Open and secure SCADA with DNP3

The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems.


The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems. But while the threat of terrorist attacks has increased, so has the need for DNP3. But DNP3 was never designed with security in mind.

Since it is an open design, anyone familiar with the protocol could launch an attack on a SCADA system. This is especially true when the protocol is used over radio networks where packets can be intercepted with a scanner. So how do you keep a SCADA network open and yet secure from cyber attacks? The DNP3 community has recognized the need for secure SCADA communications and has developed a security model for the protocol. Its goal is to provide:

  • Authentication and message integrity;

  • Low overhead;

  • Support for remote key management built into DNP3 at the application layer; and

  • Compatibility with all DNP3-supported communications links.

The secure DNP3 protocol specification is currently being finalized, and is expected to be submitted to the DNP3 Users Group for review in 2008, where it is expected to be approved and released shortly thereafter.

A common perception is that proprietary protocols are inherently secure because their design is not open. Unfortunately this assumes the protocol is not easily reverse engineered. Because security measures that may exist in proprietary protocols cannot be independently verified for their robustness, assuming a proprietary protocol is secure to the level required is a leap of faith.

DNP3 security is implemented within the protocol itself, and proven industry-standard authentication methodologies are employed that can be investigated and verified independently.

Specific risks addressed

Secure DNP3 is designed to eliminate the risk of messages being either falsified, or intercepted and repeated by a third party. Both scenarios could result in extensive damage to equipment and disruption of services if carried out correctly.

According to the draft specification (DNP3 Specification, Volume 2, Supplement 1, Secure Authentication. Version 1.00, 3rd February 2007), security threats addressed by the protocol include: spoofing, modification, replay, eavesdropping (on exchanges of cryptographic keys only, not on other data), and non-repudiation (to the extent of identifying individual users of the system.)

Secure DNP3 protects against these threats by providing both authentication and message integrity. It does not encrypt the messages, but does use key encryption to keep session keys secure.

Secure DNP3 uses a “challenge-response” method to verify the message is originating from a valid source. The implementation is based on the proven Challenge-Handshake Authentication Protocol (RFC 1994). Either side of the link can initiate an authentication challenge. This can be at initialization, periodically, or when a critical function is received.

An authentication response is then sent. The authentication challenge contains some pseudo-random data, a sequence number and the required algorithm. The response contains a hash value generated from the challenge data and the key. The sequence number is also returned. If the authentication response is valid, then the challenger will respond to the original DNP3 message with a standard protocol response.

SCADA, Automation & Controls Security, Networks & Communication

Secure DNP3 uses a "challenge response" method to verify the message is originating from a valid source.

Aggressive mode method

The challenge-response method adds to the required communications bandwidth. If bandwidth is at a premium, a simpler authentication method can be used instead. “Aggressive mode” reduces the required bandwidth by eliminating the normal challenge and response messages. The authentication data can also be included at the end of the DNP message. This mode is slightly less secure.

When it comes to key management, secure DNP3 uses a minimum of 128-bit AES encryption to keep keys secure. There are two types of keys: temporary session keys and update keys. Session keys are initialized at start-up and then changed regularly, approximately every 10 minutes. Update keys are used to encrypt the session keys. These are pre-shared at either end of the link so they never need to be transmitted.

The addition of security measures to the DNP3 protocol is important for SCADA communications networks operating over easily intercepted mediums such as radio. Threats such as message interception and repeating are effectively handled by implementing secure authentication within the application layer of the protocol itself. Although the final standard is not expected until later this year, implementations of secure DNP3 are already becoming available. Using it allows an organization to benefit from an open, accepted protocol today.


Terminal blocks: Resources, application advice, products

Learning resources, application advice and terminal block product information follows.

Videos and more details from Phoenix Contact

Phoenix Contacts offers:

Videos Clipline interconnection technologies.

More on Clipline terminal blocks.

More on SPTA, a compact, low profile, angled terminal block that provides space-saving connections for up to 10 A.


A Rockwell Automation video shows time saving connection technologies.


Wago offers:

E-learning on the Wago Cage Clamp Spring Pressure Connection Technology.

Power Cage Clamp (PPC) system overview, variants, and more information.


Author Information

Paul Gibson is R&D manager for MultiTrode, maker of pump station management products. MultiTrode has recognized the importance of secure communications in the water and wastewater industry and has embarked on a development project to introduce the new DNP3 security measures into its MultiSmart Pump Station Manager product. This new feature will be available in the next product release.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Leaders Under 40 program features outstanding young people who are making a difference in manufacturing. View the 2013 Leaders here.
The new control room: It's got all the bells and whistles - and alarms, too; Remote maintenance; Specifying VFDs
2014 forecast issue: To serve and to manufacture - Veterans will bring skill and discipline to the plant floor if we can find a way to get them there.
2013 Top Plant: Lincoln Electric Company, Cleveland, Ohio
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Bring focus to PLC programming: 5 things to avoid in putting your system together; Managing the DCS upgrade; PLM upgrade: a step-by-step approach
Balancing the bagging triangle; PID tuning improves process efficiency; Standardizing control room HMIs
Commissioning electrical systems in mission critical facilities; Anticipating the Smart Grid; Mitigating arc flash hazards in medium-voltage switchgear; Comparing generator sizing software

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.