Project: Novel advanced security platform form control systems based on SCADA

The objective of this project is to develop a platform that provides the necessary security elements adapted for SCADA (Supervisory Control And Data Acquisition) systems, by developing the necessary technologies. This platform will isolate the SCADA network from interconnections with vulnerable points by which the SCADA system can be accessed. The intrusion into the SCADA system by unauthorized people who intentionally or accidentally may carry out changes in the parameters of the production chain, could lead to the shutdown of the production system and even threaten the safety of workers._x000D_To achieve this objective the most advanced security technologies must be adapted to the protocols of SCADA systems. The project will be validated in a pilot plant forcing different types of attacks, monitoring the behaviour of the system and improving the security policies defined in order to obtain a high reliable SCADA system._x000D_This project seeks to respond to the problem that has arisen because of the evolution of the traditional SCADA systems, which have gone from being isolated systems with proprietary protocols to be part of complex interconnected architectures. SCADA systems, that allow to monitor and act on industrial processes from several locations and remotely, are used in many critical installations, thus resolving the arising problems in the field of security is essential. The factors that have led to increased concerns about security in SCADA systems are:_x000D_- Interconnection of networks and devices: SCADA networks have increasingly more interconnections for business needs (ERP…) and for remote servicing. Hence, they are exposed to intrusions risks and attacks by exploiting vulnerabilities inherent to the platforms where they operate and communicating networks (Internet, WiFi)._x000D_- Convergence of different technologies and communications. Traditionally, SCADA systems used particular and sometimes proprietary network protocols such as CAN, Profibus, Industrial Ethernet… Nowadays, these protocols are being migrated to Ethernet, using TCP/IP. This protocol is widely known by attackers and facilitates the use of standard attacking tools._x000D_- Difficulty of patching vulnerabilities. The need for the continued operation of these systems makes it difficult to implement software and hardware updates, making them more vulnerable to attacks._x000D_- SCADA systems are focused on achieving high reliability and availability, leaving in the background factors such as encryption, authentication and registration of security events._x000D_The system that will be obtained as a result of this project will include therefore the previous points. It will also be implemented a security methodology to minimize the risk of incidents._x000D_To achieve the primary goal of the project, these specific objectives arise:_x000D_- Analysis of the protocols used in SCADA networks_x000D_- Analysis of security requirements and vulnerabilities in SCADA networks_x000D_-Security technologies will be adapted for the SCADA protocols defining rules, configurations, security policies and best practices, so that communications among the different devices (HMI, RTU, PLC…) are conducted in a secure manner._x000D_- Introduction of mechanisms for controlling access to the various features of the SCADA network_x000D_- Adaptation of the components of traditional SCADA networks through additional CPU resources, memory, switches, appropiate firewalls… to facilitate the introduction of security features such as encryption, authentication…_x000D_- Definition of best practices for the design of SCADA networks _x000D_- Development of a methodology for analysing and improving the security aspects inherent to SCADA systems based on a cycle of measurement, analysis and action._x000D_ -- To take measurements, tools in the field of computer security (IDS, audit logs, SCADA Network Sniffing, SCADA Honeypots, tools for analysing vulnerabilities…) will be adapted to the SCADA protocols._x000D_ -- The information obtained by those tools will be systematically analyzed and correlated to obtain unified information of attacks and anomalies. A control panel will integrate the various security indicators._x000D_ -- Guidelines for action will be defined to improve the security level of SCADA systems, including vulnerabilities to be patched, upgrades in security policies, rules for the firewall, the IDS…_x000D_This project is applicable to any industry where you need to automate process control. The advantages provided by the SCADA systems have made them become the computerized heart of many key infrastructures such as: Transport (rail control, air, traffic…), Supplies (electricity, water, gas…), Nuclear Power or Industrial Systems (chemical, refineries…)._x000D_The companies developing this project are COly focused on the following markets: metal process, paper and water treatment. However, the exploitation of this project may be moved to any other sector, with a higher added value the more complex the network architecture of the final system is._x000D_

Acronym SECADA (Reference Number: 4278)
Duration 01/04/2008 - 01/01/2010
Project Topic The objective of this project is to develop a platform that provides the necessary security technologies adapted for SCADA protocols. Offering to the market SCADA networks integrating a platform to isolate them from interconnections with vulnerable points is an innovation.
Network Eurostars
Call Eurostars Cut-Off 1

Project partner

Number Name Role Country
2 MONDRAGON SISTEMAS DE INFORMACION, S.COOP Coordinator Spain
2 AUTOMATION REAL TIME TECHNOLOGY Partner France