Geeta Yadav,Kolin Paul

DOI: https://doi.org/10.1016/j.ijcip.2021.100433

IF: 3.683

2021-09-01

International Journal of Critical Infrastructure Protection

Abstract:Pipeline bursting, production lines shut down, frenzy traffic, trains confrontation, the nuclear reactor shut down, disrupted electric supply, interrupted oxygen supply in ICU – these catastrophic events could result because of an erroneous SCADA system/ Industrial Control System (ICS). SCADA systems have become an essential part of automated control and monitoring of Critical Infrastructures (CI). Modern SCADA systems have evolved from standalone systems into sophisticated, complex, open systems connected to the Internet. This geographically distributed modern SCADA system is more vulnerable to threats and cyber attacks than traditional SCADA. Traditional SCADA systems were less exposed to Internet threats as they operated on isolated networks. Over the years, an increase in the number of cyber-attacks against the SCADA systems seeks security researchers’ attention towards their security. In this review paper, we first review the SCADA system architectures and comparative analysis of proposed/implemented communication protocols, followed by attacks on such systems to understand and highlight the evolving security needs for SCADA systems. A short investigation of the current state of intrusion detection techniques in SCADA systems is done, followed by a brief study of testbeds for SCADA systems. The cloud and Internet of things (IoT) based SCADA systems are studied by analyzing modern SCADA systems’ architecture. In the end, the review paper highlights the critical research problems that need to be resolved to close the security gaps in SCADA systems.

engineering, multidisciplinary,computer science, information systems

Anees Ara

DOI: https://doi.org/10.1088/1755-1315/1026/1/012030

2022-07-09

IOP Conference Series: Earth and Environmental Science

Abstract:Industrial control systems (ICS) play a vital role in monitoring and controlling the plants like power grids, oil and gas industries, manufacturing industries, and nuclear power plants. Present research and development in information and communication technologies have changed the domains of industrial control systems from traditional electromagnetic to network- based digital systems. This domain shift has created better interfaces for communication between physical processes and the control units. Eventually, making the complex process of monitoring and controlling the industries easier, with the help of internet connections and computing technologies. The field instruments such as sensors and actuators and the physical processes in industries are controlled and monitored by programmable logic controllers (PLC), remote telemetric units (RTU), and supervisory control and data acquisition systems (SCADA) with the help of communication protocols. The seamless integration of the information technologies (IT) and operational technologies (OT) make the management of the industrial environment foster. However, the inclusion of new technologies that increase the number of internet connections, the new communication protocols, and interfaces that run on open-source software, brings up new threats and challenges in addition to existing vulnerabilities in these classical legacy-based heterogeneous hardware and software systems. Due to the increase in the number of security incidents on critical infrastructures, the security considerations for SCADA systems/ICS are gaining interest among researchers. In this paper, we provide a description of SCADA/ICS components, architecture, and communication protocols. Additionally, we discuss details of existing vulnerabilities in hardware, software, and communication protocols. Further, we highlight some prominent security incidents and their motives behind them. We analyse the existing state of OT and IT security in SCADA systems by classifying the SCADA components among them. Finally, we provide security recommendations based on current trends and also discuss open research problems in SCADA security.

Bijoy Babu,Thafasal Ijyas,P. Muneer,Justin Varghese,Muneer P.

