DNP3 Secure Authentication - What's all the buzz about?
By: SGN Staff
Quick Take: We recently told you bad news about a SCADA vulnerability. Now here's some good news about progress that applies to SCADA and other areas as well. - By Jesse Berst
By Brian Smith
If you are like me and many of the folks in this industry, you might consider DNP3 an old friend. It is well understood within the utility industry and has become a predominant solution for SCADA applications in North America. So when the subject of DNP3 Secure Authentication comes up in discussions, it’s easy to get excited.
Why the enthusiasm? What makes DNP3 Secure Authentication different than other security solutions which have been proposed and deployed throughout the electric utility industry over the past few years? The simple answer is that it’s an application layer solution but the real answer is in how that translates to value for the end users.
To start with, it is important to understand that almost all SCADA applications up until now rely completely on the network infrastructure for protection, meaning that any valid (correctly formatted) protocol message received by a device is trusted by default. Trusted in terms that it came from the anticipated source and the data wasn’t altered in transit. While DNP3 does have mechanisms such as, source and destination addresses and sequence numbers, these aren’t security mechanisms and can be easily circumvented with the skill sets of today’s potential adversaries.
While this might not have been a major concern with traditional serial based deployments, it’s becoming a major concern as these applications are being migrated to modern IP based communication networks due to their potential increased exposure to unauthorized access. DNP3 Secure Authentication now provides the additional layer of security needed by utilities to address this challenge by providing a mechanism to validate that the message came from the authorized sender and has not been altered in transit as it moves across the utility’s communications network.