scholarly journals Improving Security for SCADA Control Systems

10.28945/3185 ◽  
2008 ◽  
Author(s):  
Mariana Hentea
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Global Economy ◽  
Critical Infrastructure ◽  
Well Being ◽  
Operating Conditions ◽  
Monitoring And Control ◽  
Business Systems ◽  
Continuous Growth ◽  
Scada Systems

The continuous growth of cyber security threats and attacks including the increasing sophistication of malware is impacting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. The reliable operation of modern infrastructures depends on computerized systems and SCADA systems. Since the emergence of Internet and World Wide Web technologies, these systems were integrated with business systems and became more exposed to cyber threats. There is a growing concern about the security and safety of the SCADA control systems. The Presidential Decision Directive 63 document established the framework to protect the critical infrastructure and the Presidential document of 2003, the National Strategy to Secure Cyberspace stated that securing SCADA systems is a national priority. The critical infrastructure includes telecommunication, transportation, energy, banking, finance, water supply, emergency services, government services, agriculture, and other fundamental systems and services that are critical to the security, economic prosperity, and social well-being of the public. The critical infrastructure is characterized by interdependencies (physical, cyber, geographic, and logical) and complexity (collections of interacting components). Therefore, information security management principles and processes need to be applied to SCADA systems without exception. Critical infrastructure disruptions can directly and indirectly affect other infrastructures, impact large geographic regions, and send ripples throughout the national and global economy. For example, under normal operating conditions, the electric power infrastructure requires fuels (natural gas and petroleum), transportation, water, banking and finance, telecommunication, and SCADA systems for monitoring and control.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Cyber Attacks on Critical Infrastructure

2015 ◽  
pp. 1-18 ◽  
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

scholarly journals Cyber Resilience Analysis of SCADA Systems in Nuclear Power Plants

2020 ◽  
Author(s):  
Meghan Galiardi ◽  
Amanda Gonzales ◽  
Jamie Thorpe ◽  
Eric Vugrin ◽  
Raymond Fasano ◽  
...  
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Nuclear Power Plants ◽  
Cyber Attacks ◽  
Use Case ◽  
Design Features ◽  
Scada Systems

Abstract Aging plants, efficiency goals, and safety needs are driving increased digitalization in nuclear power plants (NPP). Security has always been a key design consideration for NPP architectures, but increased digitalization and the emergence of malware such as Stuxnet, CRASHOVERRIDE, and TRITON that specifically target industrial control systems have heightened concerns about the susceptibility of NPPs to cyber attacks. The cyber security community has come to realize the impossibility of guaranteeing the security of these plants with 100% certainty, so demand for including resilience in NPP architectures is increasing. Whereas cyber security design features often focus on preventing access by cyber threats and ensuring confidentiality, integrity, and availability (CIA) of control systems, cyber resilience design features complement security features by limiting damage, enabling continued operations, and facilitating a rapid recovery from the attack in the event control systems are compromised. This paper introduces the REsilience VeRification UNit (RevRun) toolset, a software platform that was prototyped to support cyber resilience analysis of NPP architectures. Researchers at Sandia National Laboratories have recently developed models of NPP control and SCADA systems using the SCEPTRE platform. SCEPTRE integrates simulation, virtual hardware, software, and actual hardware to model the operation of cyber-physical systems. RevRun can be used to extract data from SCEPTRE experiments and to process that data to produce quantitative resilience metrics of the NPP architecture modeled in SCEPTRE. This paper details how RevRun calculates these metrics in a customizable, repeatable, and automated fashion that limits the burden placed upon the analyst. This paper describes RevRun’s application and use in the context of a hypothetical attack on an NPP control system. The use case specifies the control system and a series of attacks and explores the resilience of the system to the attacks. The use case further shows how to configure RevRun to run experiments, how resilience metrics are calculated, and how the resilience metrics and RevRun tool can be used to conduct the related resilience analysis.

scholarly journals Analyzing the Impact of Cybersecurity on Monitoring and Control Systems in the Energy Sector

Energies ◽  
2021 ◽  
Vol 15 (1) ◽  
pp. 218
Author(s):  
Mohammed Alghassab
Keyword(s):  
Control System ◽  
Control Systems ◽  
Cyber Security ◽  
Energy Sector ◽  
Industrial Control System ◽  
Monitoring And Control ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Monitoring And Control Systems ◽  
And Control

Monitoring and control systems in the energy sector are specialized information structures that are not governed by the same information technology standards as the rest of the world’s information systems. Such industrial control systems are also used to handle important infrastructures, including smart grids, oil and gas facilities, nuclear power plants, water management systems, and so on. Industry equipment is handled by systems connected to the internet, either via wireless or cable connectivity, in the present digital age. Further, the system must work without fail, with the system’s availability rate being of paramount importance. Furthermore, to certify that the system is not subject to a cyber-attack, the entire system must be safeguarded against cyber security vulnerabilities, threats, and hazards. In addition, the article looks at and evaluates cyber security evaluations for industrial control systems, as well as their possible impact on the accessibility of industrial control system operations in the energy sector. This research work discovers that the hesitant fuzzy-based method of the Analytic Hierarchy Process (AHP) and the Technique for Order of Preference by Similarity to Ideal Solution (TOPSIS) is an operational procedure for estimating industrial control system cyber security assessments by understanding the numerous characteristics and their impacts on cyber security industrial control systems. The author evaluated the outputs of six distinct projects to determine the quality of the outcomes and their sensitivity. According to the results of the robustness analysis, alternative 1 shows the utmost effective cybersecurity project for the industrial control system. This research work will be a conclusive reference for highly secure and managed monitoring and control systems.

scholarly journals Optimal Workflow Scheduling in Critical Infrastructure Systems with Neural Networks

2012 ◽  
Vol 10 (2) ◽  
Author(s):  
S. Vukmirović ◽  
A. Erdeljan ◽  
L. Imre ◽  
D. Čapko
Keyword(s):  
Neural Networks ◽  
Management System ◽  
Critical Infrastructure ◽  
Well Being ◽  
Operating Conditions ◽  
Current Status ◽  
Workflow Scheduling ◽  
Infrastructure Systems ◽  
High Resource ◽  
Critical Infrastructure Systems

Critical infrastructure systems (CISs), such as power  grids, transportation systems, communication networks and water systems are the backbone of a country’s national security and industrial prosperity. These CISs execute large numbers of workflows with very high resource requirements that can span through different systems and last for a long time. The proper functioning and synchronization of these workflows is essential since humanity’s well-being is connected to it. Because of this, the challenge of ensuring availability and reliability of these services in the face of a broad range of operating conditions is very complicated.  This paper proposes an architecture which dynamically executes a scheduling algorithm using feedback about the current status of CIS nodes. Different artificial neural networks (ANNs) were created in order to solve the scheduling problem. Their performances were compared and as the main result of this paper, an optimal ANN architecture for workflow scheduling in CISs is proposed. A case study is shown for a meter data management system with measurements from a power distribution management system in Serbia. Performance tests show that significant improvement of the overall execution time can be achieved by ANNs.

scholarly journals Pandora’s Net

2015 ◽  
Vol 137 (01) ◽  
pp. 28-33
Author(s):  
Brittany Logan
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Soft Power ◽  
Critical Infrastructure ◽  
Industrial Processes ◽  
Computer Language ◽  
Physical Processes ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada Systems

This study analyses potential weaknesses of supervisory control and data acquisition (SCADA) systems and possible workarounds to safeguard the critical infrastructure. SCADA systems are the hardware and software that control and monitor infrastructure and industrial processes. In the world of energy, the industrial control systems monitoring the physical processes of machines are less tangible than the actual physical machines they control. One of the benefits of soft power is that it offers the ability to use coercive force and create confusion without using overt means. Disconnecting any unnecessary network connections and restricting personnel access to only essential programs will limit unwanted access to SCADA systems through backdoor networks. It has been recommended that the energy sector ought to implement back-up and defense-in-depth systems. The concept of a common computer language for SCADA has also been mentioned in the security community, but could come with challenges.

scholarly journals Examples of implementation of a multi-model qualimetric method for system optimization of marine engineering and marine infrastructure facilities

2021 ◽  
pp. 69-81
Author(s):  
А.В. Алексеев
Keyword(s):  
Power Systems ◽  
Control Systems ◽  
Research Design ◽  
Critical Infrastructure ◽  
Technological Development ◽  
System Optimization ◽  
Operating Conditions ◽  
Technical Equipment ◽  
Design Objects ◽  
Marine Engineering

Стремительный рост сложности современных объектов морской техники и морской инфраструктуры, ужесточение требований к качеству процессов их создания и эксплуатации на всех этапах жизненного цикла обуславливают особую необходимость поиска инвариантных к специфике условий эксплуатации технических и технологических решений. Соответственно, моделей их оценки, анализа, синтеза, оптимизации, исследовательского проектирования и обоснования их свойств и характеристик, включая количественный анализ конкурентной способности, перспективности и путей их технологического развития. В развитие ранее представленных модели и методики инвариантной оценки качества и эффективности объектов морской техники и морской инфраструктуры рассмотрены конкретные примеры реализации разработанного Полимодельного квалиметрического метода системной оптимизации объектов исследовательского проектирования. Включая оценку и мониторинг технической готовности объектов критической инфраструктуры, отдельных кораблей и их соединений, систем управления оружием и техническими средствами, электроэнергетических систем, автоматизированных систем управления в защищенном исполнении, автоматизированных интеллектуальных систем поддержки принятия решений. The rapid increase in the complexity of modern marine equipment and marine infrastructure, the tightening of requirements for the quality of the processes of their creation and operation at all stages of the life cycle make it particularly necessary to find technical and technological solutions that are invariant to the specifics of the operating conditions. Accordingly, models of their evaluation, analysis, synthesis, optimization, research design and justification of their properties and characteristics, including a quantitative analysis of their competitive ability, prospects and ways of their technological development. In the development of the previously presented model and methodology for invariant assessment of the quality and efficiency of marine engineering and marine infrastructure objects, specific examples of the implementation of the developed Polymodel qualimetric method for system optimization of research design objects are considered. Including assessment and monitoring of the technical readiness of critical infrastructure facilities, individual ships and their connections, weapons and technical equipment control systems, electric power systems, automated control systems in a secure design, automated intelligent decision support systems.

Cyber Security in Liquid Petroleum Pipelines

2011 ◽  
pp. 200-222
Author(s):  
Morgan Henrie
Keyword(s):  
Cyber Security ◽  
Oil And Gas ◽  
Critical Infrastructure ◽  
Evolutionary Process ◽  
Oil And Gas Industry ◽  
Security Risks ◽  
Gas Industry ◽  
Scada Systems ◽  
Electrical Utilities ◽  
Water Waste

The world’s critical infrastructure includes entities such as the water, waste water, electrical utilities, and the oil and gas industry. In many cases, these rely on pipelines that are controlled by supervisory control and data acquisition (SCADA) systems. SCADA systems have evolved to highly networked, common platform systems. This evolutionary process creates expanding and changing cyber security risks. The need to address this risk profile is mandated from the highest government level. This chapter discusses the various processes, standards, and industry based best practices that are directed towards minimizing these risks.

Cyber Security in Liquid Petroleum Pipelines

2013 ◽  
pp. 559-581
Author(s):  
Morgan Henrie
Keyword(s):  
Cyber Security ◽  
Oil And Gas ◽  
Critical Infrastructure ◽  
Evolutionary Process ◽  
Oil And Gas Industry ◽  
Security Risks ◽  
Gas Industry ◽  
Scada Systems ◽  
Electrical Utilities ◽  
Water Waste

The world’s critical infrastructure includes entities such as the water, waste water, electrical utilities, and the oil and gas industry. In many cases, these rely on pipelines that are controlled by supervisory control and data acquisition (SCADA) systems. SCADA systems have evolved to highly networked, common platform systems. This evolutionary process creates expanding and changing cyber security risks. The need to address this risk profile is mandated from the highest government level. This chapter discusses the various processes, standards, and industry based best practices that are directed towards minimizing these risks.

Sign in / Sign up

Export Citation Format

Share Document