Zebra—State-based Security Policies for Electric Power SCADA Systems

ATC-NY and Bigwood Systems, Inc. designed Zebra, an innovative access control system for electric power SCADA systems. SCADA systems are used to gather information about the state of the power grid, and to send commands out to actuators on the grid (e.g. breakers). A successful cyber-attack against the control center would give the attacker access to the SCADA network. The attacker could then send malicious commands to the grid, with the aim of causing outages and equipment damage. Zebra will ensure that all commands leaving the SCADA control center adhere to the access control (security) policy for that network. Our key innovation is to make access control depend, in part, on the dynamic (electrical) state of the power grid. This enables stronger, more restrictive security policies without interfering with legitimate activities in the SCADA control center.