SCADA protocol vulnerabilities

Abstract

The majority of network traffic in process control networks is generated by industrial communication protocols, whose implementation represents a considerable part of the code that runs in process control systems. Consequently a large number of attack techniques that apply to process control systems can be conducted over industrial communication protocols. In this chapter we provide a technical discussion of possible vulnerabilities in industrial communication protocols, with specific reference to the IEC 61850 and ModBus protocols. We provide technical background on IEC 61850 and ModBus, and thus proceed with a description of possible vulnerabilities in those protocols. We also elaborate on how those vulnerabilities are exploited, and thus describe various techniques that leverage such exploitations to maximize physical damage to digitally controlled physical infrastructures such as power plants and electrical substations. The main goal behind this chapter is to provide the reader with technical insight that is workable in researching and engineering a better cyber defense for process control systems. © 2012 Springer-Verlag Berlin Heidelberg.