Skip to main content
SpringerLink
Log in

Managing Cybersecurity Risks of SCADA Networks of Critical Infrastructures in the IoT Environment

  • Chapter
  • First Online:
Security, Privacy and Trust in the IoT Environment

Abstract

This chapter reviews the cybersecurity risks of critical infrastructures such as supervisory control and data acquisition (SCADA ) systems in the IoT environment; and provides security management strategies to beef up the security of SCADA networks. An overview of IoT reference model and related security concerns are reviewed. Vulnerabilities of SCADA systems as well as risk assessment approaches and risk management strategies to help mitigate vulnerabilities and threats are also examined. The chapter concludes that to effectively manage cybersecurity of SCADA systems in an IoT environment, a control framework that defines a comprehensive set of security objectives with policies, standards, and guidelines should be established and enforced. Additionally, it is suggested that existing protocols should be analyzed to understand their vulnerabilities for effective risk control and SCADA networks should be designed to prevent direct access from the Internet.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IEEE (2014) Special report: the internet of things. Accessed 2 Oct 2018

    Google Scholar 

  2. de Leusse P, Periorellis P, Dimitrakos T, Nali, SK (2009) Self- managed security cell, a security model for the internet of things and services. In: Paper presented at first international conference on advances in future internet

    Google Scholar 

  3. Maple C (2017) Security and privacy in the internet of things. J Cyber Policy 2(2):155–184

    Article  Google Scholar 

  4. Whitmore A, Agarwal A, Xu LD (2015) The internet of things. a survey of topics and trends. Inf. Syst. Front 17(2):261–274

    Article  Google Scholar 

  5. Li S, Xu LD, Zhao S (2015) The internet of things. a survey. In Syst Front 17(2):243–259

    Article  Google Scholar 

  6. Atzori L, Lera A, Morabito G (2010) The internet of things. a survey. Comput Netw 54(15):2787–2805. https://doi.org/10.1016/j.connect.2010.05.010

  7. Libelium (2015) 50 sensor applications for a smarter world. libelium.com/resources/top_50_iot_sensor_applications_ranking/, Accessed 30 Sept 2018

  8. Zanilla A, Bui N, Castellani A, Vangelista L, Zorzi M (2014) Internet of things for smart cities. IEEE Internet Things J 1(1):22–32. https://doi.org/10.1106/jiot.2014.2306328

  9. Miorandi D, Sicari S, De Pellegrini F, Clamatac I, (2012) Internet of things: vision, applications and research challenges. Ad Hoc Netw 10(7):1497–1516. https://doi.org/10.1016/j.adhoc.2012.02.016

    Article  Google Scholar 

  10. Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor 17(4):2347–2376

    Article  Google Scholar 

  11. Li L, Xiaoguang H, Ke C, Ketai H (2011) The application of WiFi-based wireless sensor network in Internet of things and smart grid. In: Paper presented at the proceedings of the 6th IEEE conference on industrial electronics and applications, Beijin, China, 21–23 June 789–793

    Google Scholar 

  12. Phull S (2012) Intelligent transport systems in the UK. World Scientific. https://ec.europa.eu/transport/sites/transport/files/themes/its/road/action_plan/doc/2012-united-kingdon-its-5-year-plan-2012_en.pdf, Accessed 3 Oct 2018

  13. Uckelmann D, Harrison M, Michahelles F (2011) An architectural approach towards the future Internet of thing. In: Architecting the internet of things, Springer, Berlin, Heidelberg, pp 1–24

    Chapter  Google Scholar 

  14. Macaulay J, Buckalew L, Chung G (2015) Internet of things in logistics. DHL Trend Res 1(1):1–27. In: Uckelmann D, Harrison M, Michalelles F (eds) Internet of things. Springer, Berlin, pp 1–24

    Google Scholar 

  15. British Land (2017) Smart offices I British Land—the office agenda. https://officeagenda.britishland.com/smart-offices. Accessed 28 Aug 2018

  16. Bui N, Zorzi M (2011) Health care applications: a solution based on the internet of things. In: Proceedings of the 4th international symposium on applied sciences in biomedical and communication technologies. ACM, Barcelona, Spain, 26–29 October, pp 1–5

    Google Scholar 

  17. Islam SMR, Kwak D, Kabir H, Hossain M, Kwak K (2015) The internet of things for health care: a comprehensive survey. IEEE Access 3:678–708. https://doi.org/10.1109/access.2015.2437951

    Article  Google Scholar 

  18. Borgohain T, Kumar U, Sanyal S (2015) Survey of security and privacy issues of Internet of things. https://arxiv.org/abs/1501.02211, Accessed 6 Oct 2018

  19. Ning H, Liu H (2012) Cyber-physical-social based security architecture for future Internet of things. Adv Internet Things 2:1–7

    Article  Google Scholar 

  20. ITU (2012) Internet of thing global initiative. Recommendations ITU-T Y. 2060

    Google Scholar 

  21. Chen L (2017) Security management for the internet of things. A thesis submitted to the faculty of graduate studies through the department of electrical and computer engineering in partial fulfillment of the requirements for the degree master of applied science at the university of windsor. Windsor, Ontario Canada

    Google Scholar 

  22. Burnmester M, De Medeiros B (2007) Security: attacks, countermeasures and challenges. In: The 5th RFID academic convocation, the RFID journal conference

    Google Scholar 

  23. Padmavathi G, Shanmugapriya D (2009) A survey of attacks, security mechanisms and challenges in wireless sensor networks. aXiv preprint https://arxiv.org/abs/0909.0576

