Date of Award
Master of Science
Department of Electrical and Computer Engineering
Jonathan W. Butts, PhD.
Supervisory Control and Data Acquisition (SCADA) systems control and monitor the electric power grid, water treatment facilities, oil and gas pipelines, railways, and other Critical Infrastructure (CI). In recent years, organizations that own and operate these systems have increasingly interconnected them with their enterprise network to take advantage of cost savings and operational benefits. This trend, however, has introduced myriad vulnerabilities associated with the networking environment. As a result, the once isolated systems are now susceptible to a wide range of threats that previously did not exist. To help address the associated risks, security professionals seek to incorporate mitigation solutions designed for traditional networking and Information Technology (IT) systems. Unfortunately, the operating parameters and security principles associated with traditional IT systems do not readily translate to the SCADA environment. Security solutions for IT systems focus primarily on protecting the confidentiality of system and user data. Alternatively, SCADA systems must adhere to strict safety and reliability requirements and rely extensively on system availability. Mitigation strategies designed for traditional IT systems must first be evaluated prior to deployment on a SCADA system or risk adverse operational impacts such as a catastrophic oil spill, poisoning a water supply, or the shutdown of an electrical grid. This research evaluates the suitability of deploying a Host-Based Intrusion Detection System (IDS) to the Department of Defense SCADA fuels system. The impacts of the Host Intrusion Prevention System (HIPS) installed on the SCADA network's Human Machine Interface (HMI) is evaluated. Testing revealed that the HIPS agent interferes with the HMI's system services during startup. Once corrected, the HMI and connected SCADA network inherit the protections of the HIPS security agent and defenses associated with the Host-Based Security System.
DTIC Accession Number
Larkin, Robert D., "Evaluation of Traditional Security Solutions in the SCADA Environment" (2012). Theses and Dissertations. 1129.