Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
management system based on reputation is presented in order to show how a SCADA system could intelligently
assign alarms to the best operators in the field, and thereby ensuring an efficiently speed up the response.
Solutions and approaches are equally analysed for a Smart Grid context whose main control is located in a
SCADA system.
Also in the scope of SCADA, a chapter on protocol vulnerabilities by Rrushi fol-lows. As the author points
out, most of network traffic in process control networks is generated by industrial communication protocols,
what causes that a large number of attack techniques that apply to process control systems can be conducted
over in-dustrial communication protocols. The author provides with a technical discussion of possible
vulnerabilities in industrial communication protocols, with specific reference to ModBus and the IEC 61850
protocols, considered as representatives of the protocols currently deployed in digitally controlled physical
infrastructures such as power plants and electrical substations. In this sense, Modbus has been selected as
representative of bit-oriented protocols in terms of design while IEC 61850 has been selected because it adopts
the emerging paradigm of object-oriented process control communications. It is important to note that Rrushi
elaborates on how the vulnerabilities are exploited. In de-tail, the chapter discusses vulnerabilities regarding
weak or missing authentication and integrity checks of industrial protocol traffic along with some of the
computer network attacks that exploit those vulnerabilities. Then, memory corruption vulnerabilities as applied
to implementations of industrial communication protocols are also discussed. Besides, the chapter also includes
a description of various techniques that leverage a computer network attack to cause physical damage via
disruption of physical processes and equipment.
This part of the book finishes with a chapter authored by Khelil, Germanus and Suri that focuses on the protection
of SCADA communication channels. Generally speaking, in this chapter the existing approaches for SCADA
communication protection are com-prehensively surveyed and categorized, and also upcoming research technologies
on enhancing the protection of SCADA communication are presented. More precisely, the paper describes the
communication assets of SCADA systems and their requirements on protection, and also outline the key threats,
vulnerabilities and security weaknesses of SCADA systems that may present a danger for their proper operation.
Then, existing techniques for the protection of SCADA communication channels are discussed. Inter-estingly, authors
classify them into three main categories: techniques for resilience to network perturbations, cryptographic protection
of SCADA communication, and trust-worthy interconnection of SCADA systems. Further, authors focus on
middleware tech-niques as they are have general applicability and also conform with the clear IP trend in SCADA
components, and analyse two middleware add-on protection techniques, the INSPIRE P2P-based middleware and the
GridStat middleware. As shown by authors, both techniques aim at augmenting the trustworthiness of deployed
SCADA systems, primarily utilizing the approach of controllable data replication.