Abstract
Security is essential in protecting confidential data, especially in Supervisory Control and Data Acquisition (SCADA) systems which monitor and control national critical infrastructures, such as energy, water and communications. Security controls are implemented to prevent attacks that could destroy or damage critical infrastructures. Previous critical infrastructure surveys point out the gaps in knowledge, including the lack of coordination between sectors, inadequate exchange of information, less awareness and engagement in government critical infrastructure protection (CIP) programs. Consequently, private sector and government organizations feel less prepared. This paper highlights existing vulnerabilities, provides a list of previous attacks, discusses existing cyber security methodologies and provides a framework aiming to improve security in SCADA systems to protect them against cyber-attacks.
Chapter PDF
Similar content being viewed by others
References
Beggs, C.: Cyber-terrorism: a threat to Australia? In: Managing Modern Organisation with Information Technology- Information Resources Management Association (IRMA), pp. 472–475. Idea Group Publishing, San Diego (2005)
Beggs, C., Warren, M.: Safeguarding Australia from Cyber-terrorism: A Proposed Cyber-terrorism SCADA Risk Framework for Industry Adoption Keywords. In: Proc. 10th Aust. Inf. Warf. Secur. Conf., pp. 369–384. Ed. Cowan Univ., Perth (2009)
Brömmelhörster, J., et al.: Critical Infrastructure Protection: Survey of World-Wide Activities (2004)
Centre for the Protection of National Infrastructure (CPNI): Cyber Security Assessments of Industrial Control Systems: Good Practice Guide (2010)
Combs, M.M.: Impact of the Stuxnet Virus on Industrial Control System. In: XIII International Forummodern Information Society Formation Problems, Perspectives, Innovation Approaches, pp. 5–10 (2011)
Dawson, R., et al.: SKMA – A Key Management Architecture for SCADA Systems. In: Proceedings of the 2006 Australasian Workshops on Grid Computing and e-Research, pp. 183–192. Australian Computer Society Inc. (2006)
Espiner, T.: McAfee: Why Duqu is a big deal, http://www.zdnet.com/mcafee-why-duqu-is-a-big-deal-3040094263/
Farris, J.J., Nicol, D.M.: Evaluation of Secure Peer-to-Peer Overlay Routing for Survivable SCADA Systems. In: 2004 Winter Simulation Conference, pp. 300–308 (2004)
Farwell, J.P., Rohozinski, R.: Stuxnet and the Future of Cyber War. Surviv. Glob. Polit. Strateg. 53(1), 23–40 (2011)
Fernandez, E.B., et al.: On building secure SCADA systems using security patterns. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies - CSIIRW 2009, p. 17. ACM Press, New York (2009)
Fernandez, J.D., Fernandez, A.E.: Scada systems: vulnerabilities and remediation. J. Comput. Sci. Coll. 20(4), 160–168 (2005)
Hahn, A., et al.: Development of the PowerCyber SCADA Security Testbed (Extended Abstract). In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4 (2010)
Kaspersky Lab: Gauss: Abnormal Distribution, http://www.securelist.com/en/downloads/vlpdfs/kaspersky-lab-gauss.pdf
Kilman, D., Stamp, J.: Framework for SCADA Security Policy (2005)
Melito, S.: Software and Cold War: The Siberian Pipeline Explosion, http://defsecnet.com/software-and-cold-war-the-siberian-pipeline-explosion/
Miller, B., Rowe, D.: A Survey of SCADA and Critical Infrastructure Incidents. In: Proceedings of the 1st Annual Conference on Research in Information Technology, RIIT 2012, p. 51. ACM Press, New York (2012)
Nelson, B., et al.: Cyberterror Prospects and Implications, Monterey, CA (1999)
Nicholson, A., et al.: SCADA security in the light of Cyber-Warfare. Comput. Secur. 31(4), 418–436 (2012)
Prigg, M.: The hunt for Red October, http://www.dailymail.co.uk/sciencetech/article-2263322/Operation-Red-October-revealed-The-astonishing-hacker-attack-infiltrated-55-000-high-level-government-computers.html#ixzz2KAIDcX4G
Rautmare, S.: SCADA System Security. In: Annual IEEE India Conference (INDICON), pp. 1–4 (2011)
Stamp, J., et al.: Sustainable Security for Infrastructure SCADA (2003)
Stouffer, K., et al.: Guide to Industrial Control Systems ( ICS ) Security, US (2011)
Symantec: Symantec Critical Infrastructure Protection Survey (2011)
Ten, C., et al.: Cybersecurity for Critical Infrastructures: Attack and Defense Modeling. IEEE Trans. Syst. Man, Cybern. A System Humans. 40(4), 853–865 (2010)
Tsang, R.: Cyberthreats, Vulnerabilities, and Attacks of SCADA Networks, http://gspp.dreamhosters.com/iths/Tsang_SCADAAttacks.pdf
White, J.: 12 Steps toward Cyber Resilience, https://www.isc2.org/infosecurity-professional-insights.aspx
Yaron, O.: Flame virus had massive impact on Iran, http://www.haaretz.com/news/diplomacy-defense/flame-virus-had-massive-impact-on-iran-says-israeli-security-firm-1.433222
Yunos, Z., et al.: Safeguarding Malaysia’s critical national information infrastructure (CNII) against cyber terrorism: Towards development of a policy framework. In: 2010 Sixth Int. Conf. Inf. Assur. Secur., pp. 21–27 (2010)
Zhu, B., et al.: A Taxonomy of Cyber Attacks on SCADA Systems. In: 2011 Int. Conf. Internet Things 4th Int. Conf. Cyber, Phys. Soc. Comput., pp. 380–388 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ismail, S., Sitnikova, E., Slay, J. (2014). Towards Developing SCADA Systems Security Measures for Critical Infrastructures against Cyber-Terrorist Attacks. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds) ICT Systems Security and Privacy Protection. SEC 2014. IFIP Advances in Information and Communication Technology, vol 428. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-55415-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-55415-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-55414-8
Online ISBN: 978-3-642-55415-5
eBook Packages: Computer ScienceComputer Science (R0)