O. Alhazmi, Y. Malaiya and I. Ray, Security vulnerabilities in software systems: A quantitative perspective, in Data and Applications Security XIX, S. Jajodia and D. Wijesekera (Eds.), Springer, Berlin-Heidelberg, pp. 281–294, 2005.
American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE), BACnet, ASHRAE SSPC 135, Atlanta, Georgia (www.bacnet.org).
M. Bishop, Computer Security: Art and Science, Addison-Wesley, Reading, Massachusetts, 2002.
A. Carcano, I. Nai Fovino, M. Masera and A. Trombetta, SCADA malware: A proof of concept, presented at the Third International Workshop on Critical Information Infrastructure Security, 2008.
R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa and S. Shenoi, Security strategies for SCADA networks, in Critical Infrastructure Protection, E. Goetz and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 117–131, 2007.
A. Creery and E. Byres, Industrial cybersecurity for power system and SCADA networks – Be secure, IEEE Industry Applications, vol. 13(4), pp. 49–55, 2007.
G. Dondossola, J. Szanto, M. Masera and I. Nai Fovino, Effects of intentional threats to power substation control systems, International Journal of Critical Infrastructures, vol. 4(1/2), pp. 129–143, 2008.
J. Heo, C. Hong, S. Ju, Y. Lim, B. Lee and D. Hyun, A security mechanism for automation control in PLC-based networks, Proceedings of the IEEE International Symposium on Power Line Communications and its Applications, pp. 466–470, 2007.
D. Holmberg, BACnet Wide Area Network Security Threat Assessment, NISTIR 7009, National Institute of Standards and Technology, Gaithersburg, Maryland, 2003.
P. Huitsing, R. Chandia, M. Papa and S. Shenoi, Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp. 37–44, 2008.
A. Jones and D. Ashenden, Risk Management for Computer Security: Protecting Your Network and Information Assets, Elsevier, Oxford, United Kingdom, 2005.
R. Leszczyna, I. Nai Fovino and M. Masera, Simulating malware with MAlSim, Computer Virology, EICAR 2008 Extended Version, 2008.
M. Majdalawieh, F. Parisi-Presicce and D. Wijesekera, DNPSec: Distributed Network Protocol Version 3 security framework, presented at the Twenty-First Annual Computer Security Applications Conference (Technology Blitz Session), 2005.
T. Mander, F. Nabhani, L. Wang and R. Cheung, Data object based security for DNP3 over TCP/IP for increased utility of commercial aspects of security, Proceedings of the IEEE Power Engineering Society General Meeting, pp. 1–8, 2007.
M. Masera, I. Nai Fovino and R. Leszczyna, Security assessment of a turbo-gas power plant, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 31–40, 2008.
Modbus IDA, MODBUS Application Protocol Specification v1.1a, North Grafton, Massachusetts (www.modbus.org/specs.php), 2004.
R. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol. 21(2), pp. 120–126, 1978.
M. Wiener, H. Handschuh, P. Pallier, R. Rivest, E. Biham and L. Knudsen, Performance comparison of public-key cryptosystems, smartcard crypto-coprocessors for public-key cryptography, chaffing and winnowing: Confidentiality without encryption, DES, Triple-DES and AES, CryptoBytes, vol. 4(1), 1998.
A. Wright, J. Kinast and J. McCarty, Low-latency cryptographic protection for SCADA communications, Proceedings of the Second International Conference on Applied Security and Network Security, pp. 263–277, 2004.