Open and secure SCADA with DNP3

The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems.


The DNP3 protocol has become widely accepted within water and electrical utilities worldwide for SCADA communications with field equipment. One of the reasons for its acceptance is because it is an open protocol. This allows manufacturers to supply equipment to utilities which can be easily integrated into their SCADA systems. But while the threat of terrorist attacks has increased, so has the need for DNP3. But DNP3 was never designed with security in mind.

Since it is an open design, anyone familiar with the protocol could launch an attack on a SCADA system. This is especially true when the protocol is used over radio networks where packets can be intercepted with a scanner. So how do you keep a SCADA network open and yet secure from cyber attacks? The DNP3 community has recognized the need for secure SCADA communications and has developed a security model for the protocol. Its goal is to provide:

  • Authentication and message integrity;

  • Low overhead;

  • Support for remote key management built into DNP3 at the application layer; and

  • Compatibility with all DNP3-supported communications links.

The secure DNP3 protocol specification is currently being finalized, and is expected to be submitted to the DNP3 Users Group for review in 2008, where it is expected to be approved and released shortly thereafter.

A common perception is that proprietary protocols are inherently secure because their design is not open. Unfortunately this assumes the protocol is not easily reverse engineered. Because security measures that may exist in proprietary protocols cannot be independently verified for their robustness, assuming a proprietary protocol is secure to the level required is a leap of faith.

DNP3 security is implemented within the protocol itself, and proven industry-standard authentication methodologies are employed that can be investigated and verified independently.

Specific risks addressed

Secure DNP3 is designed to eliminate the risk of messages being either falsified, or intercepted and repeated by a third party. Both scenarios could result in extensive damage to equipment and disruption of services if carried out correctly.

According to the draft specification (DNP3 Specification, Volume 2, Supplement 1, Secure Authentication. Version 1.00, 3rd February 2007), security threats addressed by the protocol include: spoofing, modification, replay, eavesdropping (on exchanges of cryptographic keys only, not on other data), and non-repudiation (to the extent of identifying individual users of the system.)

Secure DNP3 protects against these threats by providing both authentication and message integrity. It does not encrypt the messages, but does use key encryption to keep session keys secure.

Secure DNP3 uses a “challenge-response” method to verify the message is originating from a valid source. The implementation is based on the proven Challenge-Handshake Authentication Protocol (RFC 1994). Either side of the link can initiate an authentication challenge. This can be at initialization, periodically, or when a critical function is received.

An authentication response is then sent. The authentication challenge contains some pseudo-random data, a sequence number and the required algorithm. The response contains a hash value generated from the challenge data and the key. The sequence number is also returned. If the authentication response is valid, then the challenger will respond to the original DNP3 message with a standard protocol response.

SCADA, Automation & Controls Security, Networks & Communication

Secure DNP3 uses a "challenge response" method to verify the message is originating from a valid source.

Aggressive mode method

The challenge-response method adds to the required communications bandwidth. If bandwidth is at a premium, a simpler authentication method can be used instead. “Aggressive mode” reduces the required bandwidth by eliminating the normal challenge and response messages. The authentication data can also be included at the end of the DNP message. This mode is slightly less secure.

When it comes to key management, secure DNP3 uses a minimum of 128-bit AES encryption to keep keys secure. There are two types of keys: temporary session keys and update keys. Session keys are initialized at start-up and then changed regularly, approximately every 10 minutes. Update keys are used to encrypt the session keys. These are pre-shared at either end of the link so they never need to be transmitted.

The addition of security measures to the DNP3 protocol is important for SCADA communications networks operating over easily intercepted mediums such as radio. Threats such as message interception and repeating are effectively handled by implementing secure authentication within the application layer of the protocol itself. Although the final standard is not expected until later this year, implementations of secure DNP3 are already becoming available. Using it allows an organization to benefit from an open, accepted protocol today.


Terminal blocks: Resources, application advice, products

Learning resources, application advice and terminal block product information follows.

Videos and more details from Phoenix Contact

Phoenix Contacts offers:

Videos Clipline interconnection technologies.

More on Clipline terminal blocks.

More on SPTA, a compact, low profile, angled terminal block that provides space-saving connections for up to 10 A.


A Rockwell Automation video shows time saving connection technologies.


Wago offers:

E-learning on the Wago Cage Clamp Spring Pressure Connection Technology.

Power Cage Clamp (PPC) system overview, variants, and more information.


Author Information

Paul Gibson is R&D manager for MultiTrode, maker of pump station management products. MultiTrode has recognized the importance of secure communications in the water and wastewater industry and has embarked on a development project to introduce the new DNP3 security measures into its MultiSmart Pump Station Manager product. This new feature will be available in the next product release.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Integrated mobility; Artificial intelligence; Predictive motion control; Sensors and control system inputs; Asset Management; Cybersecurity
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me