Skip to main content
SpringerLink
Log in

Security in SCADA System: A Technical Report on Cyber Attacks and Risk Assessment Methodologies

  • Conference paper
  • First Online:
Data Analytics in System Engineering (CoMeSySo 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 935))

Included in the following conference series:

  • 251 Accesses

Abstract

Supervisory Control and Data Acquisition (SCADA) systems have become indispensable in a wide range of industries worldwide. These systems facilitate the monitoring and managing complex physical processes by employing field devices and actuators. However, the growing reliance on SCADA systems and the transition to standardized protocols have introduced significant security risks, leading to an alarming rise in reported cyber-attacks. This paper focuses on addressing the security challenges SCADA systems face by exploring risk assessment methodologies. Organizations can proactively protect their systems from potential threats by comprehending the architectural intricacies of SCADA networks and analyzing existing risk assessment techniques. Moreover, an investigation into recent cyber attacks sheds light on the emerging trends and tactics that pose a considerable risk to SCADA systems. By integrating robust risk assessment methodologies, organizations can effectively enhance the security of SCADA systems and mitigate the potential damage caused by cyber-attacks. This paper also highlights the latest trends and tactics that is supposed to be very successful against SCADA systems, with a historical review of all attacks and their frequency throughout the year. #COMESYSO1120.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kure, H., Islam, S., Razzaque, M.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018). https://doi.org/10.3390/app8060898

    Article  Google Scholar 

  2. Gomez, R.A.O., Tosh, D.K.: Towards security and privacy of scada systems through decentralized architecture. In: 2019 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 1224–1229. IEEE (2019)

    Google Scholar 

  3. Shrivastava, S., Saquib, Z., Shah, S.: Vulnerabilities of scada systems and its impact on cyber security. Int. J. Electr. Electron. Data Commun. 6(6), 26–30, 208AD

    Google Scholar 

  4. Elhady, A.M., El-bakry, H.M., Elfetouh, A.A.: Comprehensive risk identification model for SCADA systems. Secur. Commun. Networks 2019, 1–24 (2019). https://doi.org/10.1155/2019/3914283

    Article  Google Scholar 

  5. Housh, M., Ohar, Z.: Model-based approach for cyber-physical attack detection in water distribution systems. Water Res. 139(August), 132–143 (2018). https://doi.org/10.1016/j.watres.2018.03.039

    Article  Google Scholar 

  6. Lin, K.-S.: A new evaluation model for information security risk management of SCADA systems. IEEE Xplore (2019). https://doi.org/10.1109/ICPHYS.2019.8780280

  7. Tariq, N., Asim, M., Khan, F.A.: Securing SCADA-based critical infrastructures: challenges and open issues. Procedia Comput. Sci. 155, 612–617 (2019). https://doi.org/10.1016/j.procs.2019.08.086

    Article  Google Scholar 

  8. Geeta, Y., Paul, K.: Assessment of SCADA System Vulnerabilities. IEEE Xplore. 1 Sept 2019. https://doi.org/10.1109/ETFA.2019.8869541

  9. Yadav, G., Paul, K.: Architecture and security of SCADA systems: a review. Int. J. Crit. Infrastruct. Prot. 34(September), 100433 (2021). https://doi.org/10.1016/j.ijcip.2021.100433

    Article  Google Scholar 

  10. Markovic-Petrovic, J.D., Stojanovic, M.D., Bostjancic Rakas, S.V.: A fuzzy AHP approach for security risk assessment in SCADA networks. Adv. Electr. Comput. Eng. 19(3), 69–74 (2019). https://doi.org/10.4316/AECE.2019.03008

  11. Huang, K., Zhou, C., Tian, Y.C., Tu, W., Peng, Y.: Application of Bayesian network to data-driven cyber-security risk assessment in SCADA networks. In: 2017 27th International Telecommunication Networks and Applications Conference ITNAC 2017, vol. 2017, pp. 1–6 (2017). https://doi.org/10.1109/ATNAC.2017.8215355

  12. Pliatsios, D., Sarigiannidis, P., Lagkas, T., Sarigiannidis, A.G.: A survey on SCADA systems: secure protocols, incidents, threats and tactics. IEEE Commun. Surv. Tutorials 22(3), 1942–1976 (2020). https://doi.org/10.1109/COMST.2020.2987688

    Article  Google Scholar 

  13. Coffey, K., et al.: Vulnerability assessment of cyber security for SCADA systems. In: Parkinson, S., Crampton, A., Hill, R. (eds.) Guide to Vulnerability Analysis for Computer Networks and Systems. CCN, pp. 59–80. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92624-7_3

  14. Kalogeraki, E.-M., Papastergiou, S., Mouratidis, H., Polemi, N.: A novel risk assessment methodology for SCADA maritime logistics environments. Appl. Sci. 8(9), 1477 (2018). https://doi.org/10.3390/app8091477

