scholarly journals Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

2018 ◽  
Vol 7 (2.14) ◽  
pp. 153 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Maslina Daud ◽  
Norhamadi Ja'affar ◽  
Salman Yussof ◽  
...  
Keyword(s):  
Control System ◽  
Power System ◽  
Control Systems ◽  
Industrial Control ◽  
Power Utility ◽  
Industrial Control Systems ◽  
Injection Attacks ◽  
Scada System ◽  
Control Command ◽  
Catastrophic Impact

IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.  

Building a Cybersecurity Culture in the Industrial Control System Environment

2019 ◽  
Vol 8 (1) ◽  
pp. 39-44
Author(s):  
Claudia ARAUJO MACEDO ◽  
Jos MENTING
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Industrial Control System ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
System A ◽  
Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

scholarly journals Specification of the Current State Vulnerabilities Related to Industrial Control Systems

2015 ◽  
Vol 11 (5) ◽  
pp. 64
Author(s):  
Jan Vávra ◽  
Martin Hromada ◽  
Roman Jašek
Keyword(s):  
Control System ◽  
Control Systems ◽  
Fundamental Question ◽  
Industrial Control System ◽  
Security Risk ◽  
Considerable Effort ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Current State ◽  
True Distribution

The contemporary trend of increasing connectivity, interoperability and efficiency of technologies, which are used in organizations, also affected Industrial Control System (further only ICS). The recently isolated system is becoming more dependent on interconnection with external technologies. This leads to a formation of new vulnerabilities, which are significant threats to ICS. For this reason, it is necessary to devote considerable effort to analyze vulnerabilities. Neglecting of this area could lead to damage or unavailability of ICS services. The purpose of the article is to evaluate vulnerabilities related to individual elements of ICS. The fundamental question of the article is to find a true distribution of security risk related to ICS.

scholarly journals Analysis of Cyber Threats in the Connection Section of the Control System and Countermeasures Required

2021 ◽  
Vol 12 (6) ◽  
pp. 412-417
Author(s):  
Yangha Chun
Keyword(s):  
Control System ◽  
Control Systems ◽  
Real Life ◽  
Information Storage ◽  
Control Network ◽  
Security Measures ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Cyber Threats ◽  
Cyber Threat

In the past, the general practice for the control system network that manages and controls industrial facilities such as electric power, gas, oil, water, chemicals, automobiles, etc. was to install and operate this as an independent system, but over time the practice has gradually shifted toward the use of an open and standardized system. Until recently, most industrial control systems consisted of an independent network, and the possibility of cyber threat infringement was very low. As information storage media such as laptops or USB are connected to the control system for maintenance or management purposes, the possibility of cyber infringement is increasing. When the use of the control system's operational information increases due to beingVinked with the internal business system network or the Internet, countermeasures against external cyber threats must be provided.This paper analyzes and organizes the cyber threat factors that exist in the linking section connected to the industrial control system and other networks, examining domestic and foreign incidents of hacking of control systems to identify the vulnerabilities and security measures for each scenario in the control system network linkage section. Through this analysis, a method is suggested for establishing a control network that secures both availability and security, which are important in the control system, as well as the safe relay system in the configuration of the linkage between the control network and the business network, while addressing the vulnerabilities in the structure due to long-term use of the control system.This study analyzes cyber threat factors and real-life examples of infringements with the aim of providing approaches that will ensure industrial control systems can be operated safely and the risk of cyber hacking threats that occur in connection with other networks can be managed, and suggesting cyber security measures for the control system connection sections.

scholarly journals Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector

Energies ◽  
2021 ◽  
Vol 15 (1) ◽  
pp. 218
Author(s):  
Mohammed Alghassab
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Energy Sector ◽  
Industrial Control System ◽  
Monitoring And Control ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Monitoring And Control Systems ◽  
And Control

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.

Information Security Evaluation of the Key Equipment in Industrial Control Systems

2013 ◽  
Vol 336-338 ◽  
pp. 1640-1644
Author(s):  
Zhi Gang Zhang ◽  
Zhuo Lv ◽  
Shuang Xia Niu
Keyword(s):  
Control System ◽  
Information Security ◽  
Control Systems ◽  
Research Program ◽  
System Level ◽  
Security Evaluation ◽  
Industrial Control System ◽  
Industrial Control ◽  
Security Risks ◽  
Industrial Control Systems

This paper analyzes the information security risks faced by the industrial control systems, Propose the Information Security Evaluation on industrial control system based on the level protection assessment technology, The development of industrial control system from the device level , field-level and system-level three levels of information security evaluation, propose the next step in the research program.

Cyber-Security for ICS/SCADA

2020 ◽  
pp. 613-630
Author(s):  
Barend Pretorius ◽  
Brett van Niekerk
Keyword(s):  
South Africa ◽  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Physical Damage ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Nation States ◽  
National Infrastructure

Industrial control systems (ICS) or supervisory, control, and data acquisition (SCADA) systems drive many key components of the national infrastructure. It makes these control systems targets for cyber-attacks by terrorists and nation-states who wish to damage their target economically and socially, and cyber-criminals who blackmail the companies operating the infrastructure. Despite the high risk of leaving these systems exposed, providing adequate cyber-security is often challenging. The Stuxnet worm illustrated how vulnerable control systems potentially are when it bypassed a number of security mechanisms to cause physical damage to an Iranian nuclear facility. The article focuses on ICS/SCADA in South Africa discussing the unique challenges and legislation relate to securing control system in the South Africa. A governance and security framework for overcoming these challenges are proposed.

Sign in / Sign up

Export Citation Format

Share Document