Abstract
Supervisory Control and Data Acquisition (SCADA) systems have become indispensable in a wide range of industries worldwide. These systems facilitate the monitoring and managing complex physical processes by employing field devices and actuators. However, the growing reliance on SCADA systems and the transition to standardized protocols have introduced significant security risks, leading to an alarming rise in reported cyber-attacks. This paper focuses on addressing the security challenges SCADA systems face by exploring risk assessment methodologies. Organizations can proactively protect their systems from potential threats by comprehending the architectural intricacies of SCADA networks and analyzing existing risk assessment techniques. Moreover, an investigation into recent cyber attacks sheds light on the emerging trends and tactics that pose a considerable risk to SCADA systems. By integrating robust risk assessment methodologies, organizations can effectively enhance the security of SCADA systems and mitigate the potential damage caused by cyber-attacks. This paper also highlights the latest trends and tactics that is supposed to be very successful against SCADA systems, with a historical review of all attacks and their frequency throughout the year. #COMESYSO1120.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kure, H., Islam, S., Razzaque, M.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018). https://doi.org/10.3390/app8060898
Gomez, R.A.O., Tosh, D.K.: Towards security and privacy of scada systems through decentralized architecture. In: 2019 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 1224–1229. IEEE (2019)
Shrivastava, S., Saquib, Z., Shah, S.: Vulnerabilities of scada systems and its impact on cyber security. Int. J. Electr. Electron. Data Commun. 6(6), 26–30, 208AD
Elhady, A.M., El-bakry, H.M., Elfetouh, A.A.: Comprehensive risk identification model for SCADA systems. Secur. Commun. Networks 2019, 1–24 (2019). https://doi.org/10.1155/2019/3914283
Housh, M., Ohar, Z.: Model-based approach for cyber-physical attack detection in water distribution systems. Water Res. 139(August), 132–143 (2018). https://doi.org/10.1016/j.watres.2018.03.039
Lin, K.-S.: A new evaluation model for information security risk management of SCADA systems. IEEE Xplore (2019). https://doi.org/10.1109/ICPHYS.2019.8780280
Tariq, N., Asim, M., Khan, F.A.: Securing SCADA-based critical infrastructures: challenges and open issues. Procedia Comput. Sci. 155, 612–617 (2019). https://doi.org/10.1016/j.procs.2019.08.086
Geeta, Y., Paul, K.: Assessment of SCADA System Vulnerabilities. IEEE Xplore. 1 Sept 2019. https://doi.org/10.1109/ETFA.2019.8869541
Yadav, G., Paul, K.: Architecture and security of SCADA systems: a review. Int. J. Crit. Infrastruct. Prot. 34(September), 100433 (2021). https://doi.org/10.1016/j.ijcip.2021.100433
Markovic-Petrovic, J.D., Stojanovic, M.D., Bostjancic Rakas, S.V.: A fuzzy AHP approach for security risk assessment in SCADA networks. Adv. Electr. Comput. Eng. 19(3), 69–74 (2019). https://doi.org/10.4316/AECE.2019.03008
Huang, K., Zhou, C., Tian, Y.C., Tu, W., Peng, Y.: Application of Bayesian network to data-driven cyber-security risk assessment in SCADA networks. In: 2017 27th International Telecommunication Networks and Applications Conference ITNAC 2017, vol. 2017, pp. 1–6 (2017). https://doi.org/10.1109/ATNAC.2017.8215355
Pliatsios, D., Sarigiannidis, P., Lagkas, T., Sarigiannidis, A.G.: A survey on SCADA systems: secure protocols, incidents, threats and tactics. IEEE Commun. Surv. Tutorials 22(3), 1942–1976 (2020). https://doi.org/10.1109/COMST.2020.2987688
Coffey, K., et al.: Vulnerability assessment of cyber security for SCADA systems. In: Parkinson, S., Crampton, A., Hill, R. (eds.) Guide to Vulnerability Analysis for Computer Networks and Systems. CCN, pp. 59–80. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-92624-7_3
Kalogeraki, E.-M., Papastergiou, S., Mouratidis, H., Polemi, N.: A novel risk assessment methodology for SCADA maritime logistics environments. Appl. Sci. 8(9), 1477 (2018). https://doi.org/10.3390/app8091477
Lan, J.: Research on cybersecurity risk assessment in scada networks based on AHP-RSR. In: Proceedings - 2020 International Conference on Communications, Information System and Computer Engineering CISCE 2020, pp. 361–364 (2020). https://doi.org/10.1109/CISCE50729.2020.00079
Hossain, N., Das, T., Tariqul Islam, M., Hossain, A.: Cyber security risk assessment method for SCADA system. Inform. Secur. J. Global Perspect. 31(5), 499–510 (2021). https://doi.org/10.1080/19393555.2021.1934196
Shang, W., Gong, T., Chen, C., Hou, J., Zeng, P.: Information security risk assessment method for ship control system based on fuzzy sets and attack trees. Secur. Commun. Networks 2019, 1–11 (2019). https://doi.org/10.1155/2019/3574675
Falco, G., Caldera, C., Shrobe, H.: IIoT cybersecurity risk modeling for SCADA systems. IEEE Internet Things J. 5(6), 4486–4495 (2018). https://doi.org/10.1109/JIOT.2018.2822842
Boryczko, K., Piegdoń, I., Szpak, D., Żywiec, J.: Risk assessment of lack of water supply using the hydraulic model of the water supply. Resources 10(5), 43 (2021). https://doi.org/10.3390/resources10050043
Süzen, A.A.: A risk-assessment of cyber attacks and defense strategies in industry 4.0 ecosystem. Int. J. Comput. Netw. Inf. Secur. 12(1), 1–12 (2020). https://doi.org/10.5815/ijcnis.2020.01.01
Zhou, X., Xu, Z., Wang, L., Chen, K., Chen, C., Zhang, W.: APT attack analysis in SCADA systems. MATEC Web Conf. 173, 2–6 (2018). https://doi.org/10.1051/matecconf/201817301010
Upadhyay, D., Sampalli, S.: SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations. Comput. Secur. 89, 101666 (2020). https://doi.org/10.1016/j.cose.2019.101666
Shaw, W.T.: SCADA System Vulnerabilities to Cyber Attack. 2019. Access Date: 01–02–2022, Access time: 06:41pm
Nazir, S., Patel, S., Patel, D.: Assessing and augmenting SCADA cyber security: A survey of techniques. Comput. Secur. (2017). https://doi.org/10.1016/j.cose.2017.06.010
Cyber Physical Systems: the need for new models and design paradigms, Carnegie Mellon University, Access Date: 01–02–2022, Access time: 08:01pm
Cyber-physical systems, IEEE Control Systems Society, 2011, Access Date: 01–02–2022, Access time: 09:33am
Lee, J., Lapira, E., Bagheri, B., Kao, H.: Recent advances and trends in predictive manufacturing systems in big data environment. Manufact. Let. 1(1), 38–41 (2013). https://doi.org/10.1016/j.mfglet.2013.09.005
Ant'on, S.D., Fraunholz, D., Lipps, C., Pohl, F., Zimmermann, M., Schotte, H.D.: Two decades of SCADA exploitation: a brief history. In: 2017 IEEE Conference on Application, Information and Network Security (AINS)
https://www.thomasnet.com/insights/the-future-of-scada-in-2019-iiot-tech/ Access Date: 01–02–2022, Access time: 07:49pm
Debouza, M., Al-Durra, A., EL-Fouly, T.H.M., Zeineldin, H.H.: Survey on microgrids with flexible boundaries: Strategies, applications, and future trends. Electric Power Syst. Res. 205, 107765 (2022). https://doi.org/10.1016/j.epsr.2021.107765
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ali, S. (2024). Security in SCADA System: A Technical Report on Cyber Attacks and Risk Assessment Methodologies. In: Silhavy, R., Silhavy, P. (eds) Data Analytics in System Engineering. CoMeSySo 2023. Lecture Notes in Networks and Systems, vol 935. Springer, Cham. https://doi.org/10.1007/978-3-031-54820-8_35
Download citation
DOI: https://doi.org/10.1007/978-3-031-54820-8_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54819-2
Online ISBN: 978-3-031-54820-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)