SCADA Systems Cyber Security for Critical Infrastructures

Past cyber-attacks on Supervisory Control and Data Acquisition (SCADA) Systems for Critical infrastructures have left these systems compromised and caused financial and economic problems. Deliberate attacks have resulted in denial of services and physical injury to the public in certain cases. This study explores the past attacks on SCADA Systems by examining nine case studies across multiple utility sectors including transport, energy and water and sewage sector. These case studies will be further analysed according to the cyber-terrorist decision-making theories including strategic, organisational and psychological theories based on McCormick (2000). Next, this study will look into cyber-terrorist capabilities in conducting attacks according to Nelson's (1999) approach that includes simple-unstructured, advance-structured and complex-coordinated capabilities. The results of this study will form the basis of a guideline that organisations can use so that they are better prepared in identifying potential future cybersecurity attacks on their SCADA systems.

Download Full-text

When Modern Monuments are an Act of Autoplagiarism.

The Journal of Public Space ◽

10.32891/jps.v5i4.1395 ◽

2020 ◽

pp. 155-176

Author(s):

Krzysztof Krzysztof

Keyword(s):

Public Space ◽

Case Studies ◽

Meta Analysis ◽

Aesthetic Judgment ◽

Art Activism ◽

The Public ◽

The Past ◽

Psychological Theories ◽

Places Of Memory

This paper discusses the autoplagiarism of monuments as a system for the reworking structure of the public space in the interdisciplinary meta-analysis. The research rises the problem of blocking art and art activism in the region. The theoretical part focuses on Polish legislation (acts of 1994, 1997, 2003, and 2016), the opinions of historians on the division between the terms “places of memory” and “places of gratitude” (Ożóg 2011; Czarnecka 2015; Jach 2018), and an overview of the classification of monuments in artistic theories (Krauss 1993; Lacy 1995; Kwon 2004; Ranciere 2004; Walsh 2013; Taylor and Altenburg, 2006; Bellentani and Panico, 2016). Insights into psychological theories related to aesthetic judgment are also presented as supportive statements (Ishizu and Zeki 2013; G. E. Vaillant, M. Bond, and C.O. Vaillant, 1986; Reicher 2003; Le Bon 1929). The research covers six case studies of erected and removed monuments in the area of Smaller Poland during the period from the end of 2017 to the first part of 2018. All samples are related to the stakeholder's reactions to the past Soviet presence in the area and their current aims. The conclusions suggest strategies which could be helpful to strengthen the public space and classification for the autoplagiarized monument.

Download Full-text

Cybersecurity Teamwork: A Review of Current Practices and Suggested Improvements

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1071181320641101 ◽

2020 ◽

Vol 64 (1) ◽

pp. 451-455

Author(s):

Richard J. Simonson ◽

Joseph R. Keebler ◽

Mathew Lessmiller ◽

Tyson Richards ◽

John C. Lee

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Team Science ◽

The Past ◽

Insight Into ◽

Current Practices

As cyber-attacks and their subsequent responses have become more frequent and complex over the past decade, research into the performance and effectiveness of cybersecurity teams has gained an immense amount of traction. However, investigation of teamwork in this domain is lacking due to the exclusion of known team competencies and a lack of reliance on team science. This paper serves to provide insight into the benefit that can be gained from utilizing the extant teamwork literature to improve teams’ research and applications in the domain of cyber-security.

Download Full-text

Cyber Attacks on Critical Infrastructure

Civil and Environmental Engineering ◽

10.4018/978-1-4666-9619-8.ch018 ◽

2016 ◽

pp. 448-465

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

A review: towards practical attack taxonomy for industrial control systems

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.14.12815 ◽

2018 ◽

Vol 7 (2.14) ◽

pp. 145 ◽

Cited By ~ 1

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Razali Jidin ◽

Mohd Ezanee Rusli ◽

Md Nabil Ahmad Zawawi ◽

...

Keyword(s):

Control Systems ◽

Supervisory Control ◽

Cyber Attacks ◽

Critical Infrastructures ◽

Cyber Attack ◽

Industrial Control ◽

Industrial Control Systems ◽

Scada System ◽

Water Transportation ◽

Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.

Download Full-text

Cyber Attacks on Critical Infrastructure

Advances in Digital Crime, Forensics, and Cyber Terrorism - Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance ◽

10.4018/978-1-4666-6324-4.ch001 ◽

2015 ◽

pp. 1-18 ◽

Cited By ~ 1

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Economics of Cyber Security and the Way Forward

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch008 ◽

2018 ◽

pp. 132-150

Author(s):

Taiseera Al Balushi ◽

Saqib Ali ◽

Osama Rehman

Keyword(s):

Communication Technology ◽

Cyber Security ◽

Cyber Attacks ◽

Remote Access ◽

Security Threats ◽

The Public ◽

Security Issues ◽

Information And Communication ◽

Financial Losses ◽

Government Perspective

Initiatives carried by companies, institutes and governments to flourish and embellish the Information and Communication Technology (ICT) among the public have led to its penetration into every walk of life. ICT enhances the efficiency of various systems, such as the organisation and transfer of data. However, with the digital and remote access features of ICT comes the motivation towards financial, political and military gains by rivals. Security threats and vulnerabilities in existing ICT systems have resulted in cyber-attacks that are usually followed by substantial financial losses. This study discusses the security in ICT from a business, economic and government perspective. The study makes an attempt to understand the seriousness of the security issues and highlights the consequences of security breech from an economic perspective. Based on the performed analysis, the factors behind these attacks are provided along with recommendations for better preparations against them.

