Permanent Activity Monitoring and Attack Localization – SCALA
SCADA (Supervisory Control And Data Acquisition) systems are used in many business sectors such as transportation, energy, telecoms or water distribution.
Most of these sectors are defined in Europe as mission critical sectors and, as a consequence, critical installations have to be protected.
For malicious action or terrorism purpose, enter in a SCADA system allows capability to control the system with a wide impact on the process. This risk is increased by the distributed architecture of the process and the associated infrastructure : there are lot of sites and most of them are remotely controlled.
There are plenty of solutions to protect a legacy IT infrastructure, but these solutions are not useful for industrial systems, because not taking into account the specificity of those systems. These industrial systems are controlling physical processes outside the IT systems, traditionally able to operate as autarkic systems with very dedicated equipment technology optimized to local process efficiency and software developed for constrained devices (in terms of capability of processing, storage or communication). In this context, the systems are not protected enough, and system design and operational processes were only marginally impacted by IT security concerns.
In this global context of protection of the infrastructure and the networks, we plan to explore economically justifiable protection and improve the detection of intrusion to reduce and minimize remaining risks substantially.
Two types of results are expected : methodology and prototype of product.
• Create a methodology for risk analysis dedicated to industrial system used for process control : define the security concepts for industrial system;
• Prepare an awareness and educational training kit for operational and technical staff in order to improve operational processes by taking into account the security commitments;
• Identify and develop the instruments able to protect the integrity of the production system;
• Development of solution for detection of abnormality of the behaviour of the system.
In order to demonstrate the capabilities of the results, two operators will be involved in the project : Lyonnaise des Eaux in France and Eurawasser in Germany. The sites will be involved from the beginning of the project to provide historical process data for modelling (WP400) and during the last phase for lab and field tests (WP500). Obviously it will be difficult to test the results directly on the production sites : we plan to replicate the production systems in a demonstrator environment, which simulates a representative production system as realistic as possible, to test and validate the different modules proposed before their installation on a pilot sites in the field.
In term of dissemination, we expect to have results widely usable : any company using ICT industrial system to control the production process will be interested to protect the system :
• A guide for production team and a methodology usable for audit and security assessment;
• A prototype of a protection and detection appliance which can be installed on an industrial network.
Project coordination
CAMPAN FRANCIS (ONDEO SYSTEMS) – francis.campan@suez-env.com
The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.
Partner
OS ONDEO SYSTEMS
UTT / ICD / LM2S UNIVERSITE DE TECHNOLOGIE DE TROYES / INSTITUT CHARLES DELAUNAY / LAORATOIRE DE MODELISATION ET DE SURETE DES SYSTEMES
Help of the ANR 564,365 euros
Beginning and duration of the scientific project:
May 2012
- 36 Months