Defending the grid: Backfitting non-expandable control systems

Network security has been a lively research area for more than 35 years and numerous products are available nowadays. In contrast to business networks, which were interconnected from the beginning by design, Industrial Control Systems (ICSs) have always been self-contained networks. Because their key features are real-time capability and their operational constraint to function as specified under maximum load (Carlson 1998), security has played only a subordinate role. Nowadays these systems are increasingly connected to the Internet; for example, wind power is more frequently used and generators are installed in remote and scattered regions that are difficult to access, so remote administration based on mobile communications is required, often using the Internet. While numerous papers on securing ICSs have been published, interest rose after the incidents in Iran's enrichment plant in Natanz where the SCADA system controlling the centrifuges was attacked by the Stuxnet worm. Even with these intensified efforts, the current security situation is insufficient as numerous security systems perform inadequately in real-world environments. Elderly ICSs are also still in use which cannot be retrofitted easily or at all, and modern systems are often still not developed with ‘security by design’ in mind. In contrast to general purpose systems, a relatively limited number of processes are executed within ICSs. This enables the use of detection mechanisms based on voltage levels and current drain to build lightweight detection systems without huge databases by measuring the current drain during normal system operation. Our concept combines the advantages of different detection principles and enhances them to build an Intrusion Detection System usable within ICSs. It is implemented based on low-priced components and can be integrated even in older, originally non-expandable systems.