Security Framework for DNP3 and SCADA: New DNPSec Framework to Enable CIA Placed Directly inDNP3, Simulation study, and Enable Authorization Services by the Usage of RBAC in SCADA
In this work I recommend a new DNPSec framework to enable confidentiality, integrity, and authenticity (CIA) placed directly in the DNP3. Such a framework requires some modifications in the data structure ofthe DNP3 Data Link layer. My main goal is to address the threats related to CIA in the DNP3 as part of SCADA architecture, with a minimum performance impact on the communication link; and without requiring modification to the much more expensive Master and Substation devices and the applications supporting them. Also, and as part of this work, I develop a proof of concept for the DNPSec framework byconducting simulation studies to measure the performance impact by adding DNPSec functionality on the communication links and end nodes. One other recommendation in my work is to enable authorization services by the usage of the Role-Based Access Control (RBAC) model to define the users, security roles, permissions, authorization, and role hierarchy as one measure to access the SCADA system. Achieving the desired level of authorization and access control will involve integrating the security system with SCADA operations and building RBAC capabilities in the application level.