DOI: https://doi.org/10.1109/anti-cybercrime.2017.7905261

2017-03-01

Abstract:Ongoing research and developments in modern information and communication technologies have revolutionized the design of industrial control systems (ICS). There is a major domain transition from traditional electromechanical systems to network based digital systems, which has indeed created a powerful interface between state-of the-art computing technologies/paradigms and physical processes sought to be controlled. ICS play a critical role in the industrial and manufacturing sector. Major infrastructures like petrochemical industries, waste water treatment facilities, nuclear power plants, pharmaceuticals, food and beverage industries etc. cannot run properly without ICS. Real-time processing, reliability and advanced distributed intelligence are some of the core characteristics of ICS which are incorporated with the help of state-of-the-art internet communication and computing technologies. The complex embedded coupling of hardware and software components such as actuators, sensors and the physical processes are all monitored and manipulated by the communication and network protocol based controllers like supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLC), distributed control systems (DCS) etc. The integration of these technologies makes the access to ICS from the external world much easier. On the other hand, this has led to many critical cyber-security issues also. These issues are of such a nature that they may sometimes pose a serious threat to the safety of humans and the environment as well. Unless managed properly, these can have adverse implications for the national economy also, in terms of production losses. In this paper, we attempt to give a comprehensive review of the unique aspects of cyber-security issues in ICS. Specifically, we delve upon the issues of security assessment and architectural reviewing of ICS. We also give a brief survey on different threat attacks on ICS.

Manar Alanazi,Abdun Mahmood,Mohammad Jabed Morshed Chowdhury

DOI: https://doi.org/10.1016/j.cose.2022.103028

2022-11-26

Abstract:Supervisory control and data acquisition (SCADA) serves as the backbone of several critical infrastructures, including water supply systems, oil pipelines, transportation and electricity. It accomplishes essential functions, such as monitoring data from pumps, valves and transmitters. Across different generations, SCADA has undergone a significant evolution from a typically isolated environment to a highly interconnected network. Although this conversion has benefits for SCADA, such as enhanced performance efficiency and the cost reduction of heavy equipment, it has made SCADA more vulnerable to various cyber-attacks. Several SCADA security approaches are still provided by IT-based systems that are possibly not efficient enough to deflect the risks and threats originating from SCADA field operations. As a result, it is critically important to analyse cyber risks associated with the industrial SCADA system. The goal of this survey is to explore the security vulnerabilities of SCADA systems and classify the threats accordingly. In this project, we initially reviewed SCADA systems from different scopes, including architecture, vulnerabilities, attacks, intrusion detection techniques (IDS) and testbeds. We proposed taxonomies of vulnerabilities, attacks, IDS and testbeds according to predefined criteria. We concluded the survey by highlighting the research challenges and open issues for future research in the field of SCADA security.

computer science, information systems

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

P A S Ralston,J H Graham,J L Hieb

DOI: https://doi.org/10.1016/j.isatra.2007.04.003

Abstract:The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Mohammad Ashiqur Rahman,Ehab Al-Shaer

DOI: https://doi.org/10.1007/978-3-030-18214-4_4

2019-01-01

Abstract:The supervisory control and data acquisition (SCADA) system is the major industrial control system (ICS), which is responsible for collecting data from end devices, analyzing data, and managing the system efficiently by sending necessary control commands to the corresponding end devices. Unlike traditional cyber networks, a SCADA system consists of heterogeneous devices that communicate with one another under various communication protocols, physical media, and security properties. Failures or attacks on such networks have the potential of data unavailability and false data injection causing incorrect system estimations and control decisions leading to non-optimal management or critical damages of the system. This chapter provides a theoretical baseline for assessing the security and resiliency of ICS by presenting two formal frameworks, one for security analysis and one for resiliency analysis, considering smart grid SCADA systems. These frameworks take smart grid configurations and organizational security or resiliency requirements as inputs, formally model configurations and various security properties, and verify the dependability of the system under potential attacks or contingencies. The execution of each of these frameworks is demonstrated on an example case study.

Hao Wang,Nathan Lau,Ryan M Gerdes

DOI: https://doi.org/10.1177/0018720818769250

Abstract:Objective: The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Background: Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. Method: We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. Results: The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Conclusion: Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Application: Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Yongge Wang

