Skip to Main Content
The focus of this paper is on vulnerabilities which exist in supervisory control and data acquisition (SCADA) systems. Cyber attacks targeting weaknesses in these systems can seriously degrade the survivability of a critical system. Detailed here is a non-intrusive approach for improving the survivability of these systems without interruption of their normal process flow. In a typical SCADA system, unsafe conditions are avoided by including interlocking logic code on the base system. This prevents conflicting operations from starting at inappropriate times, and provides corrective action or graceful shut-down of the system when a potentially unsafe condition is detected. If this code or these physical devices are manipulated remotely, the system can fail with unpredictable results. In the proposed approach, a workflow is constructed on a system outside of the attack path and separate from the process under control. The workflow is a combination of the functional behavior of a SCADA system and a model generated by cyber attack scenarios in that system. A cause and effect relationship of commands processed by the SCADA system is simulated in the workflow to help detect malicious operations. The workflow then contain functional and survivability knowledge of the underlying system. Failures induced by the introduction of malicious logic will be predicted by simulating the fault in the workflow. Modeling these modes of failure will be valuable in implementing damage control. This model is event driven and conducts simulation externally, hence does not interfere with normal functionality of the underlying systems.