Asee peer logo

Supervisory Control And Data Acquisition Security Experience

Download Paper |

Conference

2004 Annual Conference

Location

Salt Lake City, Utah

Publication Date

June 20, 2004

Start Date

June 20, 2004

End Date

June 23, 2004

ISSN

2153-5965

Conference Session

Instrumentation and Laboratory Systems

Page Count

7

Page Numbers

9.1138.1 - 9.1138.7

DOI

10.18260/1-2--12778

Permanent URL

https://peer.asee.org/12778

Download Count

837

Paper Authors

author page

Stephen Fitzhugh

author page

Robert Goodrich

author page

Ronald Lessard

author page

Jacques Beneat

Download Paper |

Abstract
NOTE: The first page of text has been automatically extracted and included below in lieu of an abstract

Session 2220

Supervisory Control And Data Acquisition Security Experience

R. Lessard, R. Goodrich, J. Beneat, S. Fitzhugh

Norwich University

Abstract

Supervisory Control And Data Acquisition (SCADA) systems are deployed in power and communication utility, transportation, and financial infrastructures. These infrastructures are potential targets of cyber-terrorism and protecting critical infrastructures against terrorist attacks is a national and international priority. Norwich University’s first year “Professional Projects” course sequence is designed to give computer and electrical engineering students their an awareness of the impact of technology on society. This is also their first experience with National Instruments’ LabVIEW in an instrume ntation and control application, and the SCADA system application illustrates the concepts of network-based computer systems. Students develop a SCADA system representative of a municipal water system using LabVIEW software and experiment with a simulated cyber attack. RoboLab-based programs for autonomous Lego Mindstorm robots to compete in intramural versions of the Trinity College Home Fire Fighting and RoboCup Jr competitions are used introduce LabVIEW programming techniques and the instrumentation and control issues they later apply to the SCADA problem solution. This experience also gives them a first understanding of an Artificial Intelligence_(AI) application. AI is beginning to find application in protecting SCADA systems against a cyber-based attack. The students complete a series of step-by-step instructions based on LabVIEW SCADA templates and laboratory documentation that were developed during the summer of 2003 under an NSA Grant. An attack simulation, limited to spoofing a rogue Master Terminal Unit (MTU) within the SCADA system, is conducted on the wired network. Development of an isolated wireless network used to further demonstrate denial of service, information tampering, and operating system (buffer overflow) attacks is discussed.

I. Introduction

A Supervisory Control And Data Acquisition_(SCADA) system is introduced for municipal water distribution system. Using commercial and affordable software, students develop a simple simulated version of a single pump/tank system that works over the network. A few vulnerabilities are discussed, and a simple demonstration is illustrated. The part that distributed artificial intelligence might play in protecting SCADA systems against cyber attack is also discussed. Robotic competitions earlier in the student experience were used to help the students understand the concepts of artificial intelligence.

"Proceedings of the 2004 American Society for Engineering Education Annual Conference & Exposition Copyright © 2004, American Society for Engineering Education"

Fitzhugh, S., & Goodrich, R., & Lessard, R., & Beneat, J. (2004, June), Supervisory Control And Data Acquisition Security Experience Paper presented at 2004 Annual Conference, Salt Lake City, Utah. 10.18260/1-2--12778

ASEE holds the copyright on this document. It may be read by the public free of charge. Authors may archive their work on personal websites or in institutional repositories with the following citation: © 2004 American Society for Engineering Education. Other scholars may excerpt or quote from these materials with the same citation. When excerpting or quoting from Conference Proceedings, authors should, in addition to noting the ASEE copyright, list all the original authors and their institutions and name the host city of the conference. - Last updated April 1, 2015