Article

Architecture and security of SCADA systems: A review

April 2021
International Journal of Critical Infrastructure Protection 34(Sgc):100433

April 2021
34(Sgc):100433

DOI:10.1016/j.ijcip.2021.100433

Authors:

Geeta Yadav

Indian Institute of Technology Delhi

Kolin Paul

Indian Institute of Technology Delhi

Pipeline bursting, production lines shut down, frenzy traffic, trains confrontation, the nuclear reactor shut down, disrupted electric supply, interrupted oxygen supply in ICU - these catastrophic events could result because of an erroneous SCADA system/ Industrial Control System (ICS). SCADA systems have become an essential part of automated control and monitoring of Critical Infrastructures (CI). Modern SCADA systems have evolved from standalone systems into sophisticated, complex, open systems connected to the Internet. This geographically distributed modern SCADA system is more vulnerable to threats and cyber attacks than traditional SCADA. Traditional SCADA systems were less exposed to Internet threats as they operated on isolated networks. Over the years, an increase in the number of cyber-attacks against the SCADA systems seeks security researchers’ attention towards their security. In this review paper, we first review the SCADA system architectures and comparative analysis of proposed/implemented communication protocols, followed by attacks on such systems to understand and highlight the evolving security needs for SCADA systems. A short investigation of the current state of intrusion detection techniques in SCADA systems is done, followed by a brief study of testbeds for SCADA systems. The cloud and Internet of things (IoT) based SCADA systems are studied by analyzing modern SCADA systems’ architecture. In the end, the review paper highlights the critical research problems that need to be resolved to close the security gaps in SCADA systems.

A Survey of Security Challenges in Cloud-Based SCADA Systems

Article

Full-text available

Apr 2024

Supervisory control and data acquisition (SCADA) systems enable industrial organizations to control and monitor real-time data and industrial processes. Migrating SCADA systems to cloud environments can enhance the performance of traditional systems by improving storage capacity, reliability, and availability while reducing technical and industrial costs. However, the increasing frequency of cloud cyberattacks poses a significant challenge to such systems. In addition, current research on cloud-based SCADA systems often focuses on a limited range of attack types, with findings scattered across various studies. This research comprehensively surveys the most common cybersecurity vulnerabilities and attacks facing cloud-based SCADA systems. It identifies four primary vulnerability factors: connectivity with cloud services, shared infrastructure, malicious insiders, and the security of SCADA protocols. This study categorizes cyberattacks targeting these systems into five main groups: hardware, software, communication and protocol-specific, control process, and insider attacks. In addition, this study proposes security solutions to mitigate the impact of cyberattacks on these control systems.

Sensing and Sensemaking of Early Warning Signs of Cyber Disasters in the Information

Thesis

Full-text available

Jan 2023

Joseph Ponnoly

In the context of catastrophic cyber black swan attacks on US critical infrastructures, the purpose of this qualitative descriptive study was to explore a proactive approach to cyber disasters in the information technology sector in the US, focused on the influence of knowledge-based strategies on sensing and sensemaking of the early warning signs of cyber disasters. Decision theory (prospect theory) and complexity theory (complex adaptive systems) underpinned the study. The research questions focused on identifying factors contributing to decision-making failures and systemic failures in detecting the warning signs of cyber disasters. A qualitative descriptive design was used to get a comprehensive perspective of the unexplored phenomenon. Data collection involved semi-structured interviews of 13 expert participants and two focus group discussions involving 7 expert participants from the target group. Data were analyzed using Braun and Clarke’s reflexive thematic analysis method and MAXQDA2022 software. The findings of this study were the critical challenges and knowledge enablers of sensing and sensemaking of the warning signs of cyber disasters. The conclusions support a new framework for proactive cyber disaster preparedness strategy and cyber early warning systems. Recommendations for future research include cyber disaster preparedness using prescriptive analytics, implementation of cyber early warning systems and a cyber disaster preparedness framework, and abductive thinking for decision-making under deep uncertainty.

Study of smart grid cyber-security, examining architectures, communication networks, cyber-attacks, countermeasure techniques, and challenges

Article

Full-text available

May 2024

Smart Grid (SG) technology utilizes advanced network communication and monitoring technologies to manage and regulate electricity generation and transport. However, this increased reliance on technology and connectivity also introduces new vulnerabilities, making SG communication networks susceptible to large-scale attacks. While previous surveys have mainly provided high-level overviews of SG architecture, our analysis goes further by presenting a comprehensive architectural diagram encompassing key SG components and communication links. This holistic view enhances understanding of potential cyber threats and enables systematic cyber risk assessment for SGs. Additionally, we propose a taxonomy of various cyberattack types based on their targets and methods, offering detailed insights into vulnerabilities. Unlike other reviews focused narrowly on protection and detection, our proposed categorization covers all five functions of the National Institute of Standards and Technology cybersecurity framework. This delivers a broad perspective to help organizations implement balanced and robust security. Consequently, we have identified critical research gaps, especially regarding response and recovery mechanisms. This underscores the need for further investigation to bolster SG cybersecurity. These research needs, among others, are highlighted as open issues in our concluding section.

Design and Application of a SCADA-IoT Platform for Monitoring a Raw Water Distribution Network

Article

Oct 2023

This paper presents the design and application of a SCADA-IoT (Supervisory Control and Data Acquisition-Internet of Things) platform for monitoring an hydraulic system which simulates the operation of the raw water distribution network in the municipality of Tecate, Baja California (B.C.), Mexico. Based on the design and construction of an academic prototype, which represents the called Las Auras-Nopalera-Cuchumá hydraulic system, we analize the behaviour of physical variables and the integration of hardware and software components with Industry 4.0 in order to develop on-field applications using the LOGO! Web Editor software from Siemens, and cloud applications using the open source Node-RED IoT platform. Experimental results illustrate the efectiveness of the proposed prototype which retrieves level, pressure, caudal and pH real-time values as well as some signals from actuators.

Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions toward automation, intelligence and transparent cybersecurity modeling for critical infrastructures

Article

Full-text available

Feb 2024

Critical infrastructure (CI) typically refers to the essential physical and virtual systems, assets, and services that are vital for the functioning and well-being of a society, economy, or nation. However, the rapid proliferation and dynamism of today’s cyber threats in digital environments may disrupt CI functionalities, which would have a debilitating impact on public safety, economic stability, and national security. This has led to much interest in effective cybersecurity solutions regarding automation and intelligent decision-making, where AI-based modeling is potentially significant. In this paper, we take into account “Rule-based AI” rather than other black-box solutions since model transparency, i.e., human interpretation, explainability, and trustworthiness in decision-making, is an essential factor, particularly in cybersecurity application areas. This article provides an in-depth study on multi-aspect rule based AI modeling considering human interpretable decisions as well as security automation and intelligence for CI. We also provide a taxonomy of rule generation methods by taking into account not only knowledge-driven approaches based on human expertise but also data-driven approaches, i.e., extracting insights or useful knowledge from data, and their hybridization. This understanding can help security analysts and professionals comprehend how systems work, identify potential threats and anomalies, and make better decisions in various real-world application areas. We also cover how these techniques can address diverse cybersecurity concerns such as threat detection, mitigation, prediction, diagnosis for root cause findings, and so on in different CI sectors, such as energy, transport, health, water, agriculture, etc. We conclude this paper with a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study.

Design of Fire Risk Estimation Method Based on Facility Data for Thermal Power Plants

Article

Full-text available

Nov 2023
SENSORS-BASEL

Simple Summary We provide a data classification and analysis method to estimate fire risk using facility data for thermal power plants. Experimental analysis is conducted on the data classified by the proposed method for 500 megawatt (MW) and 100 MW thermal power plants. Abstract In this paper, we propose a data classification and analysis method to estimate fire risk using facility data of thermal power plants. To estimate fire risk based on facility data, we divided facilities into three states—Steady, Transient, and Anomaly—categorized by their purposes and operational conditions. This method is designed to satisfy three requirements of fire protection systems for thermal power plants. For example, areas with fire risk must be identified, and fire risks should be classified and integrated into existing systems. We classified thermal power plants into turbine, boiler, and indoor coal shed zones. Each zone was subdivided into small pieces of equipment. The turbine, generator, oil-related equipment, hydrogen (H2), and boiler feed pump (BFP) were selected for the turbine zone, while the pulverizer and ignition oil were chosen for the boiler zone. We selected fire-related tags from Supervisory Control and Data Acquisition (SCADA) data and acquired sample data during a specific period for two thermal power plants based on inspection of fire and explosion scenarios in thermal power plants over many years. We focused on crucial fire cases such as pool fires, 3D fires, and jet fires and organized three fire hazard levels for each zone. Experimental analysis was conducted with these data set by the proposed method for 500 MW and 100 MW thermal power plants. The data classification and analysis methods presented in this paper can provide indirect experience for data analysts who do not have domain knowledge about power plant fires and can also offer good inspiration for data analysts who need to understand power plant facilities.

A Study on an IoT-Based SCADA System for Photovoltaic Utility Plants

Article

Full-text available

May 2024

Large-scale photovoltaic (PV) electricity production plants rely on reliable operation and maintenance (O&M) systems, often operated by means of supervisory control and data acquisition (SCADA) platforms aimed at limiting, as much as possible, the intrinsic volatility of this energy resource. The current trend is to develop SCADAs that achieve the finest possible control of the system components to efficiently and effectively cope with possible energy delivery problems. In this study, we investigated an innovative design of an IoT-based SCADA specifically tailored for large PV systems in which data transmission overheads are reduced by adopting lightweight protocols, and reliable data storage is achieved by means of hybrid solutions that allow the storage of historical data, enabling accurate performance analysis and predictive maintenance protocols. The proposed solution relies on an architecture where independent functional microservices handle specific tasks, ensuring scalability and fault tolerance. The technical approaches for IoT-SCADA connectivity are herein described in detail, comparing different possible technical choices. The proposed IoT-based SCADA is based on edge computing for latency reduction and to enhance real-time decision making, enabling scalability, and centralized management while leveraging cloud services. The resulting hybrid solutions that combine edge and cloud resources offer a balance between responsiveness and scalability. Finally, in the study, a blockchain solution was taken into account to certify energy data, ensuring traceability, security, and reliability in commercial transactions.

A Formal Model for Reliable Data Acquisition and Control in Legacy Critical Infrastructures

Preprint

Full-text available

Mar 2024

The digital transformation of critical infrastructures, such as energy or water distribution systems, is essential for their smart management. Faster issue identification and smoother services enable better adaptation to consumers' evolving demands. However, these large-scale infrastructures are often outdated. Their digital transformation is crucial to enable them supporting societies. This process must be carefully planned, providing guidance that ensures that the data they rely on is dependable and that the system remains fully operational during the transition. This paper presents a formal model that supports reliable data acquisition in legacy critical infrastructures, facilitating their evolution towards a data-driven smart system. Our model provides the foundation for a flexible transformation process while generating dependable data for system management. We demonstrate the model's applicability in a use case within the water distribution domain and discuss its benefits.

A Formal Model for Reliable Data Acquisition and Control in Legacy Critical Infrastructures

Article

Full-text available

Mar 2024

The digital transformation of critical infrastructures, such as energy or water distribution systems, is essential for their smart management. Faster issue identification and smoother services enable better adaptation to consumers’ evolving demands. However, these large-scale infrastructures are often outdated. Their digital transformation is crucial to enable them to support societies. This process must be carefully planned, providing guidance that ensures that the data they rely on are dependable and that the system remains fully operational during the transition. This paper presents a formal model that supports reliable data acquisition in legacy critical infrastructures, facilitating their evolution towards a data-driven smart system. Our model provides the foundation for a flexible transformation process while generating dependable data for system management. We demonstrate the model’s applicability in a use case within the water distribution domain and discuss its benefits

Multi-Stage Learning Framework Using Convolutional Neural Network and Decision Tree-Based Classification for Detection of DDoS Pandemic Attacks in SDN-Based SCADA Systems

Article

Full-text available

Feb 2024
SENSORS-BASEL

Citation: Polat, O.; Türkoglu, M.; Polat, H.; Oyucu, S.; Üzen, H.; Yardımcı, F.; Aksöz, A. Abstract: Supervisory Control and Data Acquisition (SCADA) systems, which play a critical role in monitoring, managing, and controlling industrial processes, face flexibility, scalability, and management difficulties arising from traditional network structures. Software-defined networking (SDN) offers a new opportunity to overcome the challenges traditional SCADA networks face, based on the concept of separating the control and data plane. Although integrating the SDN architecture into SCADA systems offers many advantages, it cannot address security concerns against cyber-attacks such as a distributed denial of service (DDoS). The fact that SDN has centralized management and programmability features causes attackers to carry out attacks that specifically target the SDN controller and data plane. If DDoS attacks against the SDN-based SCADA network are not detected and precautions are not taken, they can cause chaos and have terrible consequences. By detecting a possible DDoS attack at an early stage, security measures that can reduce the impact of the attack can be taken immediately, and the likelihood of being a direct victim of the attack decreases. This study proposes a multi-stage learning model using a 1-dimensional convolutional neural network (1D-CNN) and decision tree-based classification to detect DDoS attacks in SDN-based SCADA systems effectively. A new dataset containing various attack scenarios on a specific experimental network topology was created to be used in the training and testing phases of this model. According to the experimental results of this study, the proposed model achieved a 97.8% accuracy rate in DDoS-attack detection. The proposed multi-stage learning model shows that high-performance results can be achieved in detecting DDoS attacks against SDN-based SCADA systems.

Autonomous Response Agent for Cyber Physical System Attacks: A Model-Free Deep Reinforcement Learning Approach (Drl-Irs)

Preprint

Full-text available

Jan 2024

Dynamic Data Abstraction-Based Anomaly Detection for Industrial Control Systems

Article

Full-text available

Dec 2023

Industrial control systems (ICS) are critical networks directly linked to the value of core national and societal assets, yet they are increasingly becoming primary targets for numerous cyberattacks today. The ICS network, a fusion of operational technology (OT) and information technology (IT) networks, possesses a broad attack vector, and attacks targeting ICS often take the form of advanced persistent threats (APTs) exploiting zero-day vulnerabilities. However, most existing ICS security techniques have been adaptations of security technologies for IT networks, and security measures tailored to the characteristics of ICS data are currently insufficient. To mitigate cyber threats to ICS networks, this paper proposes an anomaly detection technique based on dynamic data abstraction. The proposed method abstracts ICS data collected in real time using a dynamic data abstraction technique based on noise reduction. The abstracted data are then used to optimize both the update rate and the detection accuracy of the anomaly detection model through model adaptation and incremental learning processes. The proposed approach updates the model by quickly reflecting data on new attack patterns and their distributions, effectively shortening the dwell time in response to APTs utilizing zero-day vulnerabilities. We demonstrate the attack response performance and detection accuracy of the proposed dynamic data abstraction-based anomaly detection technique through experiments using the SWaT dataset generated from a testbed of an actual ICS process. The experiments show that the proposed model achieves high accuracy with a small number of abstracted data while rapidly learning new attack pattern data in real-time without compromising accuracy. The proposed technique can effectively respond to cyberattacks targeting ICS by quickly learning and reflecting trends in attack patterns that exploit zero-day vulnerabilities.

