SCADA communication has quickly evolved from merely transmitting telemetry data to becoming the primary wired and wireless communication method for transmitting service management commands to millions of intelligent end devices. With the aggressive deployment of Smart Gird Distribution Automation capabilities by electric utilities and the expansion of those capabilities to accommodate a host of critical infrastructure services such as intelligent water and gas meters, intelligent outdoor lighting, acoustical detectors, transit status monitors, and more, SCADA networks have become high value targets for cyber-attacks. Isolating these critical networks is no longer a practical option.
Because it is financially infeasible to build totally impenetrable networks, industry has largely embraced Continuous Monitoring and Detection schemes as practical mitigation strategies. However, the increasing frequency of cyber-attacks is causing alarm fatigue and longer analysis and response times. The next step is deploying capabilities that advance beyond mere detection to protecting these networks and their critical assets in an automated fashion in real-time.
The presentation will discuss the growing cyber security threats, protection techniques such packet sniffing and interception capabilities, and building protocol dissectors for matching protocol session content against rules governing protocol behaviors. Recommended actions in real-time for implementing appropriate responses will be addressed to move from warnings and alarms to automated protection of SCADA networks from cyber-attacks. Insights from firsthand experience and high level results and discoveries made during recent deployments are shared.