Use of traffic engineering techniques to increase resilience of SCADA networks

In this paper we present the approach we have taken in the INSPIRE (INcreasing Security and Protection through Infrastructure REsilience) project to increase the protection of Critical Infrastructures (CIs). The core idea of the INSPIRE project is to protect Critical Infrastructures by making the underlying communication network more secure and resilient. In order to do so, we devised a routing mechanism that allows the communication infrastructure interconnecting SCADA (Supervisory Control And Data Acquisition) systems, the key building blocks of CIs, to be resilient to both node failures and attacks. The approach is to split the packets of a SCADA traffic flow on two node-disjoint paths by exploiting the capabilities of the Multi-Protocol Label Switching communication paradigm. The security of the SCADA traffic is improved since the proposed approach allows for a fast re-route of the flows traversing a node under attack, thus preserving the confidentiality of the transmitted information.