A Formal Model for Reliable Digital Transformation of Water Distribution Networks

Article

Dec 2023

The concept of modernizing outdated systems in critical infrastructure through digital transformation has been a widely discussed topic nowadays. Following the transition of energy systems, the attention has now shifted towards digitalizing the water distribution systems. These systems are large-scale but outdated systems that frequently encounter various issues and upgrading them would enable easier to identify issues and provide smoother, more efficient service. However, this process requires cautious planning and guidance to ensure that the generated data is reliable, and the system remains operational during the transition. Hence, the primary objective of this paper is to propose a formal model based on ternary relational semantics that can guide the digital transformation of water distribution networks. The proposed model provides a flexible transformation process while making the system generate reliable data. Additionally, this paper demonstrates the application of the proposed model by developing a proof of concept based on a real-world scenario.

Log specification and intelligent analysis method based on oil and gas pipeline SCADA system

Article

Full-text available

Nov 2023

As the control center of the natural gas long-distance pipeline network, the SCADA system shoulders the important tasks of data collection and monitoring of the whole long-distance pipeline, gas transmission management, production scheduling, operation and maintenance coordination in production, and plays a very important role in the whole oil and gas pipeline. In this paper, firstly, the SCADA system for localized long-distance pipelines is explained in detail, including its basic structure and special solutions to problems. Secondly, the AdaBoost algorithm, which combines the MapReduce parallel computing framework, is introduced to collect and process data from the operation logs of the SCADA system and normalize the logs. Finally, to test the interaction between the improved AdaBoost algorithm and the SCADA system, a system test was conducted. The results show that the average latency of scheduling the logs of the SCADA system by AdaBoost algorithm with MapReduce parallel computing framework is only 39.82ms, the average processing speed of the log normalization file data under the multi-threaded mode of the system reaches 86.51GB/s, and the effective accuracy of the fault diagnosis is as high as 90.36%. This shows that the oil and gas pipeline SCADA system interacting with data visualization technology can process operation logs more quickly and can carry out real-time intelligent supervision of the working status and operation parameters of the whole auxiliary system, promoting the intelligent development of the oil and gas pipeline SCADA system.

Intrusion detection for power grid: a review

Article

Full-text available

Dec 2023
INT J INF SECUR

Cyber-attacks on power system assets are increasingly causing disruption of operations for modern-day utilities. Intrusion detection systems are essential for the detection and categorization of these attacks in real-time. A large number of researchers and practitioners have developed such systems for protecting various power grid components against a number of possible attacks. In this paper, we review the studies and outline their significance. We first briefly describe various power system components that are vulnerable to attack. Then we categorize known attack types. Finally, we present the literature referring to these aspects of building intrusion detection systems for power grids.

Formally Verified ZTA Requirements for OT/ICS Environments with Isabelle/HOL: Preprint

Preprint

Full-text available

Oct 2023

The clean energy transformation led to the integration of distributed energy resources on a top of the grid, and so a substantial increase in the complexity of power grids infrastructure and the underlying operational technology environment. Operational technology environments are becoming a system of systems, integrating heterogeneous devices which are software/hardware intensive, have ever increasing demands to exploit advances in commodity of software/hardware infrastructures, and this for good reasons-improving energy systems requirements such as cybersecurity and resilience. In such a setting, system requirements at different levels mix, thus undesirable outcomes will surely happen. The use of formal methods will remove ambiguity, increase automation and provide high levels of assurance and reliability. In this paper, we contribute a methodology and a framework for the system level verification of zero trust architecture requirements in operational technology environments. We define a formal specification for the core functionalities of operational technology environments, the corresponding invariants, and security proofs. Of particular note is our modular approach for the formal verification of asynchronous interactions in operational technology environments. The formal specification and the proofs have been mechanized using the interactive theorem proving environment Isabelle/HOL.

APPROACHES TO MONITORING OIL AND GAS PIPELINES

Conference Paper

Jan 2023

Effective monitoring of oil and gas pipelines is critical to the safety of both the energy infrastructure and the surrounding environment, making it an integral part of any nation's energy system. Protecting the energy system and the environment requires thorough monitoring of oil and gas pipelines, recognizing their indispensable role in a country's overall energy infrastructure. Adequate monitoring of oil and gas pipelines is essential as they are woven into the energy system of any nation and play a critical role in preserving the environment through which they pass. There are different approaches for monitoring oil and gas pipelines, the main objective of which is to have their conditions in real-time, especially in cases where they are exposed to various natural events, such as seismic effects, movements of tectonic blocks, karsts, landslides, frost and other natural phenomena, which often lead to the accidental destruction of oil and gas pipelines. This paper provides an analysis of the various approaches used to monitor major oil and gas pipelines.

Securing Industrial Control Systems: Components, Cyber Threats, and Machine Learning-Driven Defense Strategies

Article

Full-text available

Oct 2023
SENSORS-BASEL

Industrial Control Systems (ICS), which include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC), play a crucial role in managing and regulating industrial processes. However, ensuring the security of these systems is of utmost importance due to the potentially severe consequences of cyber attacks. This article presents an overview of ICS security, covering its components, protocols, industrial applications, and performance aspects. It also highlights the typical threats and vulnerabilities faced by these systems. Moreover, the article identifies key factors that influence the design decisions concerning control, communication, reliability, and redundancy properties of ICS, as these are critical in determining the security needs of the system. The article outlines existing security countermeasures, including network segmentation, access control, patch management, and security monitoring. Furthermore, the article explores the integration of machine learning techniques to enhance the cybersecurity of ICS. Machine learning offers several advantages, such as anomaly detection, threat intelligence analysis, and predictive maintenance. However, combining machine learning with other security measures is essential to establish a comprehensive defense strategy for ICS. The article also addresses the challenges associated with existing measures and provides recommendations for improving ICS security. This paper becomes a valuable reference for researchers aiming to make meaningful contributions within the constantly evolving ICS domain by providing an in-depth examination of the present state, challenges, and potential future advancements.

A Fault Detection Framework Based On Data-driven Digital Shadows

Article

Jan 2024

The popularization of Industry 4.0 and its technological pillars has allowed Prognostics and Health Management (PHM) strategies to be applied in complex systems in order to optimize their performance and extend their useful life by taking advantage of a digitalized, integrated environment. Due to this context, the use of digital twins and digital shadows, which are virtual representations of physical systems that provide real-time monitoring and analysis of the health and performance of the system, have been increasingly used in the application of fault detection, a key component of PHM. Taking that into consideration, this work proposes a framework for fault detection in engineering systems based on the construction and application of a digital shadow. This digital shadow is based on a digital model composed of a system of equations and a continuous, real-time communication process with a Supervisory Control and Data Acquisition (SCADA) system. The digital model is generated using monitoring data from the system under study. The proposed method was applied in two case studies, one based on synthetic data and another that uses a simulated database of an operational generating unit of a hydroelectric power plant. The method, in both case studies, was able to detect faults accurately and effectively. Besides, the method provides by-products that can be used in the future in other applications, helping with the PHM in other aspects.

