Print Print  
Award Information
Proposal Number: 04110880
Proposal Title: Intrusion Detection and Security Monitoring of SCADA Networks
Topic Number: H-SB04.1-008
Phase: Phase I
Topic Title: Advanced Secure Supervisory Control and Data Acquisition (SCADA) and Related Distributed Control Systems
Organization: Digital Bond, Inc.
Address: 1580 Sawgrass Corp. Pkwy, Suite 130
Sunrise, FL 33323-2859  
Abstract: Legacy SCADA systems, and the systems being sold today, lack the security required to prevent attacks. Intrusion detection systems (IDS) and security monitoring tools can work as compensating controls by identifying and stopping attacks. Unfortunately, existing security systems do not identify SCADA specific attacks. Our proposal will add SCADA specific knowledge to IDS and security monitoring tools. Specifically, we will: (1) create an open source SCADA signature set for the SNORT IDS that will include specific signature examples, a context, and a tool for SCADA vendors and users to add system specific signatures. (2) identify and extract security specific log entries in SCADA application logs for use in a security monitoring tool. Examples include failed logins, display changes, and escalation of privileges. (3) Correlate the SCADA application log events and the SCADA IDS data to appropriately set the alert level. The technical approach will focus on identifying attacks to the field device, RTU/PLC, to SCADA server communication. With TCP/IP based field devices spread over a wide geographic area, and the lack of a security standard for this protocol, this communication is perhaps the largest cyber security risk. Our proposal is an immediate compensating control for this risk.
Award/Contract Number: NBCHC040078
Period of Performance: 04/01/2004 - 10/15/2004
Award/Contract Value: $100,000.00
Award/Obligated Amount: $100,000.00