Cybersecurity Testing with DTM

Related Products

Use Case

Security is critical in modern SCADA systems. Many different security capabilities are now built into the standard communication protocols used by SCADA devices. It is important to verify that secure communications are configured correctly at the system level.  Frequently, the first time all of the system components are deployed together is when the system is constructed. By simulating system components with DTM, configuration issues can be identified earlier to ensure security requirements will be satisfied in the final system.
Cybersecurity Use Case

DTM Capabilities Used

  • Simulate the communications of multiple devices in a substation or other power system
  • Coordinate simulation across network with real network equipment (routers, switches) to create realistic network test scenario
  • Generate messaging traffic with standard communication protocols found in SCADA systems 
  • Simulate both sides of SCADA system (Client/Server, Master/Outstation) with a single tool
  • Separate the simulated SCADA traffic from DTM test coordination traffic to create "clean" SCADA traffic on the network under test

Example:  DNP3 Key Management

This example shows a DNP3 system that leverages Secure Authentication and Transport Layer Security (TLS) for data encryption. In this system, all communications between the DNP3 Masters and Outstations run over TLS. In addition, DNP3 Secure Authentication is used to guarantee that only authorized users are able to access critical functions. An external DNP3 Authority manages users, roles, and keys for the entire system.

Test coverage in this example includes verification that session keys, update keys, and certificates are managed correctly by the Key Management Authority. In order to test a real DNP3 Master in this system, the simulated Master can be replaced with a real device.  Likewise, a real DNP3 Outstation device could be added to the simulated system.

The communications between the DTM Administrator and the simulated Masters and Oustations can be configured to be on a separate network. This allows the DNP3 traffic to be separate from the DTM test coordination messages.  This is useful for network monitoring tests where the SCADA network is being monitored by devices like a Intrusion Detection System.




Quick Links  Contact Us:
About Us

Triangle MicroWorks, Inc.
Sales: +1 919.870.5101
Support: +1 919.781.1931
Fax: +1 919.870.6692

Follow us on YouTube Follow us on Facebook Visit us on LinkedIn Follow us on Twitter

Copyright © 2013-2021 Triangle MicroWorks, Inc. All Rights Reserved