I3P
From SCADApedia
The Institute for Information Infrastructure Protection (I3P) is a consortium primarily of academic institutions but also includes non-profits and National Laboratories. One of I3P's first and continuing research projects is based on control systems.
Contents |
Control System Research Phase I
In March 2005, I3P received $8.5 million from the Department of Homeland Security (DHS) for a two year SCADA security project. Phase I had six different goals:
- Assess dependence on SCADA and its security
- Account for the type and magnitude of SCADA interdependencies
- Develop metrics for the assessment and management of SCADA security
- Develop inherently secure SCADA systems
- Develop cross domain solutions for information sharing
- Transfer technology of these solutions into industry
The project involved ten institutions with each institution typically creating their own research project to address one of the six goals.
- Sandia National Lab
- University of Illinois
- MIT Lincoln Laboratory
- MITRE Corporation,
- New York University
- Pacific Northwest National Laboratory
- SRI International
- University of Tulsa
- University of Virginia
- Dartmouth College.
Control System Phase I Results
While $8.5 million is a lot of money, split ten ways, working on six different goals, and on a new area of technology for many of the researchers required substantial learning curve and coordination costs. Nevertheless at the end of Phase I there were a number of projects that had papers, presentations and tools that resulted from the Phase I funds.
Some of the more prominent projects include:
- MIT Lincoln Lab's Deadbolt Source Code Checking Tool
- PNL's Security-Hardened Attack Resistant Platform (SHARP)
- Sandia's Anonymous, Authenticated Communication Protocol for Information Sharing
- SRI's EMERALD IDS Appliance and Event Correlation for control systems
- University of Tulsa's Modbus TCP Active Scanner and Modbus TCP Passive Scanner
Most of the tools are not generally available for free or for a price. Some of the participating institutions are attempting to license the technology to private sector companies.
Control System Research Phase II
In April 2007, I3P received another $8.7 million from DHS. A significant portion of this funding will be used for projects under the Survivability and Recovery of Process Control Systems. Five of the Phase I projects have received continued funding including:
- Access Policy Tool
- DEADBOLT
- RiskMAP
- Security Services Suite (SecSS)
- Security-Hardened Attack Resistant Platform (SHARP)
