modbus networks. The tool integrates packet parsing and passive scanning functionality to interpret Modbus transactions and provide accurate network representations. In particular, the scanner monitors Modbus messages to maintain and update state table entries associated with field devices. Entries in the state tables record important information including function codes, transaction state, memory access and memory contents. The performance and reporting capabilities of the passive scanner make it an attractive network troubleshooting and security tool for process control environments.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mauricio Papa

A Taxonomy of Attacks on the DNP3 Protocol

Attack taxonomies for the Modbus protocols

Security Strategies for SCADA Networks

An Architecture for SCADA Network Forensics

Passive Scanning in Modbus Networks

Contact Info

Product

Resources

About