Guide to Industrial Control Systems (ICS) Security : Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Download Full-text

A review: towards practical attack taxonomy for industrial control systems

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.14.12815 ◽

2018 ◽

Vol 7 (2.14) ◽

pp. 145 ◽

Cited By ~ 1

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Razali Jidin ◽

Mohd Ezanee Rusli ◽

Md Nabil Ahmad Zawawi ◽

...

Keyword(s):

Control Systems ◽

Supervisory Control ◽

Cyber Attacks ◽

Critical Infrastructures ◽

Cyber Attack ◽

Industrial Control ◽

Industrial Control Systems ◽

Scada System ◽

Water Transportation ◽

Different Types

Supervisory Control and Data Acquisition (SCADA) system is the underlying control system of most national critical infrastructures such as power, energy, water, transportation and telecommunication. In order to understand the potential threats to these infrastructures and the mechanisms to protect them, different types of cyber-attacks applicable to these infrastructures need to be identified. Therefore, there is a significant need to have a comprehensive understanding of various types of cyber-attacks and its classification associated with both Opera-tion Technology (OT) and Information Technology (IT). This paper presents a comprehensive review of existing cyber-attack taxonomies available in the literature and evaluates these taxonomies based on defined criteria.

Download Full-text

Security Improvement Technique for Distributed Control System (DCS) and Supervisory Control‐Data Acquisition (SCADA) Using Blockchain at Dark Web Platform

10.1002/9781119795667.ch14 ◽

2022 ◽

pp. 317-333

Author(s):

Anand Singh Rajawat ◽

Romil Rawat ◽

Kanishk Barhanpurkar

Keyword(s):

Control System ◽

Data Acquisition ◽

Distributed Control ◽

Supervisory Control ◽

Distributed Control System ◽

Control Data ◽

Web Platform ◽

Dark Web

Download Full-text

Specification of the Current State Vulnerabilities Related to Industrial Control Systems

International Journal of Online Engineering (iJOE) ◽

10.3991/ijoe.v11i5.4981 ◽

2015 ◽

Vol 11 (5) ◽

pp. 64

Author(s):

Jan Vávra ◽

Martin Hromada ◽

Roman Jašek

Keyword(s):

Control System ◽

Control Systems ◽

Fundamental Question ◽

Industrial Control System ◽

Security Risk ◽

Considerable Effort ◽

Industrial Control ◽

Industrial Control Systems ◽

Current State ◽

True Distribution

The contemporary trend of increasing connectivity, interoperability and efficiency of technologies, which are used in organizations, also affected Industrial Control System (further only ICS). The recently isolated system is becoming more dependent on interconnection with external technologies. This leads to a formation of new vulnerabilities, which are significant threats to ICS. For this reason, it is necessary to devote considerable effort to analyze vulnerabilities. Neglecting of this area could lead to damage or unavailability of ICS services. The purpose of the article is to evaluate vulnerabilities related to individual elements of ICS. The fundamental question of the article is to find a true distribution of security risk related to ICS.

Download Full-text

Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.14.12816 ◽

2018 ◽

Vol 7 (2.14) ◽

pp. 153 ◽

Cited By ~ 2

Author(s):

Qais Saif Qassim ◽

Norziana Jamil ◽

Maslina Daud ◽

Norhamadi Ja'affar ◽

Salman Yussof ◽

...

Keyword(s):

Control System ◽

Power System ◽

Control Systems ◽

Industrial Control ◽

Power Utility ◽

Industrial Control Systems ◽

Injection Attacks ◽

Scada System ◽

Control Command ◽

Catastrophic Impact

IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.

Download Full-text

Analysis of Cyber Threats in the Connection Section of the Control System and Countermeasures Required

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i6.1831 ◽

2021 ◽

Vol 12 (6) ◽

pp. 412-417

Author(s):

Yangha Chun

Keyword(s):

Control System ◽

Control Systems ◽

Real Life ◽

Information Storage ◽

Control Network ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

Cyber Threats ◽

Cyber Threat

In the past, the general practice for the control system network that manages and controls industrial facilities such as electric power, gas, oil, water, chemicals, automobiles, etc. was to install and operate this as an independent system, but over time the practice has gradually shifted toward the use of an open and standardized system. Until recently, most industrial control systems consisted of an independent network, and the possibility of cyber threat infringement was very low. As information storage media such as laptops or USB are connected to the control system for maintenance or management purposes, the possibility of cyber infringement is increasing. When the use of the control system's operational information increases due to beingVinked with the internal business system network or the Internet, countermeasures against external cyber threats must be provided.This paper analyzes and organizes the cyber threat factors that exist in the linking section connected to the industrial control system and other networks, examining domestic and foreign incidents of hacking of control systems to identify the vulnerabilities and security measures for each scenario in the control system network linkage section. Through this analysis, a method is suggested for establishing a control network that secures both availability and security, which are important in the control system, as well as the safe relay system in the configuration of the linkage between the control network and the business network, while addressing the vulnerabilities in the structure due to long-term use of the control system.This study analyzes cyber threat factors and real-life examples of infringements with the aim of providing approaches that will ensure industrial control systems can be operated safely and the risk of cyber hacking threats that occur in connection with other networks can be managed, and suggesting cyber security measures for the control system connection sections.

Download Full-text