PNNL

Abstract

Convergence of control system and IT networks require that security, privacy, and trust be addressed. Trust management continues to plague traditional IT managers and is even more complex when extended into control system networks, with potentially millions of entities, a mission that requires 100% availability. Yet these very networks necessitate a trusted secure environment where controllers and managers can be assured that the systems are secure and functioning properly. We propose a hybrid authentication management protocol that addresses the unique issues inherent within control system networks, while leveraging the considerable research and momentum in existing IT authentication schemes. Our hybrid authentication protocol for control systems provides end device to end device authentication within a remote station and between remote stations and control centers. Additionally, the hybrid protocol is failsafe and will not interrupt communication or control of vital systems in a network partition or device failure. Finally, the hybrid protocol is resilient to transitory link loss and can operate in an island mode until connectivity is reestablished.