Abstract
Distributed Network Protocol (DNP3) is the predominant SCADA protocol in the energy sector – more than 75% of North American electric utilities currently use DNP3 for industrial control applications. This paper presents a taxonomy of attacks on the protocol. The attacks are classified based on targets (control center, outstation devices and network/communication paths) and threat categories (interception, interruption, modification and fabrication). To facilitate risk analysis and mitigation strategies, the attacks are associated with the specific DNP3 protocol layers they exploit. Also, the operational impact of the attacks is categorized in terms of three key SCADA objectives: process confi- dentiality, process awareness and process control. The attack taxonomy clarifies the nature and scope of the threats to DNP3 systems, and can provide insights into the relative costs and benefits of implementing mitigation strategies.
Chapter PDF
Similar content being viewed by others
References
G. Clarke and D. Reynolds, Practical Modern SCADA Protocols: DNP3, IEC 60870.5 and Related Systems, Newnes, Oxford, United Kingdom, 2004.
K. Curtis, A DNP3 Protocol Primer (Revision A), DNP3 Users Group, Calgary, Canada (www.dnp.org/About/DNP3%20Primer%20Rev%20A.pdf), 2005.
DNP Users Group, Pasadena, California (www.dnp.org), 2008.
Electric Power Research Institute, DNP Security Development, Evaluation and Testing Project Opportunity, Palo Alto, California (mydocs.epri.com/docs/public/000000000001016988.pdf), 2008.
P. Huber and M. Mills, Brawn and brains, Forbes, September 15, 2003.
P. Huitsing, R. Chandia, M. Papa and S. Shenoi, Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp. 37–44, 2008.
Institute for Security Technology Studies, Cyber Security of the Electric Power Industry, Dartmouth College, Hanover, New Hampshire (www.ists.dartmouth.edu/library/218.pdf), 2002.
J. Meserve, Mouse click could plunge city into darkness, experts say, CNN.com (www.cnn.com/2007/US/09/27/power.at.risk/index.html), September 27, 2007.
C. Pfleeger and S. Lawrence-Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, New Jersey, 2007.
M. Smith, DNP V3.00 Transport Functions, DNP Users Group, Pasadena, California, 1992.
M. Smith and J. McFadyen, DNP V3.00 Application Layer Protocol Description, DNP Users Group, Pasadena, California, 1991.
M. Smith and J. McFadyen, DNP V3.00 Data Link Layer Protocol Description, DNP Users Group, Pasadena, California, 2000.
Sun Microsystems, Secure Enterprise Computing with the Solaris 8 Operating Environment, Palo Alto, California (www.sun.com/software/white papers/wp-s8security/wp-s8security.pdf), 2000.
M. Thesing, DNP3 Specification Volume 7: IP Networking, DNP Users Group, Pasadena, California, 1998.
Triangle MicroWorks, DNP3 Overview, Raleigh, North Carolina (www. trianglemicroworks.com/documents/DNP3_Overview.pdf), 2002.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
East, S., Butts, J., Papa, M., Shenoi, S. (2009). A Taxonomy of Attacks on the DNP3 Protocol. In: Palmer, C., Shenoi, S. (eds) Critical Infrastructure Protection III. ICCIP 2009. IFIP Advances in Information and Communication Technology, vol 311. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04798-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-04798-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04797-8
Online ISBN: 978-3-642-04798-5
eBook Packages: Computer ScienceComputer Science (R0)