Responding to Attacks on Industrial Control Systems and SCADA Systems

This study analyses potential weaknesses of supervisory control and data acquisition (SCADA) systems and possible workarounds to safeguard the critical infrastructure. SCADA systems are the hardware and software that control and monitor infrastructure and industrial processes. In the world of energy, the industrial control systems monitoring the physical processes of machines are less tangible than the actual physical machines they control. One of the benefits of soft power is that it offers the ability to use coercive force and create confusion without using overt means. Disconnecting any unnecessary network connections and restricting personnel access to only essential programs will limit unwanted access to SCADA systems through backdoor networks. It has been recommended that the energy sector ought to implement back-up and defense-in-depth systems. The concept of a common computer language for SCADA has also been mentioned in the security community, but could come with challenges.

Download Full-text

Challenges in Securing Industrial Control Systems Using Future Internet Technologies

10.4018/978-1-6684-3698-1.ch026 ◽

2022 ◽

pp. 561-586

Author(s):

Mirjana D. Stojanović ◽

Slavica V. Boštjančič Rakas

Keyword(s):

Control Systems ◽

Fog Computing ◽

Future Internet ◽

Future Research ◽

Industrial Control ◽

Industrial Control Systems ◽

Internet Technologies ◽

Scada Systems ◽

Scada Networks ◽

And Migration

This chapter explores challenges in securing industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems using Future Internet technologies. These technologies include cloud computing, fog computing, Industrial internet of things (IIoT), etc. The need to design specific security solutions for ICS/SCADA networks is explained. A brief overview of cyber vulnerabilities and threats in industrial control networks, cloud, and IoT environments is presented. The security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud, challenges in securing such systems, and migration toward fog computing. Challenges in securing IIoT are addressed, including security risks and operational issues, key principles for securing IIoT, the functional security architecture, and the role of fog computing. Authors point out current standardization activities and trends in the area, and emphasize conclusions and future research directions.

Download Full-text

Risk Assessment For Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)

Journal of Artificial Intelligence and Soft Computing Research ◽

10.1515/jaiscr-2015-0029 ◽

2015 ◽

Vol 5 (3) ◽

pp. 205-220 ◽

Cited By ~ 12

Author(s):

Qian Chen ◽

Robert K. Abercrombie ◽

Frederick T. Sheldon

Keyword(s):

Risk Assessment ◽

Control Systems ◽

Durable Goods ◽

Security Risk ◽

Industrial Control ◽

Industrial Control Systems ◽

External Threats ◽

Scada Systems ◽

Food And Beverage ◽

Failure Cost

Abstract 1 Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet of Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure. Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). The metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).

Download Full-text

Detection and Blocking of Replay, False Command, and False Access Injection Commands in SCADA Systems with Modbus Protocol

Security and Communication Networks ◽

10.1155/2021/8887666 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Rajesh L ◽

Penke Satyanarayana

Keyword(s):

Control Systems ◽

Area Network ◽

Core Component ◽

Industrial Control ◽

Industrial Control Systems ◽

Modbus Protocol ◽

Replay Attacks ◽

Scada Systems ◽

Process Plants ◽

The Impact

Industrial control systems (ICS) are being used for surveillance and controlling numerous industrial process plants in national critical infrastructures. Supervisory control and data acquisition (SCADA) system is a core component in ICS systems for continuous monitoring and controlling these process plants. Legacy SCADA systems are working in isolated networks and using proprietary communication protocols which made them less exposed to cyber threats. In recent times, these ICS systems have been connected to Internet and corporate networks for data sharing and remote monitoring. They are also using open protocols and operating systems. This leads to vulnerabilities of the system to cyberattacks. Cybersecurity threats are more prevalent than ever in ICS systems. These attacks may be external or internal. Modbus is a widely deployed communication protocol for SCADA communications. There is no security in design of Modbus protocol, and it is vulnerable to numerous cyberattacks. In this paper, we worked for False Command Injection attack, False Access Injection attack, and replay attacks on Modbus protocol. Initially, a real-time SCADA testbed was set up, and we envisaged the impact of these attacks on Modbus protocol data using the testbed. In this work, we used local area network (LAN) environment only for simulating the attacks. We assumed that the attacks penetrated the LAN network. We proposed and developed (a) a method to detect replay attacks by incorporating time stamp and sequence number in Modbus communications and (b) a frame filtering module which will block unauthorized attacks like False Command Injection and False Access Injection attacks to reach programmable logic controller (PLC). Numbers of attacks were simulated and the performance of the method was measured using attack block rate (ABR). It blocked 97% of malicious Modbus transactions or attacks to reach the PLC. It protects SCADA systems from attackers, which is a core component of industrial control systems. The solution enhanced the security of SCADA systems with Modbus protocol.