The Age of Information in Wireless Cellular Systems: Gaps, Open Problems, and Research Challenges

Article

Full-text available

Oct 2023
SENSORS-BASEL

One of the critical use cases for prospective fifth generation (5G) cellular systems is the delivery of the state of the remote systems to the control center. Such services are relevant for both massive machine-type communications (mMTC) and ultra-reliable low-latency communications (URLLC) services that need to be supported by 5G systems. The recently introduced the age of information (AoI) metric representing the timeliness of the reception of the update at the receiver is nowadays commonly utilized to quantify the performance of such services. However, the metric itself is closely related to the queueing theory, which conventionally requires strict assumptions for analytical tractability. This review paper aims to: (i) identify the gaps between technical wireless systems and queueing models utilized for analysis of the AoI metric; (ii) provide a detailed review of studies that have addressed the AoI metric; and (iii) establish future research challenges in this area. Our major outcome is that the models proposed to date for the AoI performance evaluation and optimization deviate drastically from the technical specifics of modern and future wireless cellular systems, including those proposed for URLLC and mMTC services. Specifically, we identify that the majority of the models considered to date: (i) do not account for service processes of wireless channel that utilize orthogonal frequency division multiple access (OFDMA) technology and are able to serve more than a single packet in a time slot; (ii) neglect the specifics of the multiple access schemes utilized for mMTC communications, specifically, multi-channel random access followed by data transmission; (iii) do not consider special and temporal correlation properties in the set of end systems that may arise naturally in state monitoring applications; and finally, (iv) only few studies have assessed those practical use cases where queuing may happen at more than a single node along the route. Each of these areas requires further advances for performance optimization and integration of modern and future wireless provisioning technologies with mMTC and URLLC services.

Security Analysis of DNP3 Protocol in SCADA System

Conference Paper

Aug 2023

A self-adaptation-based approach to resilience improvement of complex internets of utility systems

Article

Full-text available

Aug 2023

Resilience improvement of complex internets of utility systems is still an open issue for the current research. Proposed solutions fail to implement an integrated approach to detection, mitigation, and reaction which is able to face both well-known and new, previously unknown cyber-attacks (in particular distributed ones, which constitute one of the most serious and still unresolved threat scenarios affecting networked systems). In this work, we present the conceptual architecture of a novel multi-layer distributed Intrusion Detection and Reaction System based on the Autonomic Communication paradigm. The architecture relies on a self-organizing cooperative overlay network of complementary components that are dynamically and autonomously adapted to face distributed cyberattacks against Industrial Control Systems. The proposed architecture aims at being a guideline for experts and practitioners to address the well-known problem of distributed nature of new types of cyber-attacks, by implementing mechanisms to orchestrate available resources for effective detection and remediation dynamically. A distributed flow monitoring system provides input data to cooperative intrusion detection agents, which allow correlating information from heterogeneous feeds to improve the identification of attacks originating from both the inside and the outside of the monitored network and to support customizable remediation mechanisms.

Smart Substation Communications and Cybersecurity: A Comprehensive Survey

Article

Full-text available

Aug 2023

Electrical grids generate, transport, distribute and deliver electrical power to consumers through a complex Critical Infrastructure which progressively shifted from an air-gaped to a connected architecture. Specifically, Smart Substations are important parts of Smart Grids, providing switching, transforming, monitoring, metering and protection functions to offer a safe, efficient and reliable distribution of electrical power to consumers. The evolution of electrical power grids was closely followed by the digitization of all its parts and improvements in communication and computing infrastructures, leading to an evolution towards digital smart substations with improved connectivity. However, connected smart substations are exposed to cyber threats which can result in blackouts and faults which may propagate in a chain reaction and damage electrical appliances connected across the electrical grid. This work organizes and offers a comprehensive review of architectural, communications and cybersecurity standards for smart substations, complemented by a threat landscape analysis and the presentation of a Defense-in-Depth strategy blueprint. Furthermore, this work examines several defense mechanisms documented in the literature, existing datasets, testbeds and evaluation methodologies, identifying the most relevant open issues which may guide and inspire future research work.

Smart Micro Grid Architecture for Realtime Monitoring of Solar Photovoltaic Based on Internet of Things

Article

Full-text available

Jun 2023

The use of PV solar energy as an alternative renewable energy source has increased worldwide. The smart grid monitoring system is applied on a micro scale for the fulfilment of household electricity needs or Smart Home Micro Grid (SHMG) using Artificial Intelligent (AI) and Internet of Things (IoT) approaches. Problems in solar PV systems include uncertainty and non-linearity which have an impact on the increasingly complex structure of the energy data generated and accelerate control and decision making. The forecasting process carried out using the AI approach is indispensable for the utilization of PV systems, especially for distributed residential PV that is operated and maintained independently. Furthermore, the use of IoT technology is also important to accelerate information processing and improve performance in the monitoring system. The purpose of this research is to develop a solar PV monitoring system framework at SHMG to optimize the performance of the electricity supply sourced from solar PV basen on IoT.

Security and Reliability Concerns of AI on Critical Embedded Systems

Chapter

Jun 2024

Reliability evaluation of energy storage SCADA system considering cyber attacks

Conference Paper

May 2024

A critical analysis of the industrial device scanners’ potentials, risks, and preventives

Article

Full-text available

May 2024

Industrial device scanners allow anyone to scan devices on private networks and the Internet. They were intended as network security tools, but they are commonly exploited as attack tools, as scanning can reveal vulnerable devices. However, from a defensive perspective, this vulnerability disclosure could be used to secure devices if characteristics such as type, model, manufacturer, and firmware could be identified. Automated scanning reports can help to apply security measures before an attacker finds a vulnerability. A complete device recognition procedure can then be seen as the basis for auditing networks and identifying vulnerabilities to mitigate cyber-attacks, especially among Industrial Internet of Things (IIoT) devices that are part of critical systems. In this survey, considering SCADA (Supervisory Control and Data Acquisition) systems as monitoring and control components of essential infrastructure, we focus on analyzing the architectures, specifications, and constraints of several industrial device scanners. In addition, we examine the information revealed by the scanners to identify the threats posed by them on industrial systems and networks. We analyze monthly and yearly statistics of cyber-attack incidents to investigate the role of these scanners in accelerating attacks. By presenting the findings of an experimentation, we highlight how easily anyone could identify hundreds of Internet-connected industrial devices in Sweden, which could lead to a major service interruption in industrial environments designed for minimal human involvement. We also discuss several methods to avoid scanners or reduce their identifying capabilities to conceal industrial devices from unauthorized access.

