Security Framework for Dnp3 and Scada

In this work I recommend a new DNPSec framework to§enable confidentiality, integrity, and authenticity§(CIA) placed directly in the DNP3. Such a framework§requires some modifications in the data structure of§the DNP3 Data Link layer. My main goal is to address§the threats related to CIA in the DNP3 as part of§SCADA architecture, with a minimum performance impact§on the communication link; and without requiring§modification to the much more expensive Master and§Substation devices and the applications supporting§them. Also, and as part of this work, I develop a§proof of concept for the DNPSec framework by§conducting simulation studies to measure the§performance impact by adding DNPSec functionality on§the communication links and end nodes. One other§recommendation in my work is to enable authorization§services by the usage of the Role-Based Access§Control (RBAC) model to define the users? security§roles, permissions, authorization, and role hierarchy§as one measure to access the SCADA system. Achieving§the desired level of authorization and access control§will involve integrating the security system with§SCADA operations and building RBAC capabilities in§the application level.