Open and secure SCADA with DNP3

The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems.


The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems. But while the threat of terrorist attacks has increased, so has the need for DNP3. But DNP3 was never designed with security in mind.

Since it is an open design, anyone familiar with the protocol could launch an attack on a SCADA system. This is especially true when the protocol is used over radio networks where packets can be intercepted with a scanner. So how do you keep a SCADA network open and yet secure from cyber attacks? The DNP3 community has recognized the need for secure SCADA communications and has developed a security model for the protocol. Its goal is to provide:

  • Authentication and message integrity;

  • Low overhead;

  • Support for remote key management built into DNP3 at the application layer; and

  • Compatibility with all DNP3-supported communications links.

The secure DNP3 protocol specification is currently being finalized, and is expected to be submitted to the DNP3 Users Group for review in 2008, where it is expected to be approved and released shortly thereafter.

A common perception is that proprietary protocols are inherently secure because their design is not open. Unfortunately this assumes the protocol is not easily reverse engineered. Because security measures that may exist in proprietary protocols cannot be independently verified for their robustness, assuming a proprietary protocol is secure to the level required is a leap of faith.

DNP3 security is implemented within the protocol itself, and proven industry-standard authentication methodologies are employed that can be investigated and verified independently.

Specific risks addressed

Secure DNP3 is designed to eliminate the risk of messages being either falsified, or intercepted and repeated by a third party. Both scenarios could result in extensive damage to equipment and disruption of services if carried out correctly.

According to the draft specification (DNP3 Specification, Volume 2, Supplement 1, Secure Authentication. Version 1.00, 3rd February 2007), security threats addressed by the protocol include: spoofing, modification, replay, eavesdropping (on exchanges of cryptographic keys only, not on other data), and non-repudiation (to the extent of identifying individual users of the system.)

Secure DNP3 protects against these threats by providing both authentication and message integrity. It does not encrypt the messages, but does use key encryption to keep session keys secure.

Secure DNP3 uses a “challenge-response” method to verify the message is originating from a valid source. The implementation is based on the proven Challenge-Handshake Authentication Protocol (RFC 1994). Either side of the link can initiate an authentication challenge. This can be at initialization, periodically, or when a critical function is received.

An authentication response is then sent. The authentication challenge contains some pseudo-random data, a sequence number and the required algorithm. The response contains a hash value generated from the challenge data and the key. The sequence number is also returned. If the authentication response is valid, then the challenger will respond to the original DNP3 message with a standard protocol response.

SCADA, Automation & Controls Security, Networks & Communication

Secure DNP3 uses a "challenge response" method to verify the message is originating from a valid source.

Aggressive mode method

The challenge-response method adds to the required communications bandwidth. If bandwidth is at a premium, a simpler authentication method can be used instead. “Aggressive mode” reduces the required bandwidth by eliminating the normal challenge and response messages. The authentication data can also be included at the end of the DNP message. This mode is slightly less secure.

When it comes to key management, secure DNP3 uses a minimum of 128-bit AES encryption to keep keys secure. There are two types of keys: temporary session keys and update keys. Session keys are initialized at start-up and then changed regularly, approximately every 10 minutes. Update keys are used to encrypt the session keys. These are pre-shared at either end of the link so they never need to be transmitted.

The addition of security measures to the DNP3 protocol is important for SCADA communications networks operating over easily intercepted mediums such as radio. Threats such as message interception and repeating are effectively handled by implementing secure authentication within the application layer of the protocol itself. Although the final standard is not expected until later this year, implementations of secure DNP3 are already becoming available. Using it allows an organization to benefit from an open, accepted protocol today.


Terminal blocks: Resources, application advice, products

Learning resources, application advice and terminal block product information follows.

Videos and more details from Phoenix Contact

Phoenix Contacts offers:

Videos Clipline interconnection technologies.

More on Clipline terminal blocks.

More on SPTA, a compact, low profile, angled terminal block that provides space-saving connections for up to 10 A.


A Rockwell Automation video shows time saving connection technologies.


Wago offers:

E-learning on the Wago Cage Clamp Spring Pressure Connection Technology.

Power Cage Clamp (PPC) system overview, variants, and more information.


Author Information

Paul Gibson is R&D manager for MultiTrode, maker of pump station management products. MultiTrode has recognized the importance of secure communications in the water and wastewater industry and has embarked on a development project to introduce the new DNP3 security measures into its MultiSmart Pump Station Manager product. This new feature will be available in the next product release.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
A cool solution: Collaboration, chemistry leads to foundry coat product development; See the 2015 Product of the Year Finalists
Raising the standard: What's new with NFPA 70E; A global view of manufacturing; Maintenance data; Fit bearings properly
Sister act: Building on their father's legacy, a new generation moves Bales Metal Surface Solutions forward; Meet the 2015 Engineering Leaders Under 40
Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Upgrading secondary control systems; Keeping enclosures conditioned; Diagnostics increase equipment uptime; Mechatronics simplifies machine design
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Building high availability into industrial computers; Of key metrics and myth busting; The truth about five common VFD myths

Annual Salary Survey

After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.

The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.

Read more: 2014 Salary Survey: Confidence rises amid the challenges

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.