Supervisory Control and Data Acquisition (SCADA) systems are used to monitor and control large physical infrastructures, such as electricity transmission and distribution systems. For years they have operated as isolated systems, using proprietary protocols, and keeping the exchanged information only within the system, which was designed in a centralized architecture. Nowadays, however, SCADA systems are closely connected to the Internet in order to provide remote control capabilities. This makes them vulnerable to adversaries, which aim at disrupting the controlled process. Monitoring SCADA systems is a popular way to keep track of activities that are happening inside such systems. Unfortunately, approaches that are successful in regular IT systems are, however, not always applicable for SCADA systems. Real-life incidents show that disruptive commands can originate at authorised, legitimate hosts, leading to undesired consequences, such as a blackout. Unfortunately, most of the proposed approaches do not investigate the effect of the analysed packets on the underlying, physical system. In contrast, this thesis focuses on enhancing the traffic monitoring by proposing a local and process-aware monitoring tool for power distribution systems, that detects when the physical process is in an unsafe state. As a result, this thesis proposes a new and generic modelling formalism that can describe (a part of) a power distribution system, combined with a new local monitoring algorithm that can validate a set of physical constraints and safety requirements that are required to hold in the power distribution system. The proposed formalism and algorithm have been tested in a co-simulation testbed, and have also been implemented as a Self-Aware Monitor (SAM) tool. The SAM tool automatically generates the appropriate set of rules, based on the description of the topology of the local substation, and on the configuration of the controlling Remote Terminal Unit. Finally, a case study conducted at a substation of a Dutch distribution system operator has brought important insights about the feasibility of process-aware monitoring.
|Qualification||Doctor of Philosophy|
|Award date||12 Jul 2019|
|Place of Publication||Enschede|
|Publication status||Published - 12 Jul 2019|