Our proposal is to develop SCADA Hawk: an integrated anti-tamper technology that uses a hardware-software combined methodology for the observational monitoring of existing systems with selective reaction capabilities. By enabling detailed monitoring capabilities our goal is to isolate anomalies in system behavior and take preventive measures. While profiling of normal behavior on traditional IT systems might be infeasible, the repetitive and predictable nature of SCADA system operation lends itself nicely to the technique. The monitoring will eventually be accomplished by the creation of various instrumentation modules whose job is to examine such items as network traffic, commands being delivered by the SCADA system, and so forth. We plan on utilizing two kinds of modular constructs
Keywords: Scada System Behavior Analysis, Scada Security, Run-Time Program Monitoring, Program Instrumentation, Scada Security Ontology
