Fostering SCADA and IT Relationships

2011 ◽  
Vol 1 (3) ◽  
pp. 1-11
Author(s):  
Christopher Beggs ◽  
Ryan McGowan
Keyword(s):  
Organizational Structure ◽  
Supervisory Control ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Roles And Responsibilities ◽  
Concept Model ◽  
Scada Security ◽  
Business Operations ◽  
Security Training ◽  
Working Together

In recent years, critical infrastructure utilities have been faced with conflicting attitudes and cultural differences of where SCADA (Supervisory Control and Data Acquisition) and IT fit into an organizational structure. This lack of understanding between SCADA, IT processes, and business operations remains a concern for many utilities within the SCADA community. The importance of SCADA and IT relationships is an area of the SCADA landscape that is often unrecognised. This paper examines the results and findings of a SCADA and IT relationship survey that was undertaken to identify where SCADA operations fit within organizations around the world. It describes several proposed models that define the role and responsibility of SCADA within an organizational structure. It also presents a concept model for SCADA security responsibility and identifies key observations of SCADA and IT working together at the INL Control System Cyber Security Training in Idaho, USA. The main findings of the research suggest that clear defined roles and responsibilities for SCADA operations and SCADA security need to be established and secondly, that immediate cultural driven change is required in order to improve SCADA and IT relationships.

IT Security for SCADA

2015 ◽  
Vol 5 (3) ◽  
pp. 19-27
Author(s):  
Rahul Rastogi ◽  
Rossouw von Solms
Keyword(s):  
Physical Process ◽  
Supervisory Control ◽  
Cyber Security ◽  
Data Acquisition System ◽  
Critical Issue ◽  
Cyber Physical System ◽  
It Security ◽  
Security Issues ◽  
Scada Security ◽  
The Government

SCADA (Supervisory Control and Data Acquisition System) is a cyber-physical system, wherein IT (Information Technology) components work in conjunction with field devices to control a physical process. The security of these IT components becomes crucial in view of the damaging effects that any security breach of these IT components can have on the underlying physical process. In response to this critical issue, various governments across the world have recognized the issue of SCADA security and have initiated the creation of a regulatory framework for mandating SCADA security in their respective countries. This paper provides a brief overview of the cyber-security issues of SCADA and the implications of Stuxnet for SCADA security. The paper reviews the steps taken by the governments of India and South Africa; and it provides guidance to the owners of SCADA regarding SCADA security, as mandated by the Government of India.

scholarly journals Security Control Assessment of Supervisory Control and Data Acquisition for Power Utilities in Tanzania

2020 ◽  
Vol 5 (7) ◽  
pp. 785-789
Author(s):  
Job Asheri Chaula ◽  
Godfrey Weston Luwemba
Keyword(s):  
Data Acquisition ◽  
Supervisory Control ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Security Evaluation ◽  
Evaluation Tool ◽  
Security Vulnerabilities ◽  
Security Controls ◽  
Security Control ◽  
Security Compliance

The primary purpose of this research was to assess the adequacy and effectiveness of security control of the Supervisory Control and Data Acquisition (SCADA) communication network used by infrastructure companies. Initially, the SCADA networks were physically separated from other networks connected to the internet and hence assumed secure. However, the modern SCADA are now integrated with other network resulting in new security vulnerabilities and attacks similar to those found in traditional IT. Thus, it is important to reassess the security controls of the SCADA because it is operated in an open network environment. In this research, a case of the SCADA security controls in the power sector in Tanzania was assessed, whereby a specific SCADA implementation was studied. The data were gathered using observation, testing, interviews, questionnaire and documentation reviews. The results were analyzed using the Cyber Security Evaluation Tool (CSET) and checked for compliance based on the National Institute of Standards and Technology (NIST) and North America Electric Reliability Corporation (NERC) standards. The findings have shown that there exist security vulnerabilities both in security compliance of the standard and component-based vulnerabilities. Additionally, there is inadequate of audit and accountability, personnel security and system and information integrity. Also, for the component-based security compliance, the finding shows that identification and authentication, security management and audit and accountability. On the basis of the results, the research has indicated the areas that require immediate action in order to protect the critical infrastructure.