Machine Learning in Modern SCADA Systems: Opportunities and Challenges

Conference Paper

Mar 2024

Research on Tree-Line Grounding Fault Identification Technology based on Primary and Secondary Fusion Switch

Conference Paper

Dec 2023

A New Dataset for Intrusion Detection in Industrial Control System: A Gas Pipeline Testbed Study

Conference Paper

Dec 2023

A Review Paper: Security for Supervisory Control and Data Acquisition SCADA Based on DNP3

Conference Paper

Dec 2023

Security in SCADA System: A Technical Report on Cyber Attacks and Risk Assessment Methodologies

Conference Paper

Feb 2024

Sadaquat Ali

Supervisory Control and Data Acquisition (SCADA) systems have become indispensable in a wide range of industries worldwide. These systems facilitate the monitoring and managing complex physical processes by employing field devices and actuators. However, the growing reliance on SCADA systems and the transition to standardized protocols have introduced significant security risks, leading to an alarming rise in reported cyber-attacks. This paper focuses on addressing the security challenges SCADA systems face by exploring risk assessment methodologies. Organizations can proactively protect their systems from potential threats by comprehending the architectural intricacies of SCADA networks and analyzing existing risk assessment techniques. Moreover, an investigation into recent cyber attacks sheds light on the emerging trends and tactics that pose a considerable risk to SCADA systems. By integrating robust risk assessment methodologies, organizations can effectively enhance the security of SCADA systems and mitigate the potential damage caused by cyber-attacks. This paper also highlights the latest trends and tactics that is supposed to be very successful against SCADA systems, with a historical review of all attacks and their frequency throughout the year. #COMESYSO1120.

A hierarchical modeling strategy for condition monitoring and fault diagnosis of wind turbine using SCADA data

Article

Feb 2024

Architecture Approach to Manage Electricity Utility in a Smart City

Conference Paper

Apr 2023

A Short Review of Cybersecurity Issues and Efforts in the Water Industry

Chapter

Feb 2024

As water infrastructure becomes increasingly connected, it is also becoming more vulnerable to cyber-attacks. In this paper, we review real-world examples of cyber-attacks on water systems, highlighting the potential risks and threats faced by the water sector. To better understand the vulnerabilities of water systems to cyber-attack, we develop an architecture of the water system and analyze the potential risks and threats at each layer of the architecture. We then recommend security requirements for each layer to enhance the overall security of the water system. We also review the existing international standards and initiatives related to securing the water sector. Our research shows that securing water systems against cyber threats requires a comprehensive approach that considers both technical and organizational measures. This paper contributes to the growing body of literature on water security and provides a valuable resource for policymakers and practitioners to improve and enhance the security and resilience of water systems against cyber threats.

SCADA-rendszerek kiberbiztonsága a létfontosságú rendszerelemek tekintetében 1.

Article

Full-text available

Jan 2023

Viktória Hankó

Napjainkban a technológiai fejlődéssel a kiberbiztonság szerepe is egyre meghatározóbb, hiszen mind a magánszemélyeknek, mind a vállalatoknak lépést kell tartani a kibertámadások alakulásával – legyen szó azok számosságáról vagy módozatairól. Ezeknek a támadásoknak kiemelt célpontjai az ipari létesítmények, létfontosságú rendszerelemek, amelyeknek meghatározó elemei a SCADA-rendszerek. Ezzel összefüggésben elmondható, hogy ezekben a létesítményekben az átlagosnál jóval magasabb szintű védelemre van szükség szerepükből fakadóan. A tanulmány első részében a szerző ismerteti a SCADA-rendszer alapfogalmait, valamint azokat az előírásokat, jó gyakorlatokat, amelyek a létesítéshez, illetve működtetéshez szükségesek. Továbbá bemutatja a korábbi, illetve az aktuális kiberbiztonsági kihívásokat mind általános, mind pedig SCADA-rendszerre fókuszálva – a támadási metódus, a támadás éve, valamint az érintett szektor besorolása alapján.

Towards a Modular IOT Simulation System for Industry

Conference Paper

Jan 2024

In this article, there is approached the simulation of Industry 4.0 environments, being used as an example, the textile industry. There will be explained the concept of simulating Industry 4.0 factory floors, approaching many topics such as the benefits of this solution, how it can be used in every industry sector, and most importantly the work and research that has been done around the subject area. The textile industry will be used as an example and, therefore, there will be explained later in the document more specific details regarding the appliance of the solution to the industry sector that is being approached. This explanation will include the required materials for the development of a prototype, as well as the used methods and expected results. In terms of results, this study created a scalable architecture and three data models that can config and store the simulation data.

A Conceptual Framework for Wireless Interconnection of Pole Mount Distribution Transformers Using Directional Beamforming by Phased Array Antenna System

Conference Paper

Oct 2023

Khalid Imtiaz Saad

Electrical Grid Anomaly Detection via Tensor Decomposition

Conference Paper

Oct 2023

Integration of SCADA and Industrial IoT: Opportunities and Challenges

Article

Aug 2023

Development of Security Mechanisms in Cloud Based SCADA Systems

Conference Paper

Aug 2023

A Comprehensive Survey of Cybersecurity Threats, Attacks, and Effective Countermeasures in Industrial Internet of Things

Article

Full-text available

Nov 2023

The Industrial Internet of Things (IIoT) ecosystem faces increased risks and vulnerabilities due to adopting Industry 4.0 standards. Integrating data from various places and converging several systems have heightened the need for robust security measures beyond fundamental connection encryption. However, it is difficult to provide adequate security due to the IIoT ecosystem’s distributed hardware and software. The most effective countermeasures must be suggested together with the crucial vulnerabilities, linked threats, and hazards in order to protect industrial equipment and ensure the secure functioning of IIoT systems. This paper presents a thorough analysis of events that target IIoT systems to alleviate such concerns. It also offers a comprehensive analysis of the responses that have been advanced in the most recent research. This article examines several kinds of attacks and the possible consequences to understand the security landscape in the IIoT area. Additionally, we aim to encourage the development of effective defenses that will lessen the hazards detected and secure the privacy, accessibility, and reliability of IIoT systems. It is important to note that we examine the issues and solutions related to IIoT security using the most recent findings from research and the literature on this subject. This study organizes and evaluates recent research to provide significant insight into the present security situation in IIoT systems. Ultimately, we provide outlines for future research and projects in this field.

Identification and correction of abnormal measurement data in power system based on graph convolutional network and gated recurrent unit

Article

Nov 2023
ELECTR POW SYST RES

Development of a cloud intelligent machine monitoring and control system

Article

Oct 2023

Facing the trend of Industry 4.0, the cloud-based supervisory control and data acquisition (SCADA) system employing cloud computing and IoT technology can help the manufacturing industry reduce software investment and system maintenance costs. However, manufacturers may need to install new sensors and controllers, the connection of SCADA system and shop floor machine controller, monitoring dashboard design and implementation usually need to outsource to an experienced system integration company, which may impede medium-sized manufacturing enterprises (SMEs). This paper aims to develop a cloud-based intelligent machine monitoring and control system (CIM-MCS) framework, the service structure, and approach to deploying the CIM-MCS in a public cloud infrastructure platform and service provider. The package diagram is proposed for building the CIM-MCS’s virtual factory model to improve modeling efficiency and data stability. CIM-MCS and its SCADA application in a leading automatic filling and packaging production line show that the CIM-MCS is easy to implement. The transmission time is short and acceptable for practical application. The integration of CIM-MCS with a cloud-based advanced planning scheduling system has the advantage of real-time monitoring, production progress reporting, scheduling, and dispatching and achieves the goal of anytime, anywhere, anyone, and any platform operating an intelligent factory.

