Intrusion-Tolerant SCADA for the Power Grid

Tom Tantillo, Johns Hopkins University
Host: Yair Amir

Supervisory Control and Data Acquisition (SCADA) systems form the monitoring and control backbone of the power grid. It is critical to ensure that SCADA systems are continuously available and operating correctly at their expected level of performance. However, as key components of the power grid infrastructure, SCADA systems are likely to be targeted by nation-state-level attackers willing to invest considerable resources to disrupt the power grid.

We present the first intrusion-tolerant SCADA system that is resilient to both system-level compromises and sophisticated network-level attacks and compromises. While existing SCADA systems often deploy two control centers for fault tolerance, we show that two control centers, even if active at the same time, cannot provide the necessary resilience. We develop a novel architecture that distributes the SCADA system management across three or more active sites to ensure continuous availability in the presence of simultaneous intrusions and network attacks.

The system design is implemented in the Spire intrusion-tolerant SCADA system (, which is available as open source. Spire was recently tested in a red-team experiment, during which an experienced hacker team completely compromised a traditional SCADA system setup according to best practices, but was unable to impact Spire’s guarantees over several days of attack. In addition, a wide-area deployment of Spire, using two control centers and two data centers spanning 250 miles (similar to large U.S. power grids), delivered nearly 99.999% of all SCADA updates initiated over a 30-hour period within 100ms. These results demonstrate that Spire provides meaningful security advantages over traditional SCADA systems and that Spire can meet the latency requirements of SCADA for the power grid.

Speaker Biography

Tom Tantillo is a Ph.D. candidate advised by Yair Amir in the department of Computer Science and is a member of the Distributed Systems and Networks (DSN) lab. His research interests include intrusion-tolerant systems, overlay networks, and resilient critical infrastructure. Tom is a co-creator of several open-source software projects developed in the DSN lab, including the Spines overlay messaging framework, Prime intrusion-tolerant replication engine, and Spire intrusion-tolerant SCADA system. He received the JHU Computer Science Outstanding Teaching Award in 2013 for outstanding effort and skill in assisting with the teaching of courses. Tom received a B.S. degree in Computer Engineering from the Johns Hopkins University in 2010 and received an M.S.E degree in Computer Science from the Johns Hopkins University in 2013.