Skip to main content
SpringerLink
Log in

Vulnerability Assessment of Cyber Security for SCADA Systems

  • Chapter
  • First Online:
Book cover Guide to Vulnerability Analysis for Computer Networks and Systems

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

Supervisory control and data acquisition (SCADA) systems use programmable logic controllers (PLC) or other intelligent electronic devices (IED), remote terminal units (RTU) and input/output (I/O) devices to manage electromechanical equipment in either local or distributed environments. SCADA systems cover a range of industrial sectors and critical infrastructures such as water treatment and supply, electricity generation and distribution, oil refining, food production and logistics. Several factors have contributed to the escalation of risks specific to control systems, including the adoption of standardized technologies with known vulnerabilities, interconnectivity with other networks, use of insecure remote connections and widespread availability of technical information about control systems. This chapter discusses vulnerability assessment of SCADA systems, focusing on several aspects such as asset discovery, identification of vulnerabilities and threats, mitigation of attacks and presentation of major privacy issues.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 59.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Walters R (2014) Cyber attacks on US companies in 2014. Herit Found 4289:1–5

    Google Scholar 

  2. Polityuk P, Vukmanovic O, Jewkes S (2017) Ukraines power outage was a cyber attack: Ukrenergo

    Google Scholar 

  3. Skorobogatov SP (2005) Semi-invasive attacks: a new approach to hardware security analysis. Ph D thesis, University of Cambridge Ph D dissertation

    Google Scholar 

  4. Skorobogatov SP, Anderson RJ et al (2002) Optical fault induction attacks. In: CHES, vol. 2523. Springer, Berlin, , pp 2–12

    Google Scholar 

  5. Radvanovsky R, Brodsky J (2016) Handbook of SCADA/control systems security, 2nd edn. CRC press LLC, Boca Raton

    Book  Google Scholar 

  6. Stouffer K, Falco J, Scarfone K (2011) Guide to industrial control systems (ics) security. NIST Spec Publ 800(82):16–16

    Google Scholar 

  7. Nicholson A, Webber S, Dyer S, Patel T, Janicke H (2012) Scada security in the light of cyber-warfare. Comput Secur 31(4):418–436

    Article  Google Scholar 

  8. Franz M (2003) Vulnerability testing of industrial network devices. In: Cisco critical infrastructure assurance group (Ciag), ISA industrial network security conference (2003)

    Google Scholar 

  9. Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Priv 9(3):49–51

    Article  Google Scholar 

  10. Duggan D, Berg M, Dillinger J, Stamp J (2005) Penetration testing of industrial control systems. Sandia national laboratories

    Google Scholar 

  11. Byres E, Lowe J (2004) The myths and facts behind cyber security risks for industrial control systems. Proc VDE Kongr 116:213–218

    Google Scholar 

  12. Kerr PK, RollinsJ, Theohary CA (2010) The Stuxnet computer worm: harbinger of an emerging warfare capability

    Google Scholar 

  13. Rodofile NR, Radke K, Foo E (2016) DNP3 network scanning and reconnaissance for critical infrastructure. In: Proceedings of the Australasian computer science week multi conference. ACM, p 39

    Google Scholar 

  14. Knapp ED, Langill JT (2011) Industrial network security: securing critical infrastructure networks for smart grid, SCADA , and other industrial control systems syngress ???

    Google Scholar 

  15. Xu Y, Bailey M, Vander Weele E, Jahanian F (2010) Canvus: context-aware network vulnerability scanning. In: International workshop on recent advances in intrusion detection. Springer, Berlin , pp 138–157

    Google Scholar 

  16. Gonzalez J, Papa M (2007) Passive scanning in modbus networks. Crit Infrastruct Prot 175–187

    Google Scholar 

  17. Bartlett G, Heidemann J, Papadopoulos C (2007) Understanding passive and active service discovery. In: Proceedings of the 7th ACM SIGCOMM conference on internet measurement. ACM, pp 57–70

    Google Scholar 

  18. Deraison R, Gula R (2004) Blended security assessments, combining active, passive and host assessment techniques. Tenable network security

    Google Scholar 

  19. Chen C-Y, Ghassami A, Mohan S, Kiyavash N, Bobba RB, Pellizzoni R, Yoon M-K (2017) A reconnaissance attack mechanism for fixed-priority real-time systems. arXiv:1705.02561

  20. Bodenheim RC (2014) Impact of the shodan computer search engine on internet-facing industrial control system devices. Technical report, Air force institute of technology wright-patterson AFB OH graduate school of engineering and management

    Google Scholar 

  21. Jaromin RM (2013) Emulation of industrial control field device protocols. Technical report, air force inst of tech wright-patterson AFB OH graduate school of engineering and management

    Google Scholar 

  22. Peterson D (2006) Using the nessus vulnerability scanner on control systems. Digital bond white paper

    Google Scholar 

  23. Durumeric Z, Wustrow E, Halderman JA (2013) Zmap: fast internet-wide scanning and its security applications. USENIX Secur Symp 8:47–53

    Google Scholar 

  24. Li F, Durumeric Z, Czyz J, Karami M, Bailey M, McCoy D, Savage S, Paxson V (2016) You’ve got vulnerability: exploring effective vulnerability notifications. In: USENIX security symposium, pp 1033–1050

    Google Scholar 

  25. Coffey K, Smith R, Maglaras L, Janicke H (2018) Vulnerability analysis of network scanning on SCADA systems. Secur Commun Netw

    Google Scholar 

  26. Cruz T, Rosa L, Proença J, Maglaras L, Aubigny M, Lev L, Jiang J, Simões P (2016) A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Trans Ind Inf 12(6):2236–2246

    Article  Google Scholar 

  27. Zaddach J, Bruno L, Francillon A, Balzarotti D (2014) Avatar: A framework to support dynamic security analysis of embedded systems’ firmwares. In: NDSS

    Google Scholar 

  28. Gao W, Morris T, Reaves B, Richey D (2010) On scada control system command and response injection and intrusion detection. In: eCrime researchers summit (eCrime). IEEE, pp 1–9

    Google Scholar 

  29. Lin H, Slagell A, Kalbarczyk Z, Sauer P, Iyer R (2016) Runtime semantic security analysis to detect and mitigate control-related attacks in power grids. IEEE Trans Smart Grid

    Google Scholar 

  30. Cook A, Janicke H, Maglaras L, Smith R (2017) An assessment of the application of it security mechanisms to industrial control systems. Int J Internet Technol Secur Trans 7(2):144–174

    Article  Google Scholar 

  31. Johansson E, Sommestad T, Ekstedt M (2009) Issues of cyber security in SCADA-systems - on the importance of awareness. In: Proceedings of the IEEE 20th international conference and exhibition on electricity distribution–part 1, pp 1–4

    Google Scholar 

  32. Singh A, Prasad A, Talwar Y (2016) SCADA security issues and FPGA implementation of AES: a review. In: Proceedings of the IEEE 2nd international conference on next generation computing technologies (NGCT), pp 899–904

    Google Scholar 

  33. Babu B, Ijyas T, Muneer P, Varghese J (2017) Security issues in SCADA based industrial control systems. In: Proceedings of the IEEE 2nd international conference on anti-cyber crimes (ICACC), pp 47–51

    Google Scholar 

  34. Expo I, Fink RK, Spencer DF, Wells RA (2006) Lessons learned from cyber security assessments of SCADA and energy management systems

    Google Scholar 

  35. Mahboob A, Zubairi JA (2013) Securing SCADA systems with open source software. In: Proceedings of the IEEE high capacity optical networks and emerging/enabling technologies, pp 193–198

    Google Scholar 

  36. Sajid A, Abbas H, Saleem K (2016) Cloud-assisted IoT-based SCADA systems security: a review of the state of the art and future challenges. IEEE Access 4:1375–1384

    Article  Google Scholar 

  37. Davis CM, Tate JE, Okhravi H, Grier C, Overbye TJ, Nicol D (2006) SCADA cyber security testbed development. In: Proceedings of the IEEE 38th North American power symposium, pp 483–488

    Google Scholar 

  38. Wang Y (2011) sSCADA: securing SCADA infrastructure communications. Int J Commun Netw Distrib Syst 6(1):59–78

    Article  Google Scholar 

  39. Cagalaban G, Kim T, Kim S (2010) Improving SCADA control systems security with software vulnerability analysis. In: WSEAS international conference on automatic control, modelling & simulation, pp 409–414

    Google Scholar 

  40. Yang Y, McLaughlin K, Littler T, Sezer S, Im EG, Yao ZQ, Pranggono B, Wang HF (2012) Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems. In: International conference on sustainable power generation and supply (SUPERGEN 2012), pp 1–8

    Google Scholar 

  41. Bere M, Muyingi H (2015) Initial investigation of industrial control system (ICS) security using artificial immune system (AIS). In: Proceedings of the international conference emerging trends networks and computer communication (ETNCC), pp 79–84

    Google Scholar 

  42. Cherdantseva Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for scada systems. Comput Secur 56:1–27

    Article  Google Scholar 

  43. Francia III GA, Thornton D, Dawson J (2012) Security best practices and risk assessment of SCADA and industrial control systems. In: Proceedings of the international conference on security and management (SAM), p 1 (2012). The steering committee of the world congress in computer science, computer engineering and applied computing (WorldComp)

    Google Scholar 

  44. Chittester CG, Haimes YY (2004) Risks of terrorism to information technology and to critical interdependent infrastructures. J Homel Secur Emerg Manag 1(4)

    Google Scholar 

  45. Ten C-W, Manimaran G, Liu C-C (2010) Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern Part A Syst Hum 40(4):853–865

    Article  Google Scholar 

  46. Song J-G, Lee J-W, Lee C-K, Kwon K-C, Lee D-Y (2012) A cyber security risk assessment for the design of i&c systems in nuclear power plants. Nucl Eng Tech 44(8):919–928

    Article  Google Scholar 

  47. LeMay E, Ford MD, Keefe K, Sanders WH, Muehrcke C (2011) Model-based security metrics using adversary view security evaluation (advise). In: 2011 Eighth international conference on quantitative evaluation of systems (QEST). IEEE, pp 191–200

    Google Scholar 

  48. Cárdenas AA, Amin S, Lin Z-S, Huang Y-L, Huang C-Y, Sastry S (2011) Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. ACM, pp 355–366

    Google Scholar 

  49. Markovic-Petrovic J, Stojanovic M (2014) An improved risk assessment method for scada information security. Elektron ir Elektrotech 20(7):69–72

    Article  Google Scholar 

  50. Yan J, Govindarasu M, Liu C-C, Vaidya U (2013) A PMU-based risk assessment framework for power control systems. In: 2013 IEEE power and energy society general meeting (PES). IEEE, pp 1–5

    Google Scholar 

  51. Leszczyna R (2018) Cybersecurity and privacy in standards for smart grids-a comprehensive survey. Comput Stand Interfaces 56:62–73

    Article  Google Scholar 

  52. Nazir S, Patel S, Patel D (2017) Assessing and augmenting scada cyber security: a survey of techniques. Comput Secur 70:436–454

    Article  Google Scholar 

  53. Pothamsetty V, Franz M (2005) Scada honeynet project: Building honeypots for industrial networks. Cisco Systems, Inc.,[Online]. Available http://scadahoneynet.sourceforge.net/. Accessed 18 Jan 2018

  54. Almalawi A, Yu X, Tari Z, Fahad A, Khalil I (2014) An unsupervised anomaly-based detection approach for integrity attacks on scada systems. Comput Secur 46:94–110

