SPADE

About Product

C-DAC's COPS SPADE (SCADA Protocol Anomaly Detector) is a passive security monitoring solution targeting at the security of remote terminal units (RTU). SPADE actively detects anomalous communication (between RTU and master) and works on deep packet inspection (DPI) and deep content inspection (DCI) based analytics engine. Analytics engine is based on white-listed rules and modeled specifically for IEC-60870-5-104 based SCADA systems. Along with the white-listed rule sets, the solution includes field (sensor/actuator values) data correlation with network data. SPADE can detect known and unknown zero-day attacks on the SCADA systems effectively.

Features

• Plug-in solution without affecting architecture of the existing system
• Does not interfere with operation of the existing system
• Attached in parallel to RTUs in the same network
• Can capture zero day attack scenarios
• Single dash board (SCADA Vision) at control centre to monitor status of all RTUs
• Operate in promiscuous mode
• Failure of this solution does not affect the real time operations
• Can be deployed whether RTUs are modern / legacy/ proprietary
• Monitor all communication between RTU and master, detect and report any abnormalities/ attacks at RTU
• SMU analyzes exchanged messages and commands initiated from master to perform integrity checks, detect any suspicious events.
• Detect attacks on RTU such as DoS, malfunctioning of RTU/master, brute-force attacks, zero day attacks.