Security Issues in SCADA based Industrial Control Systems

This paper summarizes the experience gained during a series of practical cybersecurity assessments of various components of Europe’s smart electrical grids.

This document discusses managing system security through data collection. It proposes creating an application that collects security-related data from client systems on a network and stores it in a database server. This would allow monitoring the systems for intrusions or issues. The application would run in the background of each client system and collect configuration, software and activity data periodically to send to the database server. The collected data could then be analyzed to detect any unauthorized changes or suspicious activity on the client systems.

SCADA (Supervisory Control and Data Acquisition) systems monitor and control industrial processes that are distributed over large geographical areas. They progressed through 3 generations - from co-located control in the 1970s to networked systems connected to external networks in the 2000s. A typical SCADA system has hardware components like PLCs and field devices, and software for communication, interfacing, scalability, and functionality like access control, alarms, trending, and automation through scripting. SCADA provides cost-effective monitoring and control for industrial processes compared to distributed control systems.

International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.

The document discusses SCADA (Supervisory Control and Data Acquisition) systems which are used to remotely monitor and control critical infrastructure like power plants, oil and gas pipelines, and water treatment facilities. It outlines some security issues with SCADA including that these systems have been of interest to terrorists and nation-states due to their ability to disrupt important systems, and that insiders and simple attacks could also potentially target vulnerable SCADA networks.

The document summarizes a cyber attack on a SCADA system in Ukraine in December 2015 that caused widespread power outages. Attackers first infiltrated the system 6 months prior using a phishing email with a malicious macro. They then spent time reconnoitering the network, stealing credentials, and testing their abilities to control system components. On the day of the attack, they deployed "kill disk" malware to disable workstations and took control of HMIs to open circuit breakers and shut down power stations, cutting power to 250,000 people. They also sabotaged backup systems to prevent restoration of service and launched a social engineering campaign to overload emergency responders. The sophisticated and coordinated attack exploited numerous security weaknesses in the outdated

This document proposes an architecture and implementation for integrating energy meters with an Internet of Things (IoT) platform. The key aspects of the approach are: 1) Integrating smart grid applications and home applications using a common IoT infrastructure, 2) Collecting data from different sensor communication protocols, 3) Providing secure and customized data access, and 4) Mapping sensors and actuators to a common abstraction layer to enable multiple concurrent applications. The proposed system was demonstrated with a kit using Zigbee meters and gateways connected to an IoT server and custom user interface.

The document discusses SCADA protocols and communication trends. It describes how SCADA systems monitor and control processes across multiple locations using RTUs connected via local and wide area networks. Common protocols discussed include Modbus, ModbusX, DNP, ASCII, and IEEE 60870. The document also outlines legacy networks using low speeds of 300-1200 bps and how newer networks enable higher speeds of 9600 bps to meet increased data demands.

This document provides an overview of SCADA (Supervisory Control and Data Acquisition) systems, including basic terminology, components, architecture, communication protocols, applications, security vulnerabilities, and threats. It defines sensors, actuators, relays, PLCs, HMIs, RTUs. It describes the typical SCADA architecture with a master system collecting data from remote units via communication networks. Examples of common industrial protocols like Modbus are provided. Applications of SCADA for monitoring, control, alarm handling and data logging are outlined. Security risks from malware, insiders, hackers and terrorists exploiting vulnerabilities in old operating systems and web interfaces are summarized. The 2015 Ukraine grid cyberattack is reviewed as a case study.

SCADA systems control critical infrastructure but were historically isolated systems with obscurity for security. They are now increasingly connected to the internet and each other, exposing vulnerabilities like weak passwords and unencrypted data. This presents a serious challenge as SCADA systems have special requirements preventing standard security practices and are difficult to take offline. Government and industry are working to improve SCADA security through awareness, training, and regulation.

Nozomi Networks is the leader of industrial cybersecurity, delivering real-time visibility to manage cyber risk & improve resilience for industrial operations. With one solution, customers gain advanced cybersecurity, improved operational reliability & easy IT/OT integration. Innovating the use of artificial intelligence, the company helps the largest industrial sites around the world See and Secure™ their critical industrial control networks. Today Nozomi Networks supports over a quarter of a million devices in the critical infrastructure, energy, manufacturing, mining, transportation & utility sectors, making it possible to tackle the escalating cyber risks to operational networks (OT).

This document summarizes a research paper that implemented a SCADA-based firewall to protect data transmission from external hacking devices. The paper first discusses a case study where an industrial control system was hacked 46 times. It then provides an overview of industrial firewalls and the differences between industrial and IT firewalls. The paper describes configuring a Tofino industrial firewall with SCADA-HMI and PLC assets. It tests the firewall by simulating scenarios without and with the firewall, showing the firewall prevents an attacker from accessing the PLC simulator based on communication protocols. The paper concludes customized industrial firewalls are needed and protocols must be regularly updated as cyber attacks evolve.