Abstract
SCADA systems are commonly used to track and manage utilities in vital national infrastructures including electricity generation and delivery, transportation networks, water supply and manufacturing, and manufacturing facilities. Cyber-attacks that threaten data privacy in SCADA networks, such as unauthorised misuse of sensor or control signals, may have a significant effect on the functioning of sensitive national infrastructure by causing device operators to make incorrect decisions, which could result in disastrous outcomes. Therefore, the cyber-security of SCADA systems has been an active topic of research for the past decades due to the potentially disastrous impact on the environment, public safety, and economy when these systems are breached or compromised. This paper examines the current security posture of SCADA systems from the perspective of data and cybersecurity and to propose recommendations for enhancing protection measures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alcaraz, C., Zeadally, S.: Critical infrastructure protection: requirements and challenges for the 21st century. Int. J. Crit. Infrastr. Protect. 8, 53–66 (2015). http://linkinghub.elsevier.com/retrieve/pii/S1874548214000791
Nazir, S., Patel, S., Patel, D.: Assessing and augmenting SCADA cyber security: a survey of techniques. Comput. Secur. 70, 436–454 (2017). http://linkinghub.elsevier.com/retrieve/pii/S0167404817301293
Ani, U.P.D., He, H.M., Tiwari, A.: Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. J. Cyber Secur. Technol. 1(1), 32–74 (2017). https://doi.org/10.1080/23742917.2016.1252211
Rosa, L., Freitas, M., Mazo, S., Monteiro, E., Cruz, T., Simoes, P.: A comprehensive security analysis of a SCADA protocol: from OSINT to mitigation. IEEE Access 7, 42156–42168 (2019). https://ieeexplore.ieee.org/document/8672892/
Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 664–669. IEEE (2013). http://ieeexplore.ieee.org/document/6622963/
Tawde, R., Nivangune, A., Sankhe, M.: Cyber security in smart grid SCADA automation systems. In: 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1–5. IEEE, March 2015. http://ieeexplore.ieee.org/document/7192918/
Ghosh, S., Sampalli, S.: A survey of security in SCADA networks: current issues and future challenges. IEEE Access 7, 135812–135831 (2019). https://ieeexplore.ieee.org/document/8753583/
Pliatsios, D., Sarigiannidis, P., Lagkas, T., Sarigiannidis, A.G.: A survey on SCADA systems: secure protocols, incidents, threats and tactics. IEEE Commun. Surv. Tutor. 22(3), 1942–1976 (2020). https://ieeexplore.ieee.org/document/9066892/
Volkova, A., Niedermeier, M., Basmadjian, R., de Meer, H.: Security challenges in control network protocols: a survey. IEEE Commun. Surv. Tutor. 21(1), 619–639 (2019). https://ieeexplore.ieee.org/document/8472799/
Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K., Meskin, N.: Cybersecurity for industrial control systems: a survey. Comput. Secur. 89, 101677 (2020). https://linkinghub.elsevier.com/retrieve/pii/S0167404819302172
Alladi, T., Chamola, V., Zeadally, S.: Industrial control systems: cyberattack trends and countermeasures. Comput. Commun. 155, 1–8 (2020). https://linkinghub.elsevier.com/retrieve/pii/S0140366419319991
Coffey, K., Smith, R., Maglaras, L., Janicke, H.: Vulnerability analysis of network scanning on SCADA systems. Secur. Commun. Netw. 2018, 1–21 (2018). https://www.hindawi.com/journals/scn/2018/3794603/
Qassim, Q.S., Jamil, N., Z’aba, M.R., Aba, N., Kamarulzaman, W.A.W.: Assessing the cyber-security of the IEC 60870-5-104 protocol in SCADA system. Int. J. Crit. Infrastr. 16(2), 91 (2020). http://www.inderscience.com/link.php?id=107242
