A testbed for SCADA cyber security and intrusion detection

Abstract

Power grid is an important element of the cyber physical systems. Attacks on such infrastructure may have catastrophic impact and hence the mitigation solutions for the attacks are necessary. It is impractical to test attacks and mitigation strategies on real networks. A testbed as a platform bridges the cyber-physical divide by bringing in the physical system inside the cyber domain, and test the attack scenarios. We are proposing such a testbed here that can simulate power systems Supervisory Control and Data Acquisition (SCADA). The testbed consists of traffic generator, simulated devices like Remote Terminal Units (RTUs), Master Terminal Unit (MTU), Human Machine Interface (HMI) etc. and the communication channel wrapped around industrial communication protocols such as IEC-60870-5-101 and DNP3. The proposed testbed includes with a comparator module which helps in detecting potential intrusions at RTU. A compromised RTU can be manipulated to send fabricated commands in the grid or to send polled responses from the grid. Detecting compromised systems at early stages helps in reducing damage to Industrial Control System (ICS) and providing higher security measures.