    Article  Google Scholar 

  15. Lan, J.: Research on cybersecurity risk assessment in scada networks based on AHP-RSR. In: Proceedings - 2020 International Conference on Communications, Information System and Computer Engineering CISCE 2020, pp. 361–364 (2020). https://doi.org/10.1109/CISCE50729.2020.00079

  16. Hossain, N., Das, T., Tariqul Islam, M., Hossain, A.: Cyber security risk assessment method for SCADA system. Inform. Secur. J. Global Perspect. 31(5), 499–510 (2021). https://doi.org/10.1080/19393555.2021.1934196

    Article  Google Scholar 

  17. Shang, W., Gong, T., Chen, C., Hou, J., Zeng, P.: Information security risk assessment method for ship control system based on fuzzy sets and attack trees. Secur. Commun. Networks 2019, 1–11 (2019). https://doi.org/10.1155/2019/3574675

    Article  Google Scholar 

  18. Falco, G., Caldera, C., Shrobe, H.: IIoT cybersecurity risk modeling for SCADA systems. IEEE Internet Things J. 5(6), 4486–4495 (2018). https://doi.org/10.1109/JIOT.2018.2822842

    Article  Google Scholar 

  19. Boryczko, K., Piegdoń, I., Szpak, D., Żywiec, J.: Risk assessment of lack of water supply using the hydraulic model of the water supply. Resources 10(5), 43 (2021). https://doi.org/10.3390/resources10050043

    Article  Google Scholar 

  20. Süzen, A.A.: A risk-assessment of cyber attacks and defense strategies in industry 4.0 ecosystem. Int. J. Comput. Netw. Inf. Secur. 12(1), 1–12 (2020). https://doi.org/10.5815/ijcnis.2020.01.01

    Article  Google Scholar 

  21. Zhou, X., Xu, Z., Wang, L., Chen, K., Chen, C., Zhang, W.: APT attack analysis in SCADA systems. MATEC Web Conf. 173, 2–6 (2018). https://doi.org/10.1051/matecconf/201817301010

    Article  Google Scholar 

  22. Upadhyay, D., Sampalli, S.: SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations. Comput. Secur. 89, 101666 (2020). https://doi.org/10.1016/j.cose.2019.101666

    Article  Google Scholar 

  23. Shaw, W.T.: SCADA System Vulnerabilities to Cyber Attack. 2019. Access Date: 01–02–2022, Access time: 06:41pm

    Google Scholar 

  24. Nazir, S., Patel, S., Patel, D.: Assessing and augmenting SCADA cyber security: A survey of techniques. Comput. Secur. (2017). https://doi.org/10.1016/j.cose.2017.06.010

  25. Cyber Physical Systems: the need for new models and design paradigms, Carnegie Mellon University, Access Date: 01–02–2022, Access time: 08:01pm

    Google Scholar 

  26. Cyber-physical systems, IEEE Control Systems Society, 2011, Access Date: 01–02–2022, Access time: 09:33am

    Google Scholar 

  27. Lee, J., Lapira, E., Bagheri, B., Kao, H.: Recent advances and trends in predictive manufacturing systems in big data environment. Manufact. Let. 1(1), 38–41 (2013). https://doi.org/10.1016/j.mfglet.2013.09.005

    Article  Google Scholar 

  28. Ant'on, S.D., Fraunholz, D., Lipps, C., Pohl, F., Zimmermann, M., Schotte, H.D.: Two decades of SCADA exploitation: a brief history. In: 2017 IEEE Conference on Application, Information and Network Security (AINS)

    Google Scholar 

  29. https://resources.infosecinstitute.com/topic/scada-security-of-critical-infrastructures/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20infosecResources%20%28InfoSec%20Resources%29

  30. https://www.thomasnet.com/insights/the-future-of-scada-in-2019-iiot-tech/ Access Date: 01–02–2022, Access time: 07:49pm

  31. Debouza, M., Al-Durra, A., EL-Fouly, T.H.M., Zeineldin, H.H.: Survey on microgrids with flexible boundaries: Strategies, applications, and future trends. Electric Power Syst. Res. 205, 107765 (2022). https://doi.org/10.1016/j.epsr.2021.107765

Download references

Author information

Authors and Affiliations

  1. WMG Cyber Security Centre, University of Warwick, Coventry, UK

    Sadaquat Ali

Authors
  1. Sadaquat Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sadaquat Ali .

Editor information

Editors and Affiliations

  1. Faculty of Applied Informatics, Tomas Bata University in Zlin, Zlin, Czech Republic

    Radek Silhavy

  2. Faculty of Applied Informatics, Tomas Bata University in Zlin, Zlin, Czech Republic

    Petr Silhavy

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ali, S. (2024). Security in SCADA System: A Technical Report on Cyber Attacks and Risk Assessment Methodologies. In: Silhavy, R., Silhavy, P. (eds) Data Analytics in System Engineering. CoMeSySo 2023. Lecture Notes in Networks and Systems, vol 935. Springer, Cham. https://doi.org/10.1007/978-3-031-54820-8_35

Download citation

Publish with us

Policies and ethics

Search

Navigation