DOI: https://doi.org/10.48550/arXiv.1207.5434

2012-07-23

Information Theory

Abstract:Distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems were developed to reduce labour costs, and to allow system-wide monitoring and remote control from a central location. Control systems are widely used in critical infrastructures such as electric grid, natural gas, water and wastewater industries. While control systems can be vulnerable to a variety of types of cyber attacks that could have devastating consequences, little research has been done to secure the control systems. American Gas Association (AGA), IEC TC57 WG15, IEEE, NIST and National SCADA Test Bed Program have been actively designing cryptographic standard to protect SCADA systems. American Gas Association (AGA) had originally been designing cryptographic standard to protect SCADA communication links and finished the report AGA 12 part 1. The AGA 12 part 2 has been transferred to IEEE P1711. This paper presents an attack on the protocols in the first draft of AGA standard (Wright et al., 2004). This attack shows that the security mechanisms in the first version of the AGA standard protocol could be easily defeated. We then propose a suite of security protocols optimised for SCADA/DCS systems which include: point-to-point secure channels, authenticated broadcast channels, authenticated emergency channels, and revised authenticated emergency channels. These protocols are designed to address the specific challenges that SCADA systems have.

Wen Yang,Qianchuan Zhao

DOI: https://doi.org/10.1109/cgncc.2014.7007593

2014-01-01

Abstract:The increasing interconnectivity of industrial control system (ICS) networks has exposed them to a wide range of security problems. In recent years, efforts from industries and research communities have been made in addressing the security issues of ICSs. However, the ICSs security for critical infrastructures is still a challenging issue today. Controller, supervisory software and control network are critical components of ICS, and those components, many designed without security in mind, are vulnerable to cyber-attacks and any of them attacked easily lead to system collapse. Much research work about this subject has been done and a lot of vulnerabilities and countermeasures were presented. In this paper, we surveys ongoing research and provide an overview of the cyber security of controller, supervisory software and control network.

Joao M. Ceron,Justyna J. Chromik,Jair Santanna,Aiko Pras

DOI: https://doi.org/10.48550/arXiv.2011.02019

2020-11-04

Abstract:On a regular basis, we read in the news about cyber-attacks on critical infrastructures, such as power plants. Such infrastructures rely on the so-called Industrial Control Systems (ICS) / Supervisory Control And Data Acquisition (SCADA) networks. By hacking the devices in such systems and networks, attackers may take over the control of critical infrastructures, with potentially devastating consequences. This report focusses on critical infrastructures in the Netherlands and investigates three main questions: 1) How many ICS/SCADA devices located in the Netherlands can be easily found by potential attackers?, 2) How many of these devices are vulnerable to cyber-attacks?, and 3) What measures should be taken to prevent these devices from being hacked?

Networking and Internet Architecture,Cryptography and Security

Chuan Sheng,Yu Yao,Qiang Fu,Wei Yang

DOI: https://doi.org/10.1016/j.comnet.2020.107677

IF: 5.493

2021-02-01

Computer Networks

Abstract:<p>Supervisory Control and Data Acquisition (SCADA) systems are becoming increasingly susceptible to the sophisticated and targeted cyber attacks which are typically carried out by exploiting the vulnerabilities of industrial control devices or protocols. However, most of the existing network intrusion detection methods only focus on detecting and characterizing cyber attacks against the SCADA system, but cannot fully describe their real impact on the system. In this paper, we propose a cyber-physical model for the SCADA system to detect intrusions from the SCADA network and evaluate their risk levels against the industrial process. The model aims at characterizing the network structure and industrial process of the SCADA system through extracting and correlating the communication patterns and states of ICS devices. And any violation of the model is considered abnormal behavior, which can be caused by false operation or network attacks. Through associating network intrusions with the status of the SCADA system, a risk assessment method is proposed to estimate the potential damage degree of the attack on the system, which provides network administrators with richer information about network attacks. Moreover, the comprehensive performance evaluation conducted on public SCADA network data sets shows that the proposed method outperforms the existing methods in detecting and analyzing various cyber attacks against the SCADA system.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Vijay Varadharajan,Uday Tupakula,Kallol Krishna Karmakar

