Advertisement

SCADA Security: Concepts and Recommendations

  • Dragos Ionica
  • Florin Pop
  • Nirvana Popescu
  • Decebal Popescu
  • Ciprian Dobre
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11161)

Abstract

SCADA systems are the computers that control essential, complicated, and often dangerous physical processes, many of which constitute the physical infrastructure critical to modern societies. These physical processes are powerful tools, and their misuse generally has unacceptable consequences. Preventing such abuse is the goal of SCADA security. To understand misuse and how to avoid it, we need some understanding of what a SCADA system is, and how it works under different forms of attacks. These are the primary objectives of this paper.

Keywords

SCADA system Security update SCADA security Cyber attacks over SCADA systems Hacktivists Cyber insiders 

References

  1. 1.
    Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006)CrossRefGoogle Scholar
  2. 2.
    Pollet, J.: Developing a solid SCADA security strategy. In: 2nd ISA/IEEE Sensors for Industry Conference, pp. 148–156. IEEE (2002)Google Scholar
  3. 3.
    Chandia, R., Gonzalez, J., Kilpatrick, T., Papa, M., Shenoi, S.: Security strategies for SCADA networks. In: Goetz, E., Shenoi, S. (eds.) ICCIP 2007. IIFIP, vol. 253, pp. 117–131. Springer, Boston, MA (2008).  https://doi.org/10.1007/978-0-387-75462-8_9CrossRefGoogle Scholar
  4. 4.
    Nicholson, A., Webber, S., Dyer, S., Patel, T., Janicke, H.: SCADA security in the light of Cyber-Warfare. Comput. Secur. 31(4), 418–436 (2012)CrossRefGoogle Scholar
  5. 5.
    Adamo, F., Attivissimo, F., Cavone, G., Giaquinto, N.: SCADA/HMI systems in advanced educational courses. IEEE Trans. Instrum. Meas. 56(1), 4–10 (2007)CrossRefGoogle Scholar
  6. 6.
    Salihbegovic, A., Marinkovi, V., Cico, Z., Karavdi, E., Delic, N.: Web based multilayered distributed SCADA/HMI system in refinery application. Comput. Stand. Interfaces 31(3), 599–612 (2009)CrossRefGoogle Scholar
  7. 7.
    Endi, M., Elhalwagy, Y.Z.: Three-layer PLC/SCADA system architecture in process automation and data monitoring. In: 2010 The 2nd International Conference on Computer and Automation Engineering (ICCAE), vol. 2, pp. 774–779. IEEE (2010)Google Scholar
  8. 8.
    Radvanovsky, R., Brodsky, J.: Handbook of SCADA/Control Systems Security. CRC Press, Boca Raton (2016)CrossRefGoogle Scholar
  9. 9.
    Gallagher, S.: Two more healthcare networks caught up in outbreak of hospital ransomware. Ars Technica 29(03) (2016)Google Scholar
  10. 10.
    CBC News: University of Calgary paid \$20K in ransomware attack (2016). http://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979
  11. 11.
    Mandiant: Mandiant APT1 Exposing One of China’s Cyber Espionage Units (2013). https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
  12. 12.
    Alperovitch, D.: Revealed: Operation Shady RAT, vol. 3. McAfee (2011)Google Scholar
  13. 13.
    United States. White House Office, and Barack Obama. International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked Worldr. White House (2011)Google Scholar
  14. 14.
    Leyden, J.: Hack on Saudi Aramco Hit 30,000 Workstations, Oil Firm Admits-First Hacktivist-Style Assault to Use Malware? (The Register) (2012)Google Scholar
  15. 15.
    Zetter, K.: The NSA acknowledges what we all feared: Iran learns from US cyberattacks. Wired (2015)Google Scholar
  16. 16.
    Daryabar, F., Dehghantanha, A., Udzir, N.I., bin Shamsuddin, S.: Towards secure model for scada systems. In: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 60–64. IEEE (2012)Google Scholar
  17. 17.
    Rege-Patwardhan, A.: Cybercrimes against critical infrastructures: a study of online criminal organization and techniques. Crim. Justice Stud. 22(3), 261–271 (2009)CrossRefGoogle Scholar
  18. 18.
    Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA systems with anomaly detection. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 171–182. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45215-7_14CrossRefGoogle Scholar
  19. 19.
    Fiaidhi, J., Gelogo, Y.E.: SCADA cyber attacks and security vulnerabilities. In: SERSC, Research Trend of Computer Science and Related Areas, ASTL, vol. 14, pp. 202–208 (2012)Google Scholar
  20. 20.
    Kerr, P.K., Rollins, J., Theohary, C.A.: The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability. Congressional Research Service, Washington, DC (2010)Google Scholar
  21. 21.
    Colombini, C.M., Colella, A., Mattiucci, M., Castiglione, A.: Cyber threats monitoring: experimental analysis of malware behavior in cyberspace. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES 2013. LNCS, vol. 8128, pp. 236–252. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40588-4_17CrossRefGoogle Scholar
  22. 22.
    Palmieri, F., Ficco, M., Castiglione, A.: Adaptive stealth energy-related dos attacks against cloud data centers. In: 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), pp. 265–272. IEEE (2014)Google Scholar
  23. 23.
    De Santis, A., Castiglione, A., Fiore, U., Palmieri, F.: An intelligent security architecture for distributed firewalling environments. J. Ambient Intell. Hum. Comput. 4(2), 223–234 (2013)CrossRefGoogle Scholar
  24. 24.
    Bertino, E., Casola, V., Castiglione, A., Susilo, W.: Security and privacy protection vs sustainable development, pp. 250–251 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Dragos Ionica
    • 1
  • Florin Pop
    • 1
  • Nirvana Popescu
    • 1
  • Decebal Popescu
    • 1
  • Ciprian Dobre
    • 1
  1. 1.Faculty of Automatic Control and Computers, Computer Science DepartmentUniversity Politehnica of BucharestBucharestRomania

Personalised recommendations