Download Full-text

Reviewing National Cybersecurity Strategies

Journal of Disaster Research ◽

10.20965/jdr.2018.p0957 ◽

2018 ◽

Vol 13 (5) ◽

pp. 957-966

Author(s):

Shigeo Mori ◽

◽

Atsuhiro Goto

Keyword(s):

Public Sector ◽

Cyber Security ◽

Cyber Attacks ◽

Maturity Model ◽

National Strategy ◽

Global Level ◽

The Public ◽

Capacity Enhancement ◽

National Capacity ◽

National Campaigns

The damages caused by cyber-attacks are becoming larger, broader and more serious and to include monetary losses and losses of lifeline. Some cyber-attacks are arguably suspected to be parts of national campaigns. Under such circumstances, the public sector must endeavour to enhance the national cybersecurity capacities. There are several benchmarks for national cybersecurity, i.e., a snapshot relative assessment of a nation’s cybersecurity strength at a global level. However, by considering the development of technology, attackers’ skills and capacities of other nations, we believe that it is more important to review the national strategy for cybersecurity capacity enhancement and to ensure that the national capacity advances adequately in the coming years. We propose a method of reviewing national strategies. Additionally, we performed a trial review of the Japanese cybersecurity strategy using the Cybersecurity Capacity Maturity Model for Nations (CSCMMN) developed by the Global Cyber Security Capacity Centre. This trial proved to be workable because it detected various possibly inadequate (insufficient, inappropriate or inefficient, although further investigation is needed) approaches in the Japanese strategy. Moreover, the review also discovered the shortcomings of the capacity areas in the CSCMMN. We plan to improve the reviewing method and develop the improvement process of national strategies for cybersecurity capacity enhancement.

Download Full-text

Using integrated system theory approach to assess security for SCADA systems cyber security for critical infrastructures: A pilot study

2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD) ◽

10.1109/fskd.2014.6980976 ◽

2014 ◽

Author(s):

Suhaila Ismail ◽

Elena Sitnikova ◽

Jill Slay

Keyword(s):

System Theory ◽

Pilot Study ◽

Cyber Security ◽

Integrated System ◽

Critical Infrastructures ◽

Theory Approach ◽

Scada Systems

Download Full-text

Cyber Resilience Analysis of SCADA Systems in Nuclear Power Plants

Volume 2: Nuclear Policy; Nuclear Safety, Security, and Cyber Security; Operating Plant Experience; Probabilistic Risk Assessments; SMR and Advanced Reactors ◽

10.1115/icone2020-16071 ◽

2020 ◽

Author(s):

Meghan Galiardi ◽

Amanda Gonzales ◽

Jamie Thorpe ◽

Eric Vugrin ◽

Raymond Fasano ◽

...

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Security ◽

Nuclear Power ◽

Power Plants ◽

Nuclear Power Plants ◽

Cyber Attacks ◽

Use Case ◽

Design Features ◽

Scada Systems

Abstract Aging plants, efficiency goals, and safety needs are driving increased digitalization in nuclear power plants (NPP). Security has always been a key design consideration for NPP architectures, but increased digitalization and the emergence of malware such as Stuxnet, CRASHOVERRIDE, and TRITON that specifically target industrial control systems have heightened concerns about the susceptibility of NPPs to cyber attacks. The cyber security community has come to realize the impossibility of guaranteeing the security of these plants with 100% certainty, so demand for including resilience in NPP architectures is increasing. Whereas cyber security design features often focus on preventing access by cyber threats and ensuring confidentiality, integrity, and availability (CIA) of control systems, cyber resilience design features complement security features by limiting damage, enabling continued operations, and facilitating a rapid recovery from the attack in the event control systems are compromised. This paper introduces the REsilience VeRification UNit (RevRun) toolset, a software platform that was prototyped to support cyber resilience analysis of NPP architectures. Researchers at Sandia National Laboratories have recently developed models of NPP control and SCADA systems using the SCEPTRE platform. SCEPTRE integrates simulation, virtual hardware, software, and actual hardware to model the operation of cyber-physical systems. RevRun can be used to extract data from SCEPTRE experiments and to process that data to produce quantitative resilience metrics of the NPP architecture modeled in SCEPTRE. This paper details how RevRun calculates these metrics in a customizable, repeatable, and automated fashion that limits the burden placed upon the analyst. This paper describes RevRun’s application and use in the context of a hypothetical attack on an NPP control system. The use case specifies the control system and a series of attacks and explores the resilience of the system to the attacks. The use case further shows how to configure RevRun to run experiments, how resilience metrics are calculated, and how the resilience metrics and RevRun tool can be used to conduct the related resilience analysis.

Download Full-text