DOI: https://doi.org/10.1145/3630103

2023-10-30

ACM Transactions on Cyber-Physical Systems

Abstract:Increasingly Industrial Control Systems (ICS) systems are being connected to the Internet to minimise the operational costs and provide additional flexibility. These control systems such as the ones used in power grids, manufacturing and utilities operate continually and have long lifespans measured in decades rather than years as in the case of IT systems. Such industrial control systems require uninterrupted and safe operation. However, they can be vulnerable to a variety of attacks, as successful attacks on critical control infrastructures could have devastating consequences to the safety of human lives as well as a nation’s security and prosperity. Furthermore, there can be a range of attacks that can target ICS and it is not easy to secure these systems against all known attacks let alone unknown ones. In this paper, we propose a software enabled security architecture using Software Defined Networking (SDN) and Network Function Virtualisation (NFV) that can enhance the capability to secure industrial control systems. We have designed such an SDN/NFV enabled security architecture and developed a Control System Security Application (CSSA) in SDN Controller for enhancing security in ICS by achieving real time situational awareness and dynamic policy-driven decision making across the network infrastructure. In particular, CSSA can be used for establishing secure path for end-to-end communication between devices and also deal against certain specific attacks namely denial of service attacks, from unpatched vulnerable control system components and securing the communication flows from the legacy devices that do not support any security functionality. We also discuss how CSSA provides reliable paths for safety critical messages in control systems. We discuss the prototype implementation of the proposed architecture and the results obtained from our analysis.

Georgios Michail Makrakis,Constantinos Kolias,Georgios Kambourakis,Craig Rieger,Jacob Benjamin

DOI: https://doi.org/10.48550/arXiv.2109.03945

2021-09-08

Cryptography and Security

Abstract:Critical infrastructures (CI) and industrial organizations aggressively move towards integrating elements of modern Information Technology (IT) into their monolithic Operational Technology (OT) architectures. Yet, as OT systems progressively become more and more interconnected, they silently have turned into alluring targets for diverse groups of adversaries. Meanwhile, the inherent complexity of these systems, along with their advanced-in-age nature, prevents defenders from fully applying contemporary security controls in a timely manner. Forsooth, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This work contributes a full-fledged and up-to-date survey of the most prominent threats against Industrial Control Systems (ICS) along with the communication protocols and devices adopted in these environments. Our study highlights that threats against CI follow an upward spiral due to the mushrooming of commodity tools and techniques that can facilitate either the early or late stages of attacks. Furthermore, our survey exposes that existing vulnerabilities in the design and implementation of several of the OT-specific network protocols may easily grant adversaries the ability to decisively impact physical processes. We provide a categorization of such threats and the corresponding vulnerabilities based on various criteria. As far as we are aware, this is the first time an exhaustive and detailed survey of this kind is attempted.

Yen-Neng Chiang,Yi-Wei Ma,Jiann-Liang Chen,Yi-Hao Tu,Chia-Wei Tsou

DOI: https://doi.org/10.70003/160792642024072504005

2024-07-31

Abstract:The utilization of network technology in Industrial Control Systems (ICS) is becoming increasingly prevalent due to advancements in the Fifth Generation Networks (5G), the Internet of Things (IoT), cloud computing, and big data. These technologies have significantly enhanced intelligent mobile device data transmission speed and interaction levels. The connection of ICS devices to a network gives rise to supplementary security considerations. Hence, this paper must analyze and synthesize pertinent scholarly works on cyber security and safety within the ICS sector. This paper further categorizes the security risks that ICS may encounter into six distinct areas: attack, detect, risk estimation, incident response, protect, and incident prevention. Extensive literature evaluations and rigorous research were conducted to examine the subject matter thoroughly. Based on the findings, comprehensive suggestions and strategic approaches were produced for each specific area. This paper proposed the ICS-based Purdue Enterprise Reference Architecture (PERA) to evaluate the threat and solution for enhancing ICS security and safety.

Engineering,Computer Science

K. L. Burke,George W. Dinolt

2006-09-01

Abstract:Abstract : Presidential Decision Directive (PDD) 63 calls for improving the security of Supervisory Control And Data Acquisition (SCADA) and other control systems which operate the critical infrastructure of the United States. In the past, these industrial computer systems relied on security through obscurity. Recent economic and technical shifts within the controls industry have increased their vulnerability to cyber attack. Concurrently, their value as a target has been recognized by terrorist organizations and competing nation states. Network reconnaissance is a basic tool that allows computer security managers to understand their complex systems. However, existing reconnaissance tools incorporate little or no understanding of control systems. This thesis provided a conceptual analysis for the creation of a SCADA network exploration/reconnaissance tool. Several reconnaissance techniques were research and reviewed in a laboratory environment to determine their utility for SCADA system discovery. Additionally, an application framework using common non-SCADA security tools was created to provide a proof of concept. Development of a viable tool for identifying SCADA systems remotely will help improve critical infrastructure security by improving situational awareness for network managers.

Computer Science,Engineering

LI Jiang-hai,HUANG Xiao-jin

2012-01-01

Abstract:The digitalization and networking of control systems in nuclear power plants has brought significant improvements in system control,operation and maintenance.However,the highly digitalized control system also introduces additional security vulnerabilities.Moreover,the replacement of conventional proprietary systems with common protocols,software and devices makes these vulnerabilities easy to be exploited.Through the interaction between control systems and the physical world,security issues in control systems impose high risks on health,safety and environment.These security issues may even cause damages of critical infrastructures and threaten national security.The importance of control system security by reviewing several control system security incidents that happened in nuclear power plants was showed in recent years.Several key difficulties in addressing these security issues were described.Finally,existing researches on control system security and propose several promising research directions were reviewed.

Kuan‐Chu Lu,I‐Hsien Liu,Zong‐Chao Liu,Jung‐Shian Li

DOI: https://doi.org/10.1049/ntw2.12127

2024-06-08

IET Networks

Abstract:SCADA systems are increasingly used to manage the operations of dams and reservoirs. Thus, to ensure the safety and efficiency of the water distribution system, it is essential to develop effective mechanisms for detecting and thwarting attacks to dam SCADA systems. Supervisory control and data acquisition (SCADA) systems are vital in monitoring and controlling industrial processes through the web. However, while such systems result in lower costs, greater utilisation efficiency, and improved reliability, they are vulnerable to cyberattacks, with consequences ranging from the inconvenience and minor disruption to severe physical damage and even loss of life. The authors evaluate the security of the Dam system in the form of Common Criteria, develop safety goals to improve this safety, and focus on threats and risks to the dam SCADA system. Finally proposes an anomaly‐based machine‐learning framework for detecting malicious network attacks in the SCADA system of a dam. Three unsupervised classification algorithms are considered: hierarchical clustering, local outlier factor, and isolation forest. It is shown that the hierarchical clustering algorithm achieves the highest precision and F‐score of the three algorithms. Overall, the results confirm the effectiveness of anomaly‐based detection algorithms in enhancing the robustness of SCADA systems toward malicious attacks. At the same time, it complies with the security objectives of Common Criteria, achieving the safety and protection of the dam.

Simon Duque Anton,Daniel Fraunholz,Christoph Lipps,Frederic Pohl,Marc Zimmermann,Hans D. Schotten

DOI: https://doi.org/10.48550/arXiv.1905.08902

2019-05-21

Cryptography and Security

Abstract:Since the early 1960, industrial process control has been applied by electric systems. In the mid 1970's, the term SCADA emerged, describing the automated control and data acquisition. Since most industrial and automation networks were physically isolated, security was not an issue. This changed, when in the early 2000's industrial networks were opened to the public internet. The reasons were manifold. Increased interconnectivity led to more productivity, simplicity and ease of use. It decreased the configuration overhead and downtimes for system adjustments. However, it also led to an abundance of new attack vectors. In recent time, there has been a remarkable amount of attacks on industrial companies and infrastructures. In this paper, known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources. The different types of attacks and their points of entry are reviewed in this paper. Trends in exploitation as well as targeted attack campaigns against industrial enterprises are introduced.

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture