scholarly journals A framework for Cybersecurity of Supervisory Control and Data Acquisition (SCADA) Systems and Industrial Control Systems (ICS)

2020 ◽  
Author(s):  
Alaa Al Ghazo
Keyword(s):  
Data Acquisition ◽  
Control Systems ◽  
Supervisory Control ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada Systems

scholarly journals Pandora’s Net

2015 ◽  
Vol 137 (01) ◽  
pp. 28-33
Author(s):  
Brittany Logan
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Soft Power ◽  
Critical Infrastructure ◽  
Industrial Processes ◽  
Computer Language ◽  
Physical Processes ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada Systems

This study analyses potential weaknesses of supervisory control and data acquisition (SCADA) systems and possible workarounds to safeguard the critical infrastructure. SCADA systems are the hardware and software that control and monitor infrastructure and industrial processes. In the world of energy, the industrial control systems monitoring the physical processes of machines are less tangible than the actual physical machines they control. One of the benefits of soft power is that it offers the ability to use coercive force and create confusion without using overt means. Disconnecting any unnecessary network connections and restricting personnel access to only essential programs will limit unwanted access to SCADA systems through backdoor networks. It has been recommended that the energy sector ought to implement back-up and defense-in-depth systems. The concept of a common computer language for SCADA has also been mentioned in the security community, but could come with challenges.

scholarly journals A review: towards practical attack taxonomy for industrial control systems

2018 ◽  
Vol 7 (2.14) ◽  
pp. 145 ◽  
Author(s):  
Qais Saif Qassim ◽  
Norziana Jamil ◽  
Razali Jidin ◽  
Mohd Ezanee Rusli ◽  
Md Nabil Ahmad Zawawi ◽  
...  
Keyword(s):  
Control Systems ◽  
Supervisory Control ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Scada System ◽  
Water Transportation ◽  
Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.  

Challenges in Securing Industrial Control Systems Using Future Internet Technologies

2022 ◽  
pp. 561-586
Author(s):  
Mirjana D. Stojanović ◽  
Slavica V. Boštjančič Rakas
Keyword(s):  
Control Systems ◽  
Fog Computing ◽  
Future Internet ◽  
Future Research ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Internet Technologies ◽  
Scada Systems ◽  
Scada Networks ◽  
And Migration

This chapter explores challenges in securing industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems using Future Internet technologies. These technologies include cloud computing, fog computing, Industrial internet of things (IIoT), etc. The need to design specific security solutions for ICS/SCADA networks is explained. A brief overview of cyber vulnerabilities and threats in industrial control networks, cloud, and IoT environments is presented. The security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud, challenges in securing such systems, and migration toward fog computing. Challenges in securing IIoT are addressed, including security risks and operational issues, key principles for securing IIoT, the functional security architecture, and the role of fog computing. Authors point out current standardization activities and trends in the area, and emphasize conclusions and future research directions.

scholarly journals Behavior Based Anomaly Detection Model in SCADA System

2018 ◽  
Vol 173 ◽  
pp. 01011 ◽  
Author(s):  
Xiaojun Zhou ◽  
Zhen Xu ◽  
Liming Wang ◽  
Kai Chen ◽  
Cong Chen ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Control Systems ◽  
Supervisory Control ◽  
Industry 4.0 ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Detection Model ◽  
Scada System ◽  
Behavior Based ◽  
And Control

With the arrival of Industry 4.0, more and more industrial control systems are connected with the outside world, which brings tremendous convenience to industrial production and control, and also introduces many potential security hazards. After a large number of attack cases analysis, we found that attacks in SCADA systems can be divided into internal attacks and external attacks. Both types of attacks are inevitable. Traditional firewalls, IDSs and IPSs are no longer suitable for industrial control systems. Therefore, we propose behavior-based anomaly detection and build three baselines of normal behaviors. Experiments show that using our proposed detection model, we can quickly detect a variety of attacks on SCADA (Supervisory Control And Data Acquisition) systems.

scholarly journals Risk Assessment For Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)

2015 ◽  
Vol 5 (3) ◽  
pp. 205-220 ◽  
Author(s):  
Qian Chen ◽  
Robert K. Abercrombie ◽  
Frederick T. Sheldon
Keyword(s):  
Risk Assessment ◽  
Control Systems ◽  
Durable Goods ◽  
Security Risk ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
External Threats ◽  
Scada Systems ◽  
Food And Beverage ◽  
Failure Cost

Abstract 1 Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet of Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure. Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). The metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).

scholarly journals Detection and Blocking of Replay, False Command, and False Access Injection Commands in SCADA Systems with Modbus Protocol

2021 ◽  
Vol 2021 ◽  
pp. 1-15
Author(s):  
Rajesh L ◽  
Penke Satyanarayana
Keyword(s):  
Control Systems ◽  
Area Network ◽  
Core Component ◽  
Industrial Control ◽  
Industrial Control Systems ◽  
Modbus Protocol ◽  
Replay Attacks ◽  
Scada Systems ◽  
Process Plants ◽  
The Impact

Industrial control systems (ICS) are being used for surveillance and controlling numerous industrial process plants in national critical infrastructures. Supervisory control and data acquisition (SCADA) system is a core component in ICS systems for continuous monitoring and controlling these process plants. Legacy SCADA systems are working in isolated networks and using proprietary communication protocols which made them less exposed to cyber threats. In recent times, these ICS systems have been connected to Internet and corporate networks for data sharing and remote monitoring. They are also using open protocols and operating systems. This leads to vulnerabilities of the system to cyberattacks. Cybersecurity threats are more prevalent than ever in ICS systems. These attacks may be external or internal. Modbus is a widely deployed communication protocol for SCADA communications. There is no security in design of Modbus protocol, and it is vulnerable to numerous cyberattacks. In this paper, we worked for False Command Injection attack, False Access Injection attack, and replay attacks on Modbus protocol. Initially, a real-time SCADA testbed was set up, and we envisaged the impact of these attacks on Modbus protocol data using the testbed. In this work, we used local area network (LAN) environment only for simulating the attacks. We assumed that the attacks penetrated the LAN network. We proposed and developed (a) a method to detect replay attacks by incorporating time stamp and sequence number in Modbus communications and (b) a frame filtering module which will block unauthorized attacks like False Command Injection and False Access Injection attacks to reach programmable logic controller (PLC). Numbers of attacks were simulated and the performance of the method was measured using attack block rate (ABR). It blocked 97% of malicious Modbus transactions or attacks to reach the PLC. It protects SCADA systems from attackers, which is a core component of industrial control systems. The solution enhanced the security of SCADA systems with Modbus protocol.

Sign in / Sign up

Export Citation Format

Share Document