The Methodology for Hardening SCADA Security Using Countermeasure Ordering

  • Sung-Hwan Kim
  • Min-Woo Park
  • Jung-Ho Eom
  • Tai-Myoung Chung
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 240)


In this paper, we considered that SCADA system has few authorized users and access control is one of the most important values for cyber security. We propose the method which reducing the success probability of attacker’s penetration using ordered countermeasures. We assume that any system has two or more safety countermeasures for authentication. It follows that setting multiple countermeasures in chain and making a causal relationship before and after action. And then, we making an access procedure matrix for it and sharing them among authorized users. As doing so, we can prevent attacker’s penetration and reduce risk level by hacking.


Security hardening Penetration success probability Ordered countermeasure 



This work was supported by the IT R&D program of MKE/KEIT. [10041244, Smart TV 2.0 Software Platform].


  1. 1.
    Beaver C, Gallup D, Neumann W et al (2002) Key management for SCADA. Cryptog information systems security dept, Sandia Nat. Labs, Technical Report SAND 2001–3252Google Scholar
  2. 2.
    Dawson R, Boyd C, Dawson E et al (2006) SKMA: a key management architecture for SCADA systems. In: Proceedings of the 2006 Australasian workshops on grid computing and e-research ACSW Frontiers ’06, vol 54, pp 183–192Google Scholar
  3. 3.
    Pietre-Cambacedes L, Sitbon P (2008) Cryptographic key management for SCADA systems-issues and perspectives. International conference on information security and assurance ISA 2008. pp 156–161Google Scholar
  4. 4.
    Ni M, McCalley JD, Vittal V et al (2003) Online risk-based security assessment. IEEE Trans Power Syst 18:258–265Google Scholar
  5. 5.
    Adar E, Wuchner A (2005) Risk management for critical infrastructure protection (CIP) challenges, best practices and tools. First IEEE international workshop on critical infrastructure protectionGoogle Scholar
  6. 6.
    Taylor C, Krings A, Alves-Foss J (2002) Risk analysis and probabilistic survivability assessment (RAPSA) an assessment approach for power substation hardeningGoogle Scholar
  7. 7.
    Haimes YY, Chittester CG (2005) A Roadmap for quantifying the efficacy of risk management of information security and interdependent SCADA systems. J Homel Secur Emerg Manage 2:1–21Google Scholar
  8. 8.
    Chiasson S, Forget A, Stobert E et al (2009) Multiple password interference in text passwords and click-based graphical passwords. In: Proceedings of the 16th ACM conference on computer and communications security CCS ’09. pp 500–511Google Scholar
  9. 9.
    Topkara U, Atallah MJ, Topkara M (2006) Passwords decay, words endure: secure and re-usable multiple password mnemonics. In: Proceedings of the 2007 ACM symposium on applied computing SAC ’07. pp 292–299Google Scholar
  10. 10.
    Cai N, Wang J, Yu X (2008) SCADA System security: complexity, history and new developments, industrial informatics. INDIN 2008. 6th IEEE international conference on 2008. pp 569–574Google Scholar
  11. 11.
    Igure VM, Laughter SA, Williams RD (2006) Security issues in SCADA networks. Computer and security 2006. pp 498–506Google Scholar
  12. 12.
    Qiu B, Gooi HB (2000) Web-based SCADA display systems (WSDS) for access via internet. IEEE transactions on power systems, vol 15. pp 681–686Google Scholar
  13. 13.
    Chunlei W, Lan F, Yiqi D (2010) A simulation environment for SCADA security analysis and assessment. International conference on measuring technology and mechatronics automation (ICMTMA) 2010, vol 1. pp 342–347Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht(Outside the USA) 2013

Authors and Affiliations

  • Sung-Hwan Kim
    • 1
  • Min-Woo Park
    • 1
  • Jung-Ho Eom
    • 2
  • Tai-Myoung Chung
    • 1
  1. 1.Department of Computer EngineeringSchool of Information and Communication Engineering, Sungkyunkwan UniversitySuwon-siRepublic of Korea
  2. 2.Military StudiesDaejeon UniversityDaejeonRepublic of Korea

Personalised recommendations