A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol

SCADA systems are used across the critical infrastructure to monitor and control vital industrial processes. Traditional firewalls, authentication mechanisms, and cryptographic algorithms and protocols are inadequate to secure SCADA systems and the underlying industrial processes from cyber attacks. This paper describes a novel approach for providing a high level of secrecy to the IEC 60870-5-101 protocol, a non-routable open SCADA communications protocol used in the electric power industry. The proposed approach incorporates a secrecy layer between the physical and link layers of the enhanced performance architecture of the IEC 60870-5-101 protocol. The secrecy layer is an implementation of Shannon's notion of an unconditionally-secure system in which perfect secrecy and strong ideal secrecy are leveraged to guarantee the authenticity, integrity and confidentiality of SCADA data transmission. Experimental results using an industrial control testbed confirm that the proposed approach satisfies the temporal constraints imposed on SCADA systems used in electrical substations.