    Article  Google Scholar 

  55. Almalawi A, Fahad A, Tari Z, Alamri A, AlGhamdi R, Zomaya AY (2016) An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Trans Inf Forensics Secur 11(5):893–906

    Article  Google Scholar 

  56. Yang Y, McLaughlin K, Sezer S, Littler T, Im EG, Pranggono B, Wang H (2014) Multiattribute scada-specific intrusion detection system for power networks. IEEE Trans Power Deliv 29(3):1092–1102

    Article  Google Scholar 

  57. Sayegh N, Elhajj IH, Kayssi A, Chehab A (2014) SCADA intrusion detection system based on temporal behavior of frequent patterns. In: 2014 17th IEEE Mediterranean electro technical conference (MELECON). IEEE, pp 432–438

    Google Scholar 

  58. Maglaras LA, Jiang J, Cruz T (2014) Integrated ocsvm mechanism for intrusion detection in scada systems. Electron Lett 50(25):1935–1936

    Article  Google Scholar 

  59. Shitharth S et al (2017) An enhanced optimization based algorithm for intrusion detection in scada network. Comput Secur 70:16–26

    Article  Google Scholar 

  60. Esmalifalak M, Liu L, Nguyen N, Zheng R, Han Z (2014) Detecting stealthy false data injection using machine learning in smart grid. IEEE Syst J

    Google Scholar 

  61. Yu W, Griffith D, Ge L, Bhattarai S, Golmie N (2015) An integrated detection system against false data injection attacks in the smart grid. Secur Commun Netw 8(2):91–109

    Article  Google Scholar 

  62. Deng R, Xiao G, Lu R, Liang H, Vasilakos AV (2017) False data injection on state estimation in power systemsattacks, impacts, and defense: a survey. IEEE Trans Ind Inform 13(2):411–423

    Article  Google Scholar 

  63. Guo Z, Shi D, Johansson KH, Shi L (2017) Optimal linear cyber-attack on remote state estimation. IEEE Trans Control Netw Syst 4(1):4–13

    Article  MathSciNet  Google Scholar 

  64. Rezai A, Keshavarzi P, Moravej Z (2016) Advance hybrid key management architecture for scada network security. Secur Commun Netw 9(17):4358–4368

    Article  Google Scholar 

  65. Jiang R, Lu R, Luo J, Lai C, Shen XS (2015) Efficient self-healing group key management with dynamic revocation and collusion resistance for scada in smart grid. Secur Commun Netw 8(6):1026–1039

    Article  Google Scholar 

  66. Rezai A, Keshavarzi P, Moravej Z (2013) Secure scada communication by using a modified key management scheme. ISA Trans 52(4):517–524

    Article  Google Scholar 

  67. Ebrahimi A, Koropi F, Naji H (2014) Increasing the security of SCADA systems using key management and hyper elliptic curve cryptography. In: Proceedings of the 9th symposium advanced science and technology, Mashhad, pp 17–24

    Google Scholar 

  68. Evans M, Maglaras LA, He Y, Janicke H (2016) Human behaviour as an aspect of cybersecurity assurance. Secur Commun Netw 9(17):4667–4679

    Article  Google Scholar 

  69. Greene T (2008) Experts hack power grid in no time. Network world (2008)

    Google Scholar 

  70. Wen M, Lu R, Zhang K, Lei J, Liang X, Shen X (2013) PaRQ: a privacy-preserving range query scheme over encrypted metering data for smart grid. IEEE Trans Emerg Top Comput 1(1): 178–191. https://doi.org/10.1109/TETC.2013.2273889

  71. Shi E, Bethencourt J, Chan T-HH, Song D, Perrig A (2007) Multi-dimensional range query over encrypted data. In: 2007 IEEE symposium on security and private (SP ’07). IEEE, pp 350–364. https://doi.org/10.1109/SP.2007.29

  72. Wen M, Lu R, Lei J, Li H, Liang X, Shen XS (2014) SESA: an efficient searchable encryption scheme for auction in emerging smart grid marketing. Secur Commun Netw 7(1): 234–244. https://doi.org/10.1002/sec.699