  24. Vohra S, Srivastava R (2015) A survey on techniques for securing. In: 5th international conference on communication systems and network technologies, pp 643–646

    Google Scholar 

  25. ITU (2005) The internet of things, Geneva, Switzerland. https://www.itu.int/net/wsis/tunis/newsroom/stats/The-Internet-of-Things-2005.pdf, Accessed 29 Sep 2018

  26. Karagiannis V, Chatzimisios P, Vazquez-Vallego F, Alonso-Zarete J (2015) A survey of application layer protocols for internet of things. Trans IoT Cloud Comput 1–8

    Google Scholar 

  27. Vermesan O, Friess P (2016) Internet of things from research and innovation to market deployment. River Publishers, Aalborg, Denmark

    Google Scholar 

  28. National Communications System (2004) Supervisory control and data acquisition systems. Technical Innovation Bulletin, 04–1

    Google Scholar 

  29. Igure VM, Laughter SA, Williams RD (2006) Security issues in networks. Comput Secur 25:498–506

    Article  Google Scholar 

  30. Kim H (2012) Security and vulnerability of systems over IP-based wireless sensor networks. Int J Distrib Sens Netw 2012:1–10

    Google Scholar 

  31. Carlson R (2002) Sandia program: high security SCADA LDRD final report. Sandia National Laboratories Report, SAND, 2002-072 Apr

    Google Scholar 

  32. Sauter T, Schwaiger C, (2002) Achievement of secure internet access to fieldbus systems. Microprocess Microsyst 26(7):331–339

    Article  Google Scholar 

  33. Ryu DH, Kim H, Um K (2009) Reducing security for critical infrastructures. J Loss Prev Process Ind 22(6):1020–1024

    Article  Google Scholar 

  34. Akyildiz IF, Weilan S, Sankarasubramaniam Y, Gayirci E (2002) A survey on sensor networks. IEEE Commun Mag 40(8):102–114

    Article  Google Scholar 

  35. Montenegro G, Kushalnagar N, Hui J, Culler D (2007) Transmission of packets over IEEE 802.15.4 networks. RFC, 4994 (Proposed Standard)

    Google Scholar 

  36. Heer T, Garcia-Morchon O, Hummen R, Eoh SLK, Kumar SS, Wehrle K (2011) Challenges in the IP-based internet of things. Wirel Pers Commun 61(3):527–542

    Google Scholar 

  37. Hui JW, Culler DE, Chakrabarti S (2009) Incorporating IEEE 802.15.4 into IP architecture. Internet Protocol for Smart Objects (IPSO) Alliance, White Paper #3

    Google Scholar 

  38. Sharifinejad M, Shari M, Ghiasabadi M, Beheshti A (2007) A survey on wireless sensor networks security, In: SETIT

    Google Scholar 

  39. Wang BT, Schulzrime H (2004) An IP trace back mechanism for reflective DoS attacks. In: Canadian conference on electrical and computer engineering, vol 2, pp 901–904

    Google Scholar 

  40. Alkhatib AA, Baicher GS (2012) Wireless sensor network architecture. In: International conference on computer networks and communication systems (CNCS 2012) IPCSIT, vol 35, pp 11–15

    Google Scholar 

  41. Ghildyal S, Mishra AK, Gupta A, Garg N (2014). Analysis of denial of service (DoS) attacks in wireless sensor networks. IJRET Int J Res Eng Technol. eISSN: 2319-1163, pISSN: 2321-7308

    Google Scholar 

  42. Lewis JA (2016) Managing risk for the internet of things. A report of the CSIS strategic technologies program. https://www.csis.org/analysis/managing-risk-internet-things, Accessed 1 Oct 2018

  43. National Institute of Standards and Technology [NIST] (2012) Guide for conducting risk assessments SP-800-30—Revision 1. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf, Accessed 18 Sept 2018

  44. Nurse JRC, Creese S, Roure D (2017) Security risk assessment in internet of things environment. https://ieeexplore.ieee.org/document/8057728, Accessed 31 Aug 2018

  45. Minkel JR (2008) The 2003 northeast blackout: five years later. In: Scientific American. https://www.uvm.edu/~phines/media/sciam-blackout.pdf, Accessed Aug 13–7 Sept 2018

  46. Franz M (2004) Protocol implementation testing challenges and opportunities. In: National infrastructure security coordination center (NISCC) workshop

    Google Scholar 

  47. ENISA (2016) Risk management resources and approaches. https://www.enisa.europa.eu/topics/threat-risk-management/risk-management, Accessed 28 June 2018

  48. Shameli-Sendi A, Aghababaei-Barzegar R, Cheriet M (2016) Taxanomy of information security risk assessment (IRSA). Comput Secur 57:14–30

    Article  Google Scholar 

  49. Riaz R, Naureen A, Akram A, Akbar H, Kim KH, Ahmed AF (2008) A unified security framework for three key management schemes for wireless sensor networks. Comput Commun 31(18):4269–4280

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Public Affairs, University of South Florida, Tampa, FL, USA

    Stephen Kwamena Aikins

Authors
  1. Stephen Kwamena Aikins
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stephen Kwamena Aikins .

Editor information

Editors and Affiliations

  1. Northampton University, Northampton, UK

    Zaigham Mahmood

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Aikins, S.K. (2019). Managing Cybersecurity Risks of SCADA Networks of Critical Infrastructures in the IoT Environment. In: Mahmood, Z. (eds) Security, Privacy and Trust in the IoT Environment. Springer, Cham. https://doi.org/10.1007/978-3-030-18075-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-18075-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-18074-4

  • Online ISBN: 978-3-030-18075-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation