| The rise in network-controlled devices in our nation's power grid presents a serious threat to national security, as their deployment is rarely accompanied by proper security considerations. Power stations routinely communicate with remote sensors over unsecured connections which expose them to significant risk of subversion by hostile entities.; To prevent such attacks, we must deploy intrusion detection systems (IDSs). Correlation of IDS alerts is also required to separate actual attacks from the noise all IDSs generate. Spatial correlation is also needed to detect some types of attacks (scanning, etc.).; This thesis describes a toolkit for protecting the Supervisory Control and Data Acquisition (SCADA) systems used to manage the grid. It combines a SCADA package, a network IDS, and an alert correlator to create a system capable of monitoring SCADA communications and detecting attacks on a SCADA network. It will serve future students by supporting further SCADA security research and teaching. |
