Tamper Event Detection on Distributed Devices in Critical Infrastructure

Utilities are currently installing a number of resource-constrained embedded devices at the remote endpoints of their SCADA (Supervisory Control and Data Acquisition) networks as part of their smart grid rollout. These devices present a security risk for utilities: They are deployed in many different places and environments; they have very little physical security; and they have direct access back to control centers and other infrastructure. Therefore, these devices present an easy opportunity for attackers to infiltrate and damage a utility’s SCADA network, and protecting these networks is critical. While a large body of work exists in both the physical tampering and SCADA protection spheres, current schemes cannot be applied here: They are either not designed to protect both a device and the network it lives on, not flexible enough to handle the various tamper events that these remote devices face, or not lightweight enough to operate under the inherent constraints of a SCADA network. In this paper, we introduce T.E.D.D.I. (Tamper Event Detection on Distributed Infrastructure), a distributed, sensor-based tamper protection architecture that we are building to protect remotely-deployed devices. This architecture will allow for a flexible, policy-centric response to tamper events, incorporate external context data into T.E.D.D.I.’s decision-making process, and adhere to the many constraints imposed on SCADA systems. We also discuss the current state of T.E.D.D.I., its various components, and our plans for constructing and validating the final system.