A security and authentication layer for SCADA/DCS applications

Abstract

Mid 2010, a sophisticated malicious computer worm called Stuxnet targeted major ICS systems around the world causing severe damages to Siemens automation products. Stuxnet proved its ability to infect air-gapped-segregated critical computers control system. After this attack, the whole ICS industry security was thrust into spotlight. Automation suppliers have already started to re-think their business approach to cyber security. The OPC foundation have made also significant changes and improvements on its new design OPC-UA to increase security of automation applications but, what is still missing and seems to be not resolved any time soon is having security in depth for industrial automation applications. In this paper, we propose a simple but strong security control solution to be implemented as a logic level security on SCADA and DCS systems. The method presented in this work enforces message integrity to build trusts between DCS system components, but it should not be viewed as the main nor the only protection layer implemented on an industrial automation system. The proposed solution can be viewed as a low-level security procedure to avoid malicious attacks such as Stuxnet.