Spire: Intrusion-Tolerant SCADA for the Power Grid

Overview

Spire is an intrusion-tolerant SCADA system for the power grid. Spire is designed to withstand attacks and compromises at both the system level and the network level, while meeting the timeliness requirements of power grid monitoring and control systems (on the order of 100-200ms update latency).

The Spire 1.0 system includes a SCADA Master and PLC/RTU proxy designed from scratch to support intrusion tolerance, as well as two example HMIs based on pvbrowser. The SCADA Master is replicated using the Prime intrusion-tolerant replication engine. Communication between Spire components is protected using the Spines intrusion-tolerant network. The Spire PLC/RTU proxy can interact with any devices that use the Modbus or DNP3 communication protocols over IP. We use OpenPLC to emulate PLCs that can be monitored and controlled by the system.

The Spire 1.0 release consists of the version of the Spire code that successfully withstood a red-team attack conducted by Sandia National Laboratories in an exercise at Pacific Northwest National Laboratory (PNNL) from March 27 to April 7, 2017. During the red-team experiment, the DSN lab and Spread Concepts LLC deployed Spire to run a portion of a power grid as part of a DoD ESTCP project led by Resurgo LLC. This version of the code was deployed using Prime 3.0 and Spines 5.2.

Spire 1.0 includes support for two example SCADA systems, which are referred to as the "jhu" and "pnnl" systems in the code. The "pnnl" system is the exact system that was used in the red-team exercise, where it monitored and controlled a real PLC provided by PNNL. The "jhu" system is an example system we created to represent a power distribution system with 10 substations, each monitored and controlled by a different PLC or RTU. The SCADA Master of Spire 1.0 can support both systems simultaneously; we provide a separate HMI for each system. We also provide emulated PLCs for both systems that run on Linux and were created using OpenPLC.

Spire was created by Yair Amir, Trevor Aron, Amy Babay, and Thomas Tantillo. It is currently developed by the Distributed Systems and Networks Lab at Johns Hopkins University.

Detailed instructions on configuring and running Spire can be found here. A poster describing Spire was presented by Trevor Aron at the Johns Hopkins Day of Undergraduate Research in Engineering, the Arts and Humanities, Medicine, and the Sciences (DREAMS).

Spire in action
The Spire system in action. Each of the four computers on the left runs a SCADA Master replica, a Prime daemon, and two Spines daemons. The monitor shows the two HMIs. One switch connects the replicas to the HMI and a PLC proxy (not shown), while the other is exculsively for communication among the four replicas.

Funding

Partial funding for Spire was provided by the Defense Advanced Research Projects Agency (DARPA), as part of our project Toward Intrusion Tolerant Clouds under the Mission-Oriented Resilient Clouds (MRC) program, and by the Department of Defense (DoD) as part of the Environmental Security Technology Certification Program (ESTCP) in the Energy and Water project led by Resurgo LLC. Spire is not necessarily endorsed by DARPA or the DoD.

Software

Version 1.0 of Spire is available for download. Please contact us if you are interested in learning more about Spire.

Releases

  • Version 1.0 - May 17, 2017

License

Spire may be freely used and distributed under some conditions. Please review the license agreement for more details.

Distributed Systems and Networks Lab
Computer Science Department, Johns Hopkins University
207 Malone Hall
3400 North Charles Street
Baltimore, MD 21218
TEL: (410) 516-5562