Wargaming in Cyber Security Education and Awareness Training

2019 ◽  
Vol 8 (1) ◽  
pp. 35-38
Author(s):  
Andreas HAGGMAN
Keyword(s):  
Cyber Security ◽  
Learning Opportunities ◽  
Learning Tools ◽  
Security Strategy ◽  
Powerful Learning ◽  
Security Training ◽  
Core Concepts ◽  
Education And Awareness ◽  
The Uk ◽  
High Engagement

This paper introduces readers to core concepts around cyber wargaming. Wargames can be powerful learning tools, but few wargames exist to teach players about cyber security. By way of highlighting possibilities in this space, the author has developed an original educational tabletop wargame based on the UK National Cyber Security Strategy and deployed the game to a variety of organisations to determine its pedagogic efficacy. Overall, it is found that the game was effective in generating high-engagement participation and clear learning opportunities. Furthermore, there are design lessons to be learned from existing games for those seeking to use wargames for cyber security training and education.

scholarly journals Cyber Attacks on Critical Infrastructure

2016 ◽  
pp. 448-465
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Cyber Attacks on Critical Infrastructure

2015 ◽  
pp. 1-18 ◽  
Author(s):  
Ana Kovacevic ◽  
Dragana Nikolic
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Future Directions ◽  
Infrastructure Systems ◽  
Cyber Threats ◽  
Scada Systems ◽  
Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Maturity and Process Capability Models and Their Use in Measuring Resilience in Critical Infrastructure Protection Sectors

2015 ◽  
pp. 506-526
Author(s):  
Clemith J. Houston Jr. ◽  
Douglas C. Sicker
Keyword(s):  
Risk Management ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Process Capability ◽  
Critical Infrastructure Protection ◽  
Maturity Models ◽  
Infrastructure Protection ◽  
Management Capabilities ◽  
Use Of Models ◽  
Measurement Capabilities

This paper provides a literature review and survey of maturity and process capability models, Critical Infrastructure Protection (CIP) tools and frameworks to identify strategies for assessing and measuring resilience and risk management capabilities, with a specific focus on the electricity generating sector. The focus is on the use of models such as CERT-RMM, and others, as a means of addressing challenges associated with cyber security and risk management. Foundational concepts, terminology and definitions are provided; examples of maturity and process capability models are presented and discussed, tools that enable process capability and resilience are identified, including those specific to the electricity generating sector. The evolution of models and how they have addressed challenges is presented, in addition to the characteristics and differences of models and the growth in domains where they can be used. The benefits of the application of process capability and maturity models in maintaining and enhancing resilience and cyber security protection is supported in this paper and recommendations for research opportunities that may yield further insight and measurement capabilities are offered.

Cyber Attacks and Preliminary Steps in Cyber Security in National Protection

2018 ◽  
pp. 213-229
Author(s):  
Faruk Aydin ◽  
O. Tolga Pusatli
Keyword(s):  
Cyber Security ◽  
Information Technologies ◽  
Critical Infrastructure ◽  
National Development ◽  
Cyber Attacks ◽  
Public Institutions ◽  
Private Companies ◽  
Nation States ◽  
Development Plans ◽  
Security Standards

Cyber attacks launched by individuals and/or supported by nation states have increased due to the prevalence of information technologies at critical infrastructure of the states. In this chapter, such attacks and consecutive impacts are visited. In connection with this issue, evolution of cyber threats from annoying malware to serious weapons is studied by examples; hence, precautions against such threats are visited and usage of anti-malware applications as prevalent precautions is assessed within the scope. Selected information security standards and strategies of selected states and precautions for cyber security of Turkey are studied. Our findings underline that educated citizens and companies along with public institutions should cooperate to provide a nationwide cyber security. Consequently, it is defended that governments should play an affective role to protect, educate, and guide governmental and private companies and citizens on the cyber security by promoting the cyber security topic in the successive national development plans.

Sign in / Sign up

Export Citation Format

Share Document