•Supervisory Control and Data Acquisition (SCADA) is used for control and monitoring of industrial process automation.•Growing interconnectivity and remote accessibility make SCADA networks ...vulnerable from various attacks.•Embedded system level vulnerabilities are identified owing to poor coding and validation practices.•Network configuration level vulnerabilities are revealed due to feeble defence in depth mechanism.•Protocol level vulnerabilities are exposed due to improper implementation and inadequate security mechanism.
Growing dependency and remote accessibility of automated industrial automation systems have transformed SCADA (Supervisory Control and Data Acquisition) networks from strictly isolated to highly interconnected networks. This increase in interconnectivity between systems raises operational efficiency due to the ease of controlling and monitoring of processes, however, this inevitable transformation also exposes the control system to the outside world. As a result, effective security strategies are required as any vulnerability of the SCADA system could generate severe financial and/or safety implications. The primary task when identifying holes in the system is to have proper awareness of the SCADA vulnerabilities and threats. This approach will help to identify potential breaches or aspects in the system where a breach may occur. This paper describes various types of potential SCADA vulnerabilities by taking real incidents reported in standard vulnerability databases. A comprehensive review of each type of vulnerability has been discussed along with recommendations for the improvement of SCADA security systems.
Security issues in SCADA networks Igure, Vinay M.; Laughter, Sean A.; Williams, Ronald D.
Computers & security,
10/2006, Letnik:
25, Številka:
7
Journal Article
Recenzirano
The increasing interconnectivity of SCADA (Supervisory Control and Data Acquisition) networks has exposed them to a wide range of network security problems. This paper provides an overview of all the ...crucial research issues that are involved in strengthening the cyber security of SCADA networks. The paper describes the general architecture of SCADA networks and the properties of some of the commonly used SCADA communication protocols. The general security threats and vulnerabilities in these networks are discussed followed by a survey of the research challenges facing SCADA networks. The paper discusses the ongoing work in several SCADA security areas such as improving access control, firewalls and intrusion detection systems, SCADA protocol analyses, cryptography and key management, device and operating system security. Many trade and research organizations are involved in trying to standardize SCADA security technologies. The paper concludes with an overview of these standardization efforts.
Middleware for Internet of Things: A Survey Razzaque, Mohammad Abdur; Milojevic-Jevric, Marija; Palade, Andrei ...
IEEE internet of things journal,
2016-Feb., 2016-2-00, 20160201, Letnik:
3, Številka:
1
Journal Article
Odprti dostop
The Internet of Things (IoT) envisages a future in which digital and physical things or objects (e.g., smartphones, TVs, cars) can be connected by means of suitable information and communication ...technologies, to enable a range of applications and services. The IoT's characteristics, including an ultra-large-scale network of things, device and network level heterogeneity, and large numbers of events generated spontaneously by these things, will make development of the diverse applications and services a very challenging task. In general, middleware can ease a development process by integrating heterogeneous computing and communications devices, and supporting interoperability within the diverse applications and services. Recently, there have been a number of proposals for IoT middleware. These proposals mostly addressed wireless sensor networks (WSNs), a key component of IoT, but do not consider RF identification (RFID), machine-to-machine (M2M) communications, and supervisory control and data acquisition (SCADA), other three core elements in the IoT vision. In this paper, we outline a set of requirements for IoT middleware, and present a comprehensive review of the existing middleware solutions against those requirements. In addition, open research issues, challenges, and future research directions are highlighted.
Utility-scale wind turbines are equipped with a supervisory control and data acquisition (SCADA) system for remote supervision and control. The SCADA system accumulates a large amount of data that ...contains the health conditions of the wind turbines. Thus, it is interesting to mine the health status-related information from SCADA data for wind turbine condition monitoring. In this article, an ensemble approach is proposed to detect anomalies and diagnose faults in wind turbines. Historical SCADA data collected from healthy wind turbines are used to model their normal behaviors and build a Mahalanobis space as a reference space. By comparing the predicted behavior of the wind turbine by a trained model with the reference space, anomalies can be detected. Finally, wind turbine faults are diagnosed through the analysis of the distributions and correlations of their SCADA data. The proposed approach is validated by using the SCADA data collected from two field wind turbines. Results show that it can detect anomalies and diagnose the corresponding failure components before the wind turbines have to be shut down for maintenance.
This brief aims to perform security threat assessment of networked control systems with regulatory and supervisory control layers. We analyze the performance of a proportional-integral controller ...(regulatory layer) and a model-based diagnostic scheme (supervisory layer) under a class of deception attacks. We adopt a conservative approach by assuming that the attacker has knowledge of: 1) the system dynamics; 2) the parameters of the diagnostic scheme; and 3) the sensor-control signals. The deception attack presented here can enable remote water pilfering from automated canal systems. We also report a field-operational test attack on the Gignac canal system located in Southern France.
A relatively new trend in Critical Infrastructures (e.g., power plants, nuclear plants, energy grids, etc.) is the massive migration from the classic model of isolated systems, to a system-of-systems ...model, where these infrastructures are intensifying their interconnections through Information and Communications Technology (ICT) means. The ICT core of these industrial installations is known as Supervisory Control And Data Acquisition Systems (SCADA). Traditional ICT security countermeasures (e.g., classic firewalls, anti-viruses and IDSs) fail in providing a complete protection to these systems since their needs are different from those of traditional ICT. This paper presents an innovative approach to Intrusion Detection in SCADA systems based on the concept of Critical State Analysis and State Proximity. The theoretical framework is supported by tests conducted with an Intrusion Detection System prototype implementing the proposed detection approach.
•A generalized model is presented for wind turbine anomaly identification.•Prediction models are developed for the environmentally sensitive SCADA parameters.•A new index is defined to quantify the ...abnormal level of wind turbine condition.•A fuzzy synthetic evaluation method is used to integrate the identification results.•Two case studies for an onshore wind farm are carried out and analyzed.
This paper presents a generalized model for wind turbine (WT) anomaly identification based on the data collected from wind farm supervisory control and data acquisition (SCADA) system. Neural networks (NNs) are used to establish prediction models of the WT condition parameters that are dependent on environmental conditions such as ambient temperature and wind speed. Input parameters of the prediction models are selected based on the domain knowledge. Three types of sample data, namely the WT’s current SCADA data, the WT’s historical SCADA data, and other similar WTs’ current SCADA data, are used to train the condition parameter prediction models. Prediction accuracy of the models trained by these sample data is compared and discussed in the paper. Mean absolute error (MAE) index is used to select the prediction models trained by historical and other similar WTs’ current SCADA data. Abnormal level index (ALI) is defined to quantify the abnormal level of prediction error of each selected model. To improve the accuracy of anomaly identification, a fuzzy synthetic evaluation method is used to integrate the identification results obtained from the different selected models. The proposed method has been used for real 1.5MW WTs with doubly fed induction generators. The results show that the proposed method is more effective in WT anomaly identification than traditional methods.
SCADA security in the light of Cyber-Warfare Nicholson, A.; Webber, S.; Dyer, S. ...
Computers & security,
June 2012, 2012-6-00, 20120601, Letnik:
31, Številka:
4
Journal Article
Recenzirano
Supervisory Control and Data Acquisition (SCADA) systems are deployed worldwide in many critical infrastructures ranging from power generation, over public transport to industrial manufacturing ...systems. Whilst contemporary research has identified the need for protecting SCADA systems, these information are disparate and do not provide a coherent view of the threats and the risks resulting from the tendency to integrate these once isolated systems into corporate networks that are prone to cyber attacks. This paper surveys ongoing research and provides a coherent overview of the threats, risks and mitigation strategies in the area of SCADA security.
In this paper, we analyze control-related attacks in supervisory control and data acquisition systems for power grids. This class of attacks introduces a serious threat to power systems, because ...attackers can directly change the system's physical configuration using malicious control commands crafted in a legitimate format. To detect such attacks, we propose a semantic analysis framework that integrates network intrusion detection systems with a power flow analysis capable of estimating the execution consequences of control commands. To balance detection accuracy and latency, the parameters of the power flow analysis algorithm are dynamically adapted according to real-time system dynamics. Our experiments on IEEE 24-bus, 30-bus, and 39-bus systems and a 2736-bus system demonstrate that by opening three transmission lines, an attacker can put the tested system into an insecure state, and the semantic analysis can complete detection in 200 ms for the large-scale 2736-bus system with about 0.78% false positives and 0.01% false negatives, which allow for timely responses to intrusions.
The introduction of connected systems and digital technology in process industries creates new cyber-security vulnerabilities that can be exploited by sophisticated threats and lead to undesirable ...safety accidents. Thus, identifying these vulnerabilities during risk analysis becomes an important part for effective industrial risk evaluation. However, nowadays, safety and security are analyzed separately when they should not be. This is because a security threat can lead to the same dangerous phenomenon as a safety incident. In this paper, a new method that considers safety and security together during industrial risk analysis is proposed. This approach combines bowtie analysis, commonly used for safety analysis, with a new extended version of attack tree analysis, introduced for security analysis of industrial control systems. The combined use of bowtie and attack tree provides an exhaustive representation of risk scenarios in terms of safety and security. We then propose an approach for evaluating the risk level based on two-term likelihood parts, one for safety and one for security. The application of this approach is demonstrated using the case study of a risk scenario in a chemical facility.