Qassim, Q.S., Jamil, N., Mahdi, M.N., Abdul Rahim, A.A.: Towards SCADA threat intelligence based on intrusion detection systems - a short review. In: 2020 8th International Conference on Information Technology and Multimedia, ICIMU 2020 (2020)
Qassim, Q.S., Jamil, N., Daud, M., Ja’affar, N., Kamarulzaman, W.A.W., Mahdi, M.N.: Compromising the data integrity of an electrical power grid SCADA system. In: Anbar, M., Abdullah, N., Manickam, S. (eds.) ACeS 2020. CCIS, vol. 1347, pp. 604–626. Springer, Singapore (2021). https://doi.org/10.1007/978-981-33-6835-4_40
Maglaras, L.A., et al.: Cyber security of critical infrastructures. ICT Express 4(1), 42–45 (2018). http://linkinghub.elsevier.com/retrieve/pii/S2405959517303880
Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS 2011, p. 355. ACM Press, New York (2011). http://portal.acm.org/citation.cfm?doid=1966913.1966959
Cherdantseva, Y., et al.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016). http://linkinghub.elsevier.com/retrieve/pii/S0167404815001388
Igure, V.M., Laughter, S.A., Williams, R.D.: Security issues in SCADA networks. Comput. Secur. 25(7), 498–506 (2006). http://linkinghub.elsevier.com/retrieve/pii/S0167404806000514
Wu, G., Sun, J., Chen, J.: A survey on the security of cyber-physical systems. Control Theory Technol. 14(1), 2–10 (2016). http://link.springer.com/10.1007/s11768-016-5123-9
Drias, Z., Serhrouchni, A., Vogel, O.: Analysis of cyber security for industrial control systems. In: International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), pp. 1–8 (2015)
Amoah, R.: Formal security analysis of the DNP3-secure authentication protocol. Ph.D. thesis, Queensland University of Technology (2016). http://eprints.qut.edu.au/93798/
Darwish, I., Igbe, O., Celebi, O., Saadawi, T., Soryal, J.: Smart grid DNP3 vulnerability analysis and experimentation. 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 141–147, November 2015. http://ieeexplore.ieee.org/document/7371473/ ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=7371473
Tan, S.: Electric power automation control system based on SCADA protocols. In: Zhong, Z. (ed.) Proceedings of the International Conference on Information Engineering and Applications (IEA) 2012. LNEE, vol. 218, pp. 137–143. Springer, London (2013). https://doi.org/10.1007/978-1-4471-4847-0_17
Pidikiti, D.S., Kalluri, R., Kumar, R.K.S., Bindhumadhava, B.S.: SCADA communication protocols: vulnerabilities, attacks and possible mitigations. CSI Trans. ICT 1(2), 135–141 (2013). http://link.springer.com/10.1007/s40012-013-0013-5
Qassim, Q.S., Jamil, N., Daud, M., Hasan, H.C.: Towards implementing scalable and reconfigurable SCADA security testbed in power system environment. Int. J. Crit. Infrastr. 15(2), 91 (2019). http://www.inderscience.com/link.php?id=98834
Acknowledgement
This research is supported by Transdisciplinary Research Grant Scheme (TRGS) 2020, Ministry of Higher Education Malaysia, under the project ‘Cyber Threat Modeling and Advanced Persistent Threat Detection for a Resilient Dam Control System Using Context-based Approach and Ensemble Method of Machine Learning Models With Discrete Probability Distribution’.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Qassim, Q.S., Jamil, N., Mahdi, M.N., Cob, Z.C., Rahim, F.A., Sidek, L.M. (2021). A Short Review: Issues and Threats Pertaining the Security of SCADA Systems. In: Abdullah, N., Manickam, S., Anbar, M. (eds) Advances in Cyber Security. ACeS 2021. Communications in Computer and Information Science, vol 1487. Springer, Singapore. https://doi.org/10.1007/978-981-16-8059-5_14
Download citation
DOI: https://doi.org/10.1007/978-981-16-8059-5_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-8058-8
Online ISBN: 978-981-16-8059-5
eBook Packages: Computer ScienceComputer Science (R0)