SCADA System for Realtime Hanger Management Experiment in Painting Process

Conference Paper

Aug 2023

EARIC: Exploiting ADC Registers in IoT and Control Systems

Chapter

Oct 2023

An analog-to-digital converter (ADC) is a critical part of most computing systems as it converts analog signals into quantifiable digital values. Since most digital devices operate only on digital values, the ADC acts as an interface between the digital and analog worlds. Hence, ADCs are commonly used in a wide-range of application areas, such as internet of things (IoT), industrial control systems (ICS), cyber-physical systems (CPS), audio/video devices, medical imaging, digital oscilloscopes, and cell phones, among others. For example, programmable logic controllers (PLCs) in ICS/CPS often make control decisions based on digital values that are converted from analog signals by ADCs. Due to its crucial role in various applications, ADCs are often targeted by a wide-range of physical and cyber attacks. Attackers may exploit vulnerabilities that could be found in the software/hardware of ADCs. In this work, we first conduct a deeper study on the ADC conversion logic to scrutinize relevant vulnerabilities that were not well explored by prior works. Hence, we manage to identify exploitable vulnerabilities on certain ADC registers that are used in the ADC conversion process. These vulnerabilities can allow attackers to launch dangerous attacks that can disrupt the behaviour of the targeted system (e.g., an IoT or control system) in a stealthy way. As a proof of concept, we design three such attacks by exploiting the vulnerabilities identified. Finally, we test the attacks on a mini-CPS testbed we designed using IoT devices, analog sensors and actuators. Our experimental results reveal high effectiveness of the proposed attack techniques in misleading PLCs to make incorrect control decisions in CPS. We also analyze the impact of such attacks when launched in realistic CPS testbeds.

Wide area Monitoring and Protection in Cyber Physical Infrastructure

Conference Paper

May 2023

IoT ESP32 device for remote experiment manipulation within a LiFePO 4 energy storage study

Conference Paper

Jun 2023

A Review of Anomaly Detection Strategies to Detect Threats to Cyber-Physical Systems

Article

Full-text available

Jul 2023

Cyber-Physical Systems (CPS) are integrated systems that combine software and physical components. CPS has experienced rapid growth over the past decade in fields as disparate as telemedicine, smart manufacturing, autonomous vehicles, the Internet of Things, industrial control systems, smart power grids, remote laboratory environments, and many more. With the widespread integration of Cyber-Physical Systems (CPS) in various aspects of contemporary society, the frequency of malicious assaults carried out by adversaries has experienced a substantial surge in recent times. Incidents targeting vital civilian infrastructure, such as electrical power grids and oil pipelines, have become alarmingly common due to the expanded connectivity to the public internet, which significantly expands the vulnerability of CPS. This article presents a comprehensive review of existing literature that examines the latest advancements in anomaly detection techniques for identifying security threats in Cyber-Physical Systems. The primary emphasis is placed on addressing life safety concerns within industrial control networks (ICS). A total of 296 papers are reviewed, with common themes and research gaps identified. This paper makes a novel contribution by identifying the key challenges that remain in the field, which include resource constraints, a lack of standardized communication protocols, extreme heterogeneity that hampers industry consensus, and different information security priorities between Operational Technology (OT) and Information Technology (IT) networks. Potential solutions and/or opportunities for further research are identified to address these selected challenges.

A systematic literature review on wireless security testbeds in the cyber-physical realm

Article

Jul 2023
COMPUT SECUR

A Systematic Framework to Generate Invariants for Anomaly Detection in Industrial Control Systems

Conference Paper

Full-text available

Jan 2019

DIDEROT: an intrusion detection and prevention system for DNP3-based SCADA systems

Conference Paper

Full-text available

Aug 2020

In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment.

Experimenting with Digital Signatures over a DNP3 Protocol in a Multitenant Cloud-Based SCADA Architecture

Article

Full-text available

Aug 2020

The ideas presented in this paper are summarized as follows. The first idea entails improving the security of supervisory control and data acquisition (SCADA) architectures by means of asymmetric cryptography and digital signatures and measuring the performance overhead. This allows achieving some obvious subsequent goals such as data-origin authentication, and the traceability and implicit non-repudiation of commands given to intelligent field and direct control equipment. The possibility to include digital signatures with a minimum impact on a standard and a reliable data communication protocol, such as Distributed Network Protocol version 3 (DNP3), also known to have a mature, industrially validated, open-source implementation, has been tested and the results are presented. A second idea concerns designing and developing a multitenant cloud-based architecture for a SCADA environment. This hypothesis focuses on certain SCADA operators that manage multiple industrial control systems (ICS) and intend to consolidate process data in a centralized manner.

SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations

Article

Full-text available

Jan 2020
COMPUT SECUR

Growing dependency and remote accessibility of automated industrial automation systems have transformed SCADA (Supervisory Control and Data Acquisition) networks from strictly isolated to highly interconnected networks. This increase in interconnectivity between systems raises operational efficiency due to the ease of controlling and monitoring of processes, however, this inevitable transformation also exposes the control system to the outside world. As a result, effective security strategies are required as any vulnerability of the SCADA system could generate severe financial and/or safety implications. The primary task when identifying holes in the system is to have proper awareness of the SCADA vulnerabilities and threats. This approach will help to identify potential breaches or aspects in the system where a breach may occur. This paper describes various types of potential SCADA vulnerabilities by taking real incidents reported in standard vulnerability databases. A comprehensive review of each type of vulnerability has been discussed along with recommendations for the improvement of SCADA security systems.

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

Article

Full-text available

May 2020

Specific intrusion detection systems (IDSs) are needed to secure modern supervisory control and data acquisition (SCADA) systems due to their architecture, stringent real-time requirements, network traffic features and specific application layer protocols. This article aims to contribute to assess the state-of-the-art, identify the open issues and provide an insight for future study areas. To achieve these objectives, we start from the factors that impact the design of dedicated intrusion detection systems in SCADA networks and focus on network-based IDS solutions. We propose a structured evaluation methodology that encompasses detection techniques, protected protocols, implementation tools, test environments and IDS performance. Special attention is focused on assessing implementation maturity as well as the applicability of each surveyed solution in the Future Internet environment. Based on that, we provide a brief description and evaluation of 26 selected research papers, published in the period 2015–2019. Results of our analysis indicate considerable progress regarding the development of machine learning-based detection methods, implementation platforms, and to some extent, sophisticated testbeds. We also identify research gaps and conclude the analysis with a list of the most important directions for further research.

Cyber security for fog-based smart grid SCADA systems: Solutions and challenges

Article

Full-text available

Jun 2020

This paper presents a comprehensive survey of existing cyber security solutions for fog-based smart grid SCADA systems. We start by providing an overview of the architecture and the concept of fog-based smart grid SCADA systems and its main components. According to security requirements and vulnerabilities, we provide a classification of these solutions into four categories, including authentication solutions, privacy-preserving solutions, key management systems, and intrusion detection systems. For each category, we describe the essence of the methods and provide a classification with respect to security requirements. Therefore, according to the machine learning methods used by the intrusion detection system (IDS), we classify the IDS solutions into nine categories, including deep learning-based IDS, artificial neural networks-based IDS, support vector machine-based IDS, decision tree-based IDS, rule-based IDS, Bloom filter-based IDS, random forest-based IDS, random subspace learning-based IDS, and deterministic finite automaton-based IDS. The informal and formal security analysis techniques used by the cyber security solutions are tabulated and summarized. In addition, we provide a taxonomy of attacks tackled by privacy-preserving and authentication solutions in the form of tables. Based on the present study, several proposals for challenges and research issues such as detecting false data injection attacks are discussed at the end of the paper.

