SCADA World: An Exploration of the Diversity in Power Grid Networks

Despite a growing interest in understanding the industrial control networks that monitor and control our critical infrastructures (such as the power grid), to date, SCADA networks have been analyzed in isolation from each other. They have been treated as monolithic networks without taking into consideration their differences. In this paper, we analyze real-world data from different parts of a power grid (generation, transmission, distribution, and end-consumer) and show that these industrial networks exhibit a variety of unique behaviors and configurations that have not been documented before. To the best of our knowledge, our study is the first to tackle the analysis of power grid networks at this level. Our results help us dispel several misconceptions proposed by previous work, and we also provide new insights into the differences and types of SCADA networks.


INTRODUCTION
Previous studies on SCADA networks in power grids have predominantly focused on isolated parts of these systems, using simulated data or limited real-world datasets.This approach has often resulted in a monolithic view of SCADA networks, ignoring the differences that exist between different parts of the grid and across various industrial protocols.Our study leverages real-world operational data from a broad array of SCADA networks.This data spans various sections of the grid (generation, transmission, distribution, and Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.Copyrights for third-party components of this work must be honored.For all other uses, contact the owner/author(s).SIGMETRICS/PERFORMANCE Abstracts '24, June 10-14, 2024, Venice, Italy © 2024 Copyright held by the owner/author(s).ACM ISBN 979-8-4007-0624-0/24/06 https://doi.org/10.1145/3652963.3655078end-consumer) and includes five industrial protocols, making it the first study of its kind to analyze a comprehensive set of real-world power grid data.

METHODOLOGY
Leveraging comprehensive real-world data from multiple power grid segments, we conducted a detailed analysis to uncover behaviors and configurations within these networks.We analyzed our dataset set by examining the networks based on 2 aspects.First, a flow-base analysis.Then a Content-based analysis.All of these following five research questions.
RQ1: What are the topologies of these networks?RQ2: How do these networks differ in their communication patterns?RQ3: Are the traffic patterns within a network different, and if so, how?RQ4: What type of information is handled by these protocols?RQ5: How much monitoring vs. control is done in these networks, and what types of control commands are sent?
Fig. 1 illustrates how our research questions create a general framework for analyzing SCADA networks.First, we wanted to exam the network topology of each network.Are they different?If so, what make them different?After that, we look at the flow of the packet.High level attributes such as Packet sizes and Inter-Arrival time and compare them between networks.How these networks compare each other in this attributes?Is there any similarities and/or differences?Then, we zoom in inside each network and compare the traffic between devices in a network.How the traffic packet compare between devices?Next, we zoon in again and exam their packet content, the payload.What type of information is handled by these protocol?Finally, we wanted to quantify how much of the traffic is used for monitoring and how much is used for control in each network.
In summary, We based our analysis in five research question that goes from the topology characteristic to the payload content.

DATA ANALYSIS AND FINDINGS
Our analysis reveals significant diversity in the design, operation, and usage of SCADA networks within the power grid.Contrary to common assumptions in existing literature, we identify multiple unique network behaviors and configurations that challenge the prevailing understanding of these systems.For instance, we observed varying traffic patterns, protocol uses, and network responses across different segments of the grid, highlighting the specialized needs and operational strategies of different grid areas.Furthermore, the results challenged several misconceptions about SCADA networks, particularly the notion that they are homogeneous with fixed topologies and periodic traffic.The real-world data showed that these networks are highly heterogeneous, with differences that are important for their management.
Key contributions of our research include the development of a taxonomy of network behaviors, the identification of specific network configurations across different grid areas, and the dispelling of several misconceptions about SCADA network operations.Our findings underscore the complexity of SCADA networks and suggest that existing models and simulations may be inadequate for capturing the full breadth of behaviors and risks in real-world power grids.

IMPLICATIONS
The implications of our study are multiple.By dispelling common misconceptions about SCADA network uniformity and periodic traffic, we pave the way for a better understanding of these critical systems.Our work also suggests the need for customized strategies to address network measurement studies according to the specific requirements of different grid segments.Additionally, this study contributes to academic discourse by offering a new taxonomy of power grid networks, enriching the literature with insights derived from an real-world dataset that spans the most extensive and diverse SCADA networks studied to date.

CONCLUSION
Our study marks a significant step forward in understanding the complex and varied landscapes of power grid networks.By moving beyond the limitations of simulated environments and isolated datasets, this research paves the way for more robust network measurement based on real-world data.
It highlights the necessity for a segmented approach to studying and managing these networks, promoting a deeper understanding of their complexity that could enhance both operational efficiency and cybersecurity in the critical infrastructure domains.

FURTHER READING
For comprehensive details on the methodologies, data analysis, and findings of this research, please refer to the full paper [1].

Figure 1 :
Figure 1: Framework for our research questions.