DNP3 Security

Although the DNP3 protocol was designed to be very reliable, it was not designed to be secure from attacks by hackers and other malevolent forces that could potentially wish to disrupt control systems to disable critical infrastructure.

This was a major oversight. Because smart grid applications generally assume access by third parties to the same physical networks and underlying IP infrastructure of the grid, much work has been done to add Secure Authentication features to the DNP3 protocol.

The DNP3 protocol is now compliant with IEC 62351-5. Some vendors, such as Itron, implement elliptic curve cryptography which the US NSA considers sufficient to protect information as “top secret” with only 384 bits.

Implementation of ECC over DNP3 is not very widespread yet. The DNP3 protocol is also referenced in IEEE Std. IEEE 1379-2000, which recommends a set of best practices for implementing modern SCADA Master-RTU/IED communication links.

These include not just encryption but other practices that enhance security against well known intrusion methods.

1 Like