  73. Liu Q, Wang G, Wu J (2009) An efficient privacy preserving keyword search scheme in cloud computing. In: 2009 International conference on computational science and engineerings. IEEE, pp 715–720. https://doi.org/10.1109/CSE.2009.66

  74. Fahad A, Tari Z, Almalawi A, Goscinski A, Khalil I, Mahmood A (2014) PPFSCADA: privacy preserving framework for SCADA data publishing. Future Gener Comput Syst 37:496–511. https://doi.org/10.1016/j.future.2014.03.002

  75. Li H, Yang Y, Wen M, Luo H, Lu R (2014) EMRQ: An efficient multi-keyword range query scheme in smart grid auction market. KSII Trans Internet Inf Syst 8(11): 3937–3954 (2014). https://doi.org/10.3837/tiis.2014.11.015

  76. Jiang R, Lu R, Luo J, Lai C, Shen XS (2015) Efficient self-healing group key management with dynamic revocation and collusion resistance for SCADA in smart grid. Secur Commun Netw 8(6), 1026–1039 (2015). https://doi.org/10.1002/sec.1057

  77. Ferrag MA (2017) EPEC: an efficient privacy-preserving energy consumption scheme for smart grid communications. Telecommun Syst 66(4): 671–688 (2017). https://doi.org/10.1007/s11235-017-0315-2

  78. Rahman MS, Basu A, Kiyomoto S, Bhuiyan MZA (2017) Privacy-friendly secure bidding for smart grid demand-response. Inf Sci (Ny) 379:229–240 (2017). https://doi.org/10.1016/j.ins.2016.10.034

  79. Ferrag MA, Maglaras LA, Janicke H, Jiang J, Shu L (2018) A systematic review of data protection and privacy preservation schemes for smart grid communications. Sustain Cities Soc. https://doi.org/10.1016/j.scs.2017.12.041

  80. Ferrag MA, Maglaras L, Ahmim A (2017) Privacy-preserving schemes for Ad Hoc social networks: A Survey. IEEE Commun Surv Tutor 19(4): 3015–3045. https://doi.org/10.1109/COMST.2017.2718178

Download references

Author information

Authors and Affiliations

  1. De Montfort University, Leiceter, U.K.

    Kyle Coffey, Leandros A. Maglaras, Richard Smith & Helge Janicke

  2. Department of Computer Science, Guelma University, Guelma, Algeria

    Mohamed Amine Ferrag

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Abdelouahid Derhab

  4. Guangdong Provincial Key Lab of Petrochemical Equipment Fault Diagnosis, Guangdong University of Petrochemical Technology, Maoming, China

    Mithun Mukherjee

  5. General Secretary of Digital Policy, Athens, Greece

    Stylianos Rallis

  6. University of Engineering and Technology, Lahore, Pakistan

    Awais Yousaf

Authors
  1. Kyle Coffey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leandros A. Maglaras
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Richard Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Helge Janicke
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohamed Amine Ferrag
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Abdelouahid Derhab
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Mithun Mukherjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Stylianos Rallis
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Awais Yousaf
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Leandros A. Maglaras .

Editor information

Editors and Affiliations

  1. Department of Computer Science, School of Computing and Engineering, University of Huddersfield, Huddersfield, UK

    Simon Parkinson

  2. Department of Computer Science, School of Computing and Engineering, University of Huddersfield, Huddersfield, UK

    Andrew Crampton

  3. Department of Computer Science, School of Computing and Engineering, University of Huddersfield, Huddersfield, UK

    Richard Hill

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Coffey, K. et al. (2018). Vulnerability Assessment of Cyber Security for SCADA Systems. In: Parkinson, S., Crampton, A., Hill, R. (eds) Guide to Vulnerability Analysis for Computer Networks and Systems. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-92624-7_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-92623-0

  • Online ISBN: 978-3-319-92624-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation