Security assessment framework for cyber physical systems: A case-study of DNP3 protocol

Industrial control system (ICS) is a critical component in realizing Cyber physical system (CPS). ICS designed with traditional SCADA platforms have a small percentage or no native security, since they were never designed to be operated remotely and over the Internet. Security of these critical systems relies heavily on communication protocols. DNP3 is one of the most widely used protocols by SCADA system to communicate between the master and slave station. IEEE 1815-2012 is the current standard for DNP3 having goal to provide cyber security based on IEC/TS 62351-15. This paper investigates the buoyancy of DNP3 towards attacks as passive Network reconnaissance, Base line response replay, Rogue interloper, Event buffer flooding and TCP veto. Paper concludes by comments on new set of Improper input validation vulnerability.