Abstract

Potential effectiveness of cyber-attacks against utility networks using protocol DNP3 would increase rapidly, when DNP3 is employed over TCP/IP, because attacks succeed on the Internet can be used against DNP3. This becomes a critical concern for DNP3 since an outstation may be accessed from multiple masters of external networks. However, commercial Internet security does not provide applicable security since they were not designed specifically for DNP3. This paper proposes a new efficient cyber-security specifically designed for DNP3 at its interface with TCP/IP to augment utility commercial security capability. Rule-based security is implemented for the proposed cyber-security for DNP3 over TCP/IP using the function codes, data objects, and data sets from DNP3 data link layer and application layer. The rule-based security is implemented on a connection basis so that detailed security rules are specifically defined for each connection to the device.