Cloud-Based Autonomic Computing Framework for Securing SCADA Systems

Chapter

Full-text available

Jan 2020

This chapter proposes an autonomic computing security framework for protecting cloud-based supervisory control and data acquisition (SCADA) systems against cyber threats. Autonomic computing paradigm is based on intelligent computing that can autonomously take actions under given conditions. These technologies have been successfully applied to many problem domains requiring autonomous operations. One such area of national interest is SCADA systems that monitor critical infrastructures such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks. The SCADA systems have evolved from isolated systems into a complex, highly connected systems requiring constant availability. The migration of such systems from in-house to cloud infrastructures has gradually gained prominence. The deployments over cloud infrastructures have brought new cyber security threats, challenges, and mitigation opportunities. SCADA deployment to cloud makes it imperative to adopt newer architectures and measures that can proactively and autonomously react to an impending threat.

Risk mitigation in electric power systems: Where to start?

Article

Full-text available

Nov 2019

Abstract Power grids are becoming increasingly intelligent. In this regard, they benefit considerably from the information technology (IT) networks coupled with their underlying operational technology (OT) networks. While IT networks provide sufficient controllability and observability of power grid assets such as voltage and reactive power controllers, distributed energy resources, among others, they make those critical assets vulnerable to cyber threats and risks. In such systems, however, several technical and economic factors can significantly affect the patching and upgrading decisions of their components including, but not limited to, limited time and budget as well as legal constraints. Thus, resolving all vulnerabilities at once could seem like an insuperable hurdle. To figure out where to start, an involved decision maker (e.g. a security team) has to prudently prioritize the possible vulnerability remediation actions. The key objective of prioritization is to efficiently reduce the inherent security risk to which the system in question is exposed. Due to the critical role of power systems, their decision makers tend to enhance the system resilience against extreme events. Thus, they seek to avoid decision options associated with likely severe risks. Practically, this risk attitude guides the decision-making process in such critical organizations and hence the sought-after prioritization as well.Therefore, the contribution of this work is to provide an integrated risk-based decision-support methodology for prioritizing possible remediation activities. It leverages the Time-To-Compromise security metric to quantitatively assess the risk of compromise. The developed risk estimator considers several factors including: i) the inherent assessment uncertainty, ii) interdependencies between the network components, iii) different adversary skill levels, and iv) public vulnerability and exploit information. Additionally, our methodology employs game theory principles to support the strategic decision-making process by constructing a chain of security games. Technically, the remediation actions are prioritized through successively playing a set of dependent zero-sum games. The underlying game-theoretical model considers carefully the stochastic nature of risk assessments and the specific risk attitude of the decision makers involved in the patch management process across electric power organizations.

A taxonomy and survey of attacks against machine learning

Article

Full-text available

Nov 2019

The majority of machine learning methodologies operate with the assumption that their environment is benign. However, this assumption does not always hold, as it is often advantageous to adversaries to maliciously modify the training (poisoning attacks) or test data (evasion attacks). Such attacks can be catastrophic given the growth and the penetration of machine learning applications in society. Therefore, there is a need to secure machine learning enabling the safe adoption of it in adversarial cases, such as spam filtering, malware detection, and biometric recognition. This paper presents a taxonomy and survey of attacks against systems that use machine learning. It organizes the body of knowledge in adversarial machine learning so as to identify the aspects where researchers from different fields can contribute to. The taxonomy identifies attacks which share key characteristics and as such can potentially be addressed by the same defence approaches. Thus, the proposed taxonomy makes it easier to understand the existing attack landscape towards developing defence mechanisms, which are not investigated in this survey. The taxonomy is also leveraged to identify open problems that can lead to new research areas within the field of adversarial machine learning.

Securing SCADA-based Critical Infrastructures: Challenges and Open Issues

Article

Full-text available

Jan 2019

Conventionally, the security of critical infrastructures was mainly focused on environmental threats. Cyber attacks, nevertheless, have shifted the attention to various other threats and damages. The attackers try to exploit vulnerabilities in networks and Internet of Things (IoT) technologies, since these technologies are the integral part of the critical systems. Therefore, the vulnerability of Critical Infrastructure (CI) against cyber threats has led the need to devise modern security measures. Unavailability or failure of one CI can cause enormous devastation and damage to the society, economy and stability by provoking cascading failures to many other related infrastructures. Traditional security measures attempt to cater well-known emerging threats; however, strong and adaptive security measures/techniques are inevitable to defend against innovative attacks. This paper presents a survey on cyber threats and defense measures to highlight the necessity for securing SCADA-based critical infrastructures and provides an insight into the security challenges and open issues in this regard.

Literature review as a research methodology: An overview and guidelines

Article

Full-text available

Aug 2019
J BUS RES

Hannah Snyder

Knowledge production within the field of business research is accelerating at a tremendous speed while at the same time remaining fragmented and interdisciplinary. This makes it hard to keep up with state-of-the-art and to be at the forefront of research, as well as to assess the collective evidence in a particular area of business research. This is why the literature review as a research method is more relevant than ever. Traditional literature reviews often lack thoroughness and rigor and are conducted ad hoc, rather than following a specific methodology. Therefore, questions can be raised about the quality and trustworthiness of these types of reviews. This paper discusses literature review as a methodology for conducting research and offers an overview of different types of reviews, as well as some guidelines to how to both conduct and evaluate a literature review paper. It also discusses common pitfalls and how to get literature reviews published.

MSICST: Multiple-Scenario Industrial Control System Testbed for Security Research

Article

Full-text available

Jan 2019
CMC-COMPUT MATER CON

Compliance verification of a cyber security standard for Cloud-connected SCADA

Conference Paper

Full-text available

Jun 2019

LICSTER -A Low-cost ICS Security Testbed for Education and Research

Conference Paper

Full-text available

Sep 2019

Unnoticed by most people, Industrial Control Systems (ICSs) control entire productions and critical infrastructures such as water distribution, smart grid and automotive manufacturing. Due to the ongoing digitalization, these systems are becoming more and more connected in order to enable remote control and monitoring. However, this shift bears significant risks, namely a larger attack surface, which can be exploited by attackers. In order to make these systems more secure, it takes research, which is, however, difficult to conduct on productive systems, since these often have to operate twenty-four-seven. Testbeds are mostly very expensive or based on simulation with no real-world physical process. In this paper, we introduce LICSTER, an open-source low-cost ICS testbed, which enables researchers and students to get hands-on experience with industrial security for about 500 Euro. We provide all necessary material to quickly start ICS hacking, with the focus on low-cost and open-source for education and research.

HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems

Article

Full-text available

Jul 2019

Critical infrastructures, for example, electricity generation and dispersal networks, chemical processing plants and gas distribution are governed and monitored by Supervisory Control and Data Acquisition Systems (SCADA). Detecting intrusion is a prevalent area of study for numerous years, and several intrusion detection systems have been suggested in the literature for cyber-physical systems and industrial control system (ICS). In recent years, the virus seismic net, duqu and flame against ICS attacks have caused tremendous damage to nuclear facilities and critical infrastructure in some countries. These intensified attacks have sounded the alarm for the security of the industrial control system in many countries. The challenge in constructing an intrusion detection framework is to deal with unbalanced intrusion datasets, i.e. when one class is signified by a lesser amount of instances (minority class). To this end, we outline an approach to deal with this issue and propose an anomaly detection method for ICS. Our propose approach uses a hybrid model that takes advantage of the anticipated and consistent nature of communication patterns that occur amongst ground devices in ICS setups. First, we applied some preprocessing techniques to standardize and scale the data. Second, dimensionality reduction algorithms are applied to improve the process of anomaly detection. Third, we employed Edited Nearest-Neighbor rule algorithm to balance the dataset. Forth, by using Bloom filter, a signature database is created by noting the system for a specific period lacking the occurrence of abnormalities. Finally, to detect new attacks we combined our package contents level detection with another instance-based learner to make a hybrid method for anomaly detection. Experimental results with a real large scale dataset generated from a gas pipeline SCADA system shows that the propose approach HML-IDS outperforms the benchmark models with an accuracy rate of 97%.

