Using detection in depth to counter SCADA-specific advanced persistent threats

Abstract

A heavy focus has recently been placed on the current state of each country’s critical infrastructure security. Unfortunately, widely deployed supervisory control and data acquisition (SCADA) protocols provide little to no inherent security controls while traditional security mechanisms prove largely ineffective in industrial control environments. Moreover, the recent advent of advanced persistent threats (APTs) has highlighted the relative ineffectiveness of existing SCADA-centric security solutions. In this thesis I will identify various algorithmic strategies for detecting and mitigating common APT attack vectors impacting SCADA environments. Primarily, the integration of flow-based intrusion detection systems, passive device fingerprinting, low- interaction honeypots, and traditional signature- based intrusion detection technologies provides a highly effective capacity for detecting common attack vectors used by APTs. Finally I will show how the integration of these technologies into a single security solution has provided a verifiably robust and effective solution for the problem at hand.