Abstract
This chapter reviews the cybersecurity risks of critical infrastructures such as supervisory control and data acquisition (SCADA ) systems in the IoT environment; and provides security management strategies to beef up the security of SCADA networks. An overview of IoT reference model and related security concerns are reviewed. Vulnerabilities of SCADA systems as well as risk assessment approaches and risk management strategies to help mitigate vulnerabilities and threats are also examined. The chapter concludes that to effectively manage cybersecurity of SCADA systems in an IoT environment, a control framework that defines a comprehensive set of security objectives with policies, standards, and guidelines should be established and enforced. Additionally, it is suggested that existing protocols should be analyzed to understand their vulnerabilities for effective risk control and SCADA networks should be designed to prevent direct access from the Internet.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IEEE (2014) Special report: the internet of things. Accessed 2 Oct 2018
de Leusse P, Periorellis P, Dimitrakos T, Nali, SK (2009) Self- managed security cell, a security model for the internet of things and services. In: Paper presented at first international conference on advances in future internet
Maple C (2017) Security and privacy in the internet of things. J Cyber Policy 2(2):155–184
Whitmore A, Agarwal A, Xu LD (2015) The internet of things. a survey of topics and trends. Inf. Syst. Front 17(2):261–274
Li S, Xu LD, Zhao S (2015) The internet of things. a survey. In Syst Front 17(2):243–259
Atzori L, Lera A, Morabito G (2010) The internet of things. a survey. Comput Netw 54(15):2787–2805. https://doi.org/10.1016/j.connect.2010.05.010
Libelium (2015) 50 sensor applications for a smarter world. libelium.com/resources/top_50_iot_sensor_applications_ranking/, Accessed 30 Sept 2018
Zanilla A, Bui N, Castellani A, Vangelista L, Zorzi M (2014) Internet of things for smart cities. IEEE Internet Things J 1(1):22–32. https://doi.org/10.1106/jiot.2014.2306328
Miorandi D, Sicari S, De Pellegrini F, Clamatac I, (2012) Internet of things: vision, applications and research challenges. Ad Hoc Netw 10(7):1497–1516. https://doi.org/10.1016/j.adhoc.2012.02.016
Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor 17(4):2347–2376
Li L, Xiaoguang H, Ke C, Ketai H (2011) The application of WiFi-based wireless sensor network in Internet of things and smart grid. In: Paper presented at the proceedings of the 6th IEEE conference on industrial electronics and applications, Beijin, China, 21–23 June 789–793
Phull S (2012) Intelligent transport systems in the UK. World Scientific. https://ec.europa.eu/transport/sites/transport/files/themes/its/road/action_plan/doc/2012-united-kingdon-its-5-year-plan-2012_en.pdf, Accessed 3 Oct 2018
Uckelmann D, Harrison M, Michahelles F (2011) An architectural approach towards the future Internet of thing. In: Architecting the internet of things, Springer, Berlin, Heidelberg, pp 1–24
Macaulay J, Buckalew L, Chung G (2015) Internet of things in logistics. DHL Trend Res 1(1):1–27. In: Uckelmann D, Harrison M, Michalelles F (eds) Internet of things. Springer, Berlin, pp 1–24
British Land (2017) Smart offices I British Land—the office agenda. https://officeagenda.britishland.com/smart-offices. Accessed 28 Aug 2018
Bui N, Zorzi M (2011) Health care applications: a solution based on the internet of things. In: Proceedings of the 4th international symposium on applied sciences in biomedical and communication technologies. ACM, Barcelona, Spain, 26–29 October, pp 1–5
Islam SMR, Kwak D, Kabir H, Hossain M, Kwak K (2015) The internet of things for health care: a comprehensive survey. IEEE Access 3:678–708. https://doi.org/10.1109/access.2015.2437951
Borgohain T, Kumar U, Sanyal S (2015) Survey of security and privacy issues of Internet of things. https://arxiv.org/abs/1501.02211, Accessed 6 Oct 2018
Ning H, Liu H (2012) Cyber-physical-social based security architecture for future Internet of things. Adv Internet Things 2:1–7
ITU (2012) Internet of thing global initiative. Recommendations ITU-T Y. 2060
Chen L (2017) Security management for the internet of things. A thesis submitted to the faculty of graduate studies through the department of electrical and computer engineering in partial fulfillment of the requirements for the degree master of applied science at the university of windsor. Windsor, Ontario Canada
Burnmester M, De Medeiros B (2007) Security: attacks, countermeasures and challenges. In: The 5th RFID academic convocation, the RFID journal conference
Padmavathi G, Shanmugapriya D (2009) A survey of attacks, security mechanisms and challenges in wireless sensor networks. aXiv preprint https://arxiv.org/abs/0909.0576
Vohra S, Srivastava R (2015) A survey on techniques for securing. In: 5th international conference on communication systems and network technologies, pp 643–646
ITU (2005) The internet of things, Geneva, Switzerland. https://www.itu.int/net/wsis/tunis/newsroom/stats/The-Internet-of-Things-2005.pdf, Accessed 29 Sep 2018
Karagiannis V, Chatzimisios P, Vazquez-Vallego F, Alonso-Zarete J (2015) A survey of application layer protocols for internet of things. Trans IoT Cloud Comput 1–8
Vermesan O, Friess P (2016) Internet of things from research and innovation to market deployment. River Publishers, Aalborg, Denmark
National Communications System (2004) Supervisory control and data acquisition systems. Technical Innovation Bulletin, 04–1
Igure VM, Laughter SA, Williams RD (2006) Security issues in networks. Comput Secur 25:498–506
Kim H (2012) Security and vulnerability of systems over IP-based wireless sensor networks. Int J Distrib Sens Netw 2012:1–10
Carlson R (2002) Sandia program: high security SCADA LDRD final report. Sandia National Laboratories Report, SAND, 2002-072 Apr
Sauter T, Schwaiger C, (2002) Achievement of secure internet access to fieldbus systems. Microprocess Microsyst 26(7):331–339
Ryu DH, Kim H, Um K (2009) Reducing security for critical infrastructures. J Loss Prev Process Ind 22(6):1020–1024
Akyildiz IF, Weilan S, Sankarasubramaniam Y, Gayirci E (2002) A survey on sensor networks. IEEE Commun Mag 40(8):102–114
Montenegro G, Kushalnagar N, Hui J, Culler D (2007) Transmission of packets over IEEE 802.15.4 networks. RFC, 4994 (Proposed Standard)
Heer T, Garcia-Morchon O, Hummen R, Eoh SLK, Kumar SS, Wehrle K (2011) Challenges in the IP-based internet of things. Wirel Pers Commun 61(3):527–542
Hui JW, Culler DE, Chakrabarti S (2009) Incorporating IEEE 802.15.4 into IP architecture. Internet Protocol for Smart Objects (IPSO) Alliance, White Paper #3
Sharifinejad M, Shari M, Ghiasabadi M, Beheshti A (2007) A survey on wireless sensor networks security, In: SETIT
Wang BT, Schulzrime H (2004) An IP trace back mechanism for reflective DoS attacks. In: Canadian conference on electrical and computer engineering, vol 2, pp 901–904
Alkhatib AA, Baicher GS (2012) Wireless sensor network architecture. In: International conference on computer networks and communication systems (CNCS 2012) IPCSIT, vol 35, pp 11–15
Ghildyal S, Mishra AK, Gupta A, Garg N (2014). Analysis of denial of service (DoS) attacks in wireless sensor networks. IJRET Int J Res Eng Technol. eISSN: 2319-1163, pISSN: 2321-7308
Lewis JA (2016) Managing risk for the internet of things. A report of the CSIS strategic technologies program. https://www.csis.org/analysis/managing-risk-internet-things, Accessed 1 Oct 2018
National Institute of Standards and Technology [NIST] (2012) Guide for conducting risk assessments SP-800-30—Revision 1. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf, Accessed 18 Sept 2018
Nurse JRC, Creese S, Roure D (2017) Security risk assessment in internet of things environment. https://ieeexplore.ieee.org/document/8057728, Accessed 31 Aug 2018
Minkel JR (2008) The 2003 northeast blackout: five years later. In: Scientific American. https://www.uvm.edu/~phines/media/sciam-blackout.pdf, Accessed Aug 13–7 Sept 2018
Franz M (2004) Protocol implementation testing challenges and opportunities. In: National infrastructure security coordination center (NISCC) workshop
ENISA (2016) Risk management resources and approaches. https://www.enisa.europa.eu/topics/threat-risk-management/risk-management, Accessed 28 June 2018
Shameli-Sendi A, Aghababaei-Barzegar R, Cheriet M (2016) Taxanomy of information security risk assessment (IRSA). Comput Secur 57:14–30
Riaz R, Naureen A, Akram A, Akbar H, Kim KH, Ahmed AF (2008) A unified security framework for three key management schemes for wireless sensor networks. Comput Commun 31(18):4269–4280
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Aikins, S.K. (2019). Managing Cybersecurity Risks of SCADA Networks of Critical Infrastructures in the IoT Environment. In: Mahmood, Z. (eds) Security, Privacy and Trust in the IoT Environment. Springer, Cham. https://doi.org/10.1007/978-3-030-18075-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-18075-1_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18074-4
Online ISBN: 978-3-030-18075-1
eBook Packages: Computer ScienceComputer Science (R0)