Forget the Myth of the Air Gap: Machine Learning for Reliable Intrusion Detection in SCADA Systems

Article

Full-text available

Jul 2018

Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances, Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however, is difficult nowadays due to the massive spread ofconnectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number andvariety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systemsusing a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional LongShort Term Memory (BLSTM) are assessed in terms of accuracy, precision, recall and F1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications. Our experiments reveal that RF and BLSTM detect intrusions effectively, with an F1 score of respectively > 99% and > 96%.

Attacking IEC-60870-5-104 SCADA Systems

Conference Paper

Full-text available

Jun 2019

The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity.

Analysis of Cyber-Attacks on IEC 61850 Networks

Conference Paper

Full-text available

Sep 2017

ISAAC: The Idaho CPS Smart Grid Cybersecurity Testbed

Conference Paper

Full-text available

Feb 2019

The landscape of cyber and other threats to Cyber Physical Systems (CPS), such as the Power Grid, is growing rapidly. Realistic and reconfigurable testbeds are needed to be able to develop, test, improve, and deploy practical cybersecurity solutions for CPS. We introduce the design of ISAAC, the Idaho CPS Smart Grid Cybersecurity Testbed. ISAAC is a crossdomain, distributed, and reconfigurable testbed, which emulates a realistic power utility and provides researchers with the tools needed to develop and test integrated cybersecurity solutions. Some components of ISAAC are fully functional, with ongoing research projects utilizing the functional components. When fully developed, the capabilities of ISAAC will include: 1) Multiple emulated power utility substations and control networks; 2) Emulating wide-area power transmission and distribution systems, 3) Emulated SCADA control centers, 4) Advanced visualization and cyber-analytics, including machine learning. ISAAC will enable the development, testing, evaluation, and validation of holistic cyber-physical security approaches for cyber physical systems and the Smart Grid. We hope that our endeavor, ISAAC, will help further the boundaries of CPS research and education.

Safety and Security Risk Assessment in Cyber-Physical Systems

Article

Full-text available

Apr 2019

The term cyber physical systems (CPS) refers to a new generation of systems with integrated computational and physical capabilities through computation, communication, and control. In the past decades, related techniques for CPS have been well studied and developed, and are widely applied in the fields such as industrial automation, smart transportation, aerospace, environment monitoring, and smart grids. However, with the expansion of CPS complexity and the enhancement of the system openness, most of CPS become not only safety-critical but also security-critical since deeply involving both physical objects and computer networks. In the last decade, it is no longer rare to see safety incidents and security attacks happening in industries. Safety and security issues are increasingly converging on CPS, leading to new situations in which these two closely interdependent issues should now be considered together, rather than separately or in sequence. This paper reviews the existing approaches of risk assessment and management from the perspective of safety, security, and their integration. The comparisons of these approaches are summarised with their pros and cons before the technical gaps between the demand and the current situation of safety and security issues in CPS are identified.

A secure fog‐based platform for SCADA‐based IoT critical infrastructure

Article

Full-text available

Feb 2019

The rapid proliferation of Internet of things (IoT) devices, such as smart meters and water valves, into industrial critical infrastructures and control systems has put stringent performance and scalability requirements on modern Supervisory Control and Data Acquisition (SCADA) systems. While cloud computing has enabled modern SCADA systems to cope with the increasing amount of data generated by sensors, actuators, and control devices, there has been a growing interest recently to deploy edge data centers in fog architectures to secure low‐latency and enhanced security for mission‐critical data. However, fog security and privacy for SCADA‐based IoT critical infrastructures remains an under‐researched area. To address this challenge, this contribution proposes a novel security “toolbox” to reinforce the integrity, security, and privacy of SCADA‐based IoT critical infrastructure at the fog layer. The toolbox incorporates a key feature: a cryptographic‐based access approach to the cloud services using identity‐based cryptography and signature schemes at the fog layer. We present the implementation details of a prototype for our proposed secure fog‐based platform and provide performance evaluation results to demonstrate the appropriateness of the proposed platform in a real‐world scenario. These results can pave the way toward the development of a more secure and trusted SCADA‐based IoT critical infrastructure, which is essential to counter cyber threats against next‐generation critical infrastructure and industrial control systems. The results from the experiments demonstrate a superior performance of the secure fog‐based platform, which is around 2.8 seconds when adding five virtual machines (VMs), 3.2 seconds when adding 10 VMs, and 112 seconds when adding 1000 VMs, compared to the multilevel user access control platform.

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Conference Paper

Full-text available

Oct 2018

This paper presents a study on detecting cyber attacks on industrial control systems (ICS) using convolutional neural networks. The study was performed on a Secure Water Treatment testbed (SWaT) dataset, which represents a scaled-down version of a real-world industrial water treatment plant. We suggest a method for anomaly detection based on measuring the statistical deviation of the predicted value from the observed value. We applied the proposed method by using a variety of deep neural network architectures including different variants of convolutional and recurrent networks. The test dataset included 36 different cyber attacks. The proposed method successfully detected 31 attacks with three false positives thus improving on previous research based on this dataset. The results of the study show that 1D convolutional networks can be successfully used for anomaly detection in industrial control systems and outperform recurrent networks in this setting. The findings also suggest that 1D convolutional networks are effective at time series prediction tasks which are traditionally considered to be best solved using recurrent neural networks. This observation is a promising one, as 1D convolutional neural networks are simpler, smaller, and faster than the recurrent neural networks.

Initiating predictive maintenance for a conveyor motor in a bottling plant using industry 4.0 concepts

Article

Full-text available

Aug 2018
INT J ADV MANUF TECH

For the past recent years, Industry 4.0 (I40) also known as smart manufacturing, together with advanced manufacturing techniques, has been introduced in the industrial manufacturing sector to improve and stabilize processes. Nevertheless, practical applications of these advanced technologies are still in their early stages resulting in slow adoption of the I40 concepts, especially for small- to medium-scale enterprises (SMEs). This paper proposes the design of an experimental method to integrate the practical use of Industry 4.0 in a small bottling plant; especially by detecting early faults or threats in conveyor motors and generating accordingly a predictive maintenance schedule. Using advanced programming functions of a Siemens S7-1200 programmable logic controller (PLC) controlling the bottling plant, vibration speed data is monitored through vibration sensors mounted on the motor and an efficient predictive maintenance plan is generated. The running PLC communicates with a supervisory control and data acquisition (SCADA) graphical user interface (GUI) which instantaneously displays maintenance schedules and allows, whenever required, flexible configuration of new maintenance rules. This paper also proposes a decentralized monitoring system from which vibration speed states can be monitored on a cloud-based report accessible via the Internet; the decentralized monitoring system also sends instant email notifications to the intended supervisor for every maintenance schedule generated. By its results, this research shows different possibilities of the practical use of Industry 4.0 basic concepts to better manufacturing operations within SMEs and opens a path for more improvement in this sector.

Autonomic Computing Architecture for SCADA Cyber Security

Article

Full-text available

Oct 2017

Autonomic computing paