Evaluation
of Security
Solutions
in the SCADA
Environment
Robert D. Larkin
Air Force Institute of Technology
Juan Lopez Jr.
Air Force Institute of Technology
Jonathan W. Butts
Air Force Institute of Technology
Michael R. Grimaila
Air Force Institute of Technology
Disclaimer
The views expressed in this article are those of the
authors and do not reflect the official policy or position
of the United States Air Force, Department of
Defense, or the United States Government.
Abstract
Supervisory Control and Data Acquisition (SCADA)
systems control and monitor the electric power grid,
water treatment facilities, oil and gas pipelines,
railways, and other critical infrastructure assets. With
the advent of greater connectivity via the Internet,
organizations that own and operate these systems
have increasingly interconnected them with their
enterprise network to take advantage of cost savings
and operational benefits. Now, these once isolated
systems are susceptible to a wider range of threats
resulting from new pathways into the network that
previously did not exist. Recommendations for
safeguarding SCADA systems include employment of
traditional information technology (IT) security
solutions; however, mitigation strategies designed for
IT systems must first be evaluated prior to deployment
on a SCADA system to quantify and to minimize the
risk of adverse operational impacts. This article
examines the employment of traditional IT security
mechanisms in the SCADA environment. We provide
considerations that should be evaluated prior to
deploying security controls to mitigate negative
impacts on operations. A case study is provided that
evaluates a host-based intrusion detection system
and a petrochemical fuels management SCADA
system.
Keywords: Critical Infrastructure Protection, SCADA
security, Host-Based IDS.
ACM Categories: C.2, C.2.0, C.3, C.4
General Terms: Security; Experimentation;
Supervisory Control and Data Acquisition (SCADA);
Critical Infrastructure Protection
Introduction
Virtually all organizations have embedded Information
and Communication Technologies (ICT) into their core
organizational processes as a means to increase
operational efficiency, improve decision making quality,
reduce delays, and/or maximize profit. However, this
dependence can place the organization mission and
safety at risk when an event causing the loss,
corruption, or degradation of, or access to, a critical
information resource occurs. Our society as a whole is
dependent upon Supervisory Control and Data
Acquisition (SCADA) devices, which control and
monitor critical infrastructure systems. Yet, the number
of associated devices connected to the Internet and
vulnerable to attack is alarmingly high. In a recent
study, Leverett identified 3,920 SCADA devices within
the United States that were accessible via the Internet
(Leverett, 2011). Because of the accessibility, SCADA
devices are subject to not only targeted attacks, but
The DATA BASE for Advances in Information Systems
Volume 45, Number 1, February 2014