Download Full-text

A framework for Cybersecurity of Supervisory Control and Data Acquisition (SCADA) Systems and Industrial Control Systems (ICS)

10.31274/etd-20200624-13 ◽

2020 ◽

Author(s):

Alaa Al Ghazo

Keyword(s):

Data Acquisition ◽

Control Systems ◽

Supervisory Control ◽

Industrial Control ◽

Industrial Control Systems ◽

Scada Systems

Download Full-text

Challenges in Securing Industrial Control Systems Using Future Internet Technologies

Cyber Security of Industrial Control Systems in the Future Internet Environment - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2910-2.ch001 ◽

2020 ◽

pp. 1-26

Author(s):

Mirjana D. Stojanović ◽

Slavica V. Boštjančič Rakas

Keyword(s):

Control Systems ◽

Fog Computing ◽

Future Internet ◽

Future Research ◽

Industrial Control ◽

Industrial Control Systems ◽

Internet Technologies ◽

Scada Systems ◽

Scada Networks ◽

And Migration

This chapter explores challenges in securing industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems using Future Internet technologies. These technologies include cloud computing, fog computing, Industrial internet of things (IIoT), etc. The need to design specific security solutions for ICS/SCADA networks is explained. A brief overview of cyber vulnerabilities and threats in industrial control networks, cloud, and IoT environments is presented. The security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud, challenges in securing such systems, and migration toward fog computing. Challenges in securing IIoT are addressed, including security risks and operational issues, key principles for securing IIoT, the functional security architecture, and the role of fog computing. Authors point out current standardization activities and trends in the area, and emphasize conclusions and future research directions.

Download Full-text

Investigation of risks for Critical Infrastructures due to the exposure of SCADA systems and industrial controls on the Internet based on the search engine Shodan

Electronic Imaging ◽

10.2352/issn.2470-1173.2020.3.mobmu-253 ◽

2020 ◽

Vol 2020 (3) ◽

pp. 253-1-253-16 ◽

Cited By ~ 1

Author(s):

Daniel Kant ◽

Reiner Creutzburg ◽

Andreas Johannsen

Keyword(s):

Control Systems ◽

Search Engine ◽

Common Good ◽

Cyber Attacks ◽

The Internet ◽

Critical Infrastructures ◽

Industrial Control ◽

Industrial Control Systems ◽

Industrial Plants ◽

Scada Systems

Industrial Control Systems occur in automation processes and process control procedures within Critical Infrastructures (CI) - these are institutions with important significance for the common good of the state and thus for the maintenance of a society. Failures or disturbances in industrial plants can have serious physical consequences, such as power outages or interruptions in production. Energy suppliers, in particular, are an attractive target for cyber attacks due to their interdependencies with other infrastructures. A large number of SCADA systems and Industrial Control Systems are directly connected to the Internet and inadequately secured from an information technology perspective, this represents a considerable risk for IT security and, consequently, for the availability of Critical Infrastructures. The Shodan search engine reveals a worrying extent of exposed industrial control equipment on the Internet. The collected information and metadata about Industrial Control Systems from this search are freely available online. They can serve as a basis for potential attacks. Without authentication mechanisms, anyone can connect to open ports using industrial and remote maintenance protocols. The resulting risks and consequences for the companies, operators as well as for the society due the exposure of industrial plants and Critical Infrastructures are examined based on the Shodan search engine within the scope of this work.

Download Full-text