The Power of Hands-On Exercises in SCADA Cyber Security Education

  • Elena Sitnikova
  • Ernest Foo
  • Rayford B. Vaughn
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 406)


For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems’ vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.


industrial control systems SCADA critical infrastructure cybersecurity experiential learning security laboratory curriculum 


  1. 1.
  2. 2.
    Common Cyber Security Vulnerabilities Observed in Control Systems Assessments by INL NSTB Program. Idaho national Laboratory. Idaho Falls, Idaho 83415 (November 2008)Google Scholar
  3. 3.
    Morris, T., Vaughn, R., Sitnikova, E.: Advances in the Protection of Critical Infrastructure Improvement in Industrial Control System Security. In: Morris, T., Vaughn, R., Sitnikova, E. (eds.) Australasian Computer Science Week, January 29-February 1. University of South Australia, Adelaide (2013)Google Scholar
  4. 4.
    Vaughn, R., Morris, T., Sitnikova, E.: Development and Expansion of an Industrial Control System Security Laboratory and an International Research Collaboration. In: 8th Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW8), Oak Ridge, TN, January 8-10 (2013)Google Scholar
  5. 5.
    Assante, M.J.: Testimony on Securing Critical Infrastructure in the Age of Stuxnet. National Board of Information Security Examiners (November 17, 2010)Google Scholar
  6. 6.
    ITSEAG, Achieving IT Resilience Summary Report for CIOs and CSOs, (viewed 6 April, 2012)
  7. 7.
    Slay, J., Sitnikova, E.: Developing SCADA Systems Security Course within a Systems Engineering Program. In: Proceedings 12th Colloquium for Information Systems Security Education, Dallas, US (2008)Google Scholar
  8. 8.
    Sitnikova, E., Slay, J.: Pathway into a Security Professional: a new Cyber Security …. ADFC Richmond, Virginia (2012)Google Scholar
  9. 9.
    Sitnikova, E., Hunt, R.: Engaging Students through Reflective Practice Assessment within SSLS course, Orlando, US (2012)Google Scholar
  10. 10.
    Foo, E., Branagan, M., Morris, T.: A Proposed Australian Industrial Control System Security Curriculum. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), January 7-10, pp. 1754–1762 (2013)Google Scholar
  11. 11.
    Hinett, K.: Developing Reflective Practice in Legal Education. UK Centre for Legal Education (2002)Google Scholar
  12. 12.
    Kolb, D.: Experiential learning: experience as the source of learning and development. Kogan Page, London (1984)Google Scholar
  13. 13.
    Schon, D.: Educating the Reflective Practitioner. Jossey Bass, San Francisco (1987)Google Scholar
  14. 14.
    Boud, D., Keogh, R., Walker, D.: Reflection: turning experience into learning. Kogan Page, London (1985)Google Scholar
  15. 15.
    Philip, L.: Encouraging reflective practice amongst students: a direct assessment approach, GEES Planet Special Edition- Issue 17 (2006), (viewed February 27, 2012)
  16. 16.
    Kaider, F.: Introducing undergraduate electrical engineering students to reflective practice. In: Proceedings of the 2011 AAEE Conference, Fremantle, WA (2011)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Elena Sitnikova
    • 1
  • Ernest Foo
    • 2
  • Rayford B. Vaughn
    • 3
  1. 1.University of South AustraliaAustralia
  2. 2.Queensland University of TechnologyAustralia
  3. 3.Mississippi State UniversityUSA

Personalised recommendations