Collaborative, trust-based security mechanisms for a regional utility intranet

This article investigates network policies and mechanisms to enhance security in SCADA networks using a mix of TCP and UDP transport protocols over IP. It recommends creating a trust system that can be added in strategic locations to protect existing legacy architectures and to accommodate a transition to IP through the introduction of equipment based on modern standards such as IEC 61850. The trust system is based on a best-of-breed application of standard information technology (IT) network security mechanisms and IP protocols. The trust system provides seamless, automated command and control for the suppression of network attacks and other suspicious events. It also supplies access control, format validation, event analysis, alerting, blocking, and event logging at any network-level and can do so on behalf of any system that does not have the resources to perform these functions itself. Latency calculations are used to estimate limits of applicability within a company and between geographically separated company and area control centers, scalable to hierarchical regional implementations.