A Linux-based firewall for the DNP3 protocol

Firewall solutions, specifically designed for smart power grids and other industrial control systems, are quite limited, with only a few commercial offerings. This paper presents a novel methodology that extends existing Linux-based firewalls for use in systems that use DNP3 protocol for industrial control. The proposed solution uses the u32 byte-matching feature of the iptables firewall, a firewall solution available in most Linux distributions. To demonstrate the approach, filtering rules for common attacks on the DNP3 protocol were developed. DNP3 is an industrial control protocol typically used in the electric power sector. The main goal of our work is to leverage an openly available and robust firewall solution for use in protecting the U.S. smart grid. The prototype was tested on a scaled-down electric power substation which runs the DNP3 protocol for communication between the field devices and the SCADA master.