Skip to main content
SpringerLink
Log in

SCADA System Cyber Security

  • Chapter
  • First Online:
Secure Smart Embedded Devices, Platforms and Applications

Abstract

Modern industrial systems (e.g. power plants, water plants, chemical installation, etc.) make large use of information and communication technologies (ICT). In the past years, those systems started to use public networks (i.e. the Internet) for system-to-system interconnection, to provide new features and services. The migration from the traditional isolated system approach to an open system approach exposed these infrastructures to cyber-threats. The scope of this chapter is provide the reader with an overview of the cyber threats and vulnerabilities affecting the system control and data acquisition systems (SCADA), i.e. those systems in charge for monitoring and controlling the industrial processes, providing indications on possible mitigation techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The content of this chapter summarises the results of the research activity conducted by the author within the context of the EU funded Escort Project (http://www.escortsproject.eu/)

References

  1. Karnouskos S., Stuxnet worm impact on industrial cyber-physical system security. IECON 2011—37th Annual Conference on IEEE Industrial Electronics Society, January 2012.

    Google Scholar 

  2. Igure V. M., Laughter S. A. and Williams R. D. “Security issues in SCADA networks”. Computers & Security. 2006 V. 25, N.7, Pages 498–506 Month 10.

    Google Scholar 

  3. Chandia, R.; Gonzalez, J.; Kilpatrick, T.; Papa, M.; and Shenoi, S.; Security Strategies for Scada Networks. In Critical Infrastructure Protection, Eric Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, vol. 253, pp. 117–131, 2007.

    Google Scholar 

  4. Carcano, A.; Coletta, A.; Guglielmi, M.; Masera, M.; Nai Fovino, I.; Trombetta, A.; A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. Industrial Informatics, IEEE Transactions on V. 7, I. 2, 2011, Page(s): 179–186.

    Google Scholar 

  5. Majdalawieh, M.; Parisi-Presicce, F. and Wijesekera, D.; DNPSec, Distributed Network Protocol Version 3 security framework. In Proceedings of the Twenty-First Annual Computer Security Applications Conference (Technology Blitz Session), Tucson, Arizona, USA, 2005.

    Google Scholar 

  6. Mander, T.; Nabhani, F.; Wang, L.; Cheung, R.; Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security. In Proceedings of the Power Engineering Society General Meeting, Tampa, FL, USA, June 24–28, pp. 18. IEEE, Los Alamitos (2007).

    Google Scholar 

  7. Hong, J. H. C. S.; Ho Ju, S.; Lim, Y. H.; Lee, B. S. and Hyun, D. H.; A Security Mechanism for Automation Control in PLC-based Networks. In Proceedings of the ISPLC ’07. IEEE International Symposium on Power Line Communications and Its Applications 26–28 March 2007, pp 466–470, Pisa, Italy.

    Google Scholar 

  8. OPC: http://www.opcfoundation.org/ Last Access: 11/05/2012

  9. Leszczyna, R.; Nai Fovino, I.; Masera, M.; Security Evaluation of IT Systems Underlying Critical Networked Infrastructures. In Proceeding of the 1st International Conference on Information Technology, Gdansk, Poland, 18–21 May 2008.

    Google Scholar 

  10. Cagalaban, G.; KIM, T; KIM, S; Improving SCADA Control Systems Security with Software Vulnerability Analysis. In Proceedings of the 12th WSEAS International Conference on Automatic Control, Modeling & Simulation. pp 409–414, 2010.

    Google Scholar 

  11. Edmonds, J.; Papa, M.; Shenoi, S.; Security Analysis of Multilayer SCADA Protocols. In Proceedings of the IFIP Critical Infrastructure Protection 2008. pp 205–221, 2008.

    Google Scholar 

  12. Carcano, A.; Nai Fovino, I; Masera, N. and Trombetta, A.; Scada Malware, a proof of Concept. In proceeding of the 3rd International Workshop on Critical Information Infrastructures Security, Rome, October 13–15, 2008.

    Google Scholar 

  13. Creery, A.; Byres, E.J.; Industrial Cybersecurity for power system and SCADA networks IEEE Industry Application Magazine, July-August 2007.

    Google Scholar 

  14. http://www.tofinosecurity.com. Last Access 02/12/2009

  15. Dondossola, G.; Masera, M.; Nai Fovino, I.; Szanto, J.; Effects of intentional threats to power substation control systems. International Journal of Critical Infrastructure, (IJCIS), Vol. 4, No. 1/2, 2008.

    Google Scholar 

  16. East, S.; Butts, J.; Papa, M.; Shenoi, S.; A taxonomy of Attacks on the DNP3 Protocol. In proceedings of the third IFIP international conference on Critical Infrastructure Protection, Hannover, NH, 2009.

    Google Scholar 

  17. Nai Fovino, I.; Carcano, A. and Masera, M.; Secure Modbus Protocol, implementation, tests and analysis. In Proceeding of the Third Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Dartmouth College, Hanover, New Hampshire, USA, March 22–25, 2009.

    Google Scholar 

  18. http://www.modbus.org/

  19. http://www.dnp.org/default.aspx; DNP consortium. Last access: 05/01/2012

  20. IEC/TC 57 IEC 60870–5-104; http://www.iec.ch; International Electrotechnical Commission. Last access: 05/01/2012

  21. http://www.profibus.com/nc/downloads/downloads/profibus-technology-and-application-system-description/display/; Profinet Foundation. Last Access: 05/01/2012

  22. Nai Fovino, I.; Carcano, A.; Masera, M. and Trombetta, A.; A State Based Intrusion Detection System for Modbus Protocol. In Critical Information Infrastructures Security. Lecture Notes in Computer Science 2010. Springer Berlin / Heidelberg. Isbn: 978-3-642-14378-6 pp. 138-150. Vol. 6027.

    Google Scholar 

  23. Nai Fovino, I. and Masera, M.; A service oriented approach to the assessment of Infrastructure Security. In Proceeding of the First Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Dartmouth College, Hanover, New Hampshire, USA, March 19–21, 2007.

    Google Scholar 

  24. The IAONA Handbook for Network Security Draft/RFC v0.4, Industrial Automation Open.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for the Protection and Security of the Citizen, Joint Research Centre, European Commission, via E.Fermi 1, 21027, Ispra, Italy

    Igor Nai Fovino

Authors
  1. Igor Nai Fovino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Igor Nai Fovino .

Editor information

Editors and Affiliations

  1. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Konstantinos Markantonakis

  2. Information Security Group Smart Card Centre, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Keith Mayes

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Fovino, I.N. (2014). SCADA System Cyber Security. In: Markantonakis, K., Mayes, K. (eds) Secure Smart Embedded Devices, Platforms and Applications. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-7915-4_20

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-7915-4_20

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-7914-7

  • Online ISBN: 978-1-4614-7915-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation