SCADA (supervision, control, and data acquisition) are software applications used to supervise industrial operations. SCADA involves the real-time collection of data from remote places in order to supervise the operation of machinery and environmental conditions. Organisations are given the resources they need by SCADA to develop and use data-driven decisions for their industrial operations. This supervisory system’s major objective is to monitor and manage the machinery used in industrial processes for businesses in the public and private sectors. Indeed, SCADA systems are present practically everywhere in the modern world. This covers manufacturing facilities, transportation, oil and gas, electricity transmission, water management, and other facilities.
IEC 60870-5-104 PROTOCOL
Industrial Control Systems (ICS) have improved connectivity, making it simpler to access them via the internet to monitor and control (critical) infrastructure. This has made it simpler for attackers to conduct an attack on an ICS from a distance. IEC 60870-5-104 is a protocol that is employed in such ICSs to govern power distribution.
In Supervisory Control and Data Acquisition (SCADA) networks, the IEC-60870-5-104 (IEC-104) protocol is frequently used to control crucial infrastructure, such as power plants. In order to develop defence mechanisms based on the regularity of the polling mechanism used in SCADA systems, which is becoming increasingly important, SCADA traffic has been characterised and modelled. Traffic caused by non-polling mechanisms, such as spontaneous events, has not yet been characterized.
IEC 60870-5-104 permits communication over a common TCP/IP network between an IED, RTU control station, and substation. For connection-oriented, secure data transport, the TCP protocol is employed. A communication profile for exchanging fundamental telecontrol messages between two systems in electrical engineering and power system automation is provided by the IEC 60870-5-104 protocol (IEC 104) which is a component of the IEC Telecontrol Equipment and Systems Standard IEC 60870-5.
CYBER-SECURITY OF SCADA SYSTEMS
Supervisory Control and Data Acquisition (SCADA) systems in Smart Grids may be more vulnerable to malicious attacks due to their increased complexity and interconnectedness. SCADA systems with outdated communication infrastructure are inherently vulnerable to cyber-attacks because they were not given much thought when they were first constructed. In order to ensure cyber-security of SCADA networks, a rule-based Intrusion Detection System (IDS) employing a Deep Packet Inspection (DPI) method is implemented. It contains signature-based and model-based strategies designed specifically for SCADA systems. Several well-known suspicious or malicious assaults can be accurately detected by the proposed signature-based rules. Model-based detection is also suggested as an additional technique to identify unexpected attacks. Finally, proposed methodologies for SCADA network intrusion detection are developed and tested using Snort rules.
IEC 60870-5-104 VULNERABILITIES
Currently, SCADA systems of power sector utilities employ the standard communication protocol IEC-60870-5-104 extensively. Because of its plain-text transmission feature, this protocol is insecure at the application layer and data link layer. The protocol is susceptible to attacks including spoofing and non-repudiation at the application layer, as well as sniffing, data alteration, and replay attacks at the data connection layer.
In addition, the protocol lacks identity verification, data integrity protection against tampering, confidentiality for sensitive data such device addresses (IOA), RTU addresses, etc., and authorization and limitation against dangerous function code execution on RTU. These flaws enable an attacker to take over a critical infrastructure system used by SCADA and use it to perform attacks like MITM, DoS, replay, packet injection, data alteration, identity spoofing, etc. The functioning, dependability, and safety of the power systems could suffer serious harm as a result.
IEC 60870-5-104 SECURITY
IEC-104’s functionality is dependent on TCP/IP, which has a number of security flaws. Despite the fact that the IEC 62351 standard offers guidance and ways to improve the security of IEC-101 and IEC-104, the SCADA systems that use these protocols are industrial in nature, making it difficult to modify them right away. As a result, in addition to TCP/flaws, IP’s IEC-104 has a serious security flaw in that data is delivered at the application layer without using encryption techniques, making traffic analysis and MITM attacks conceivable. Additionally, several protocol commands, including reset, interrogate, read, and other commands, do not include authentication measures, making it possible for illegal access. This flaw is critical because a cyberattacker may use it to take control of PLCs and possibly the entire operation of an automation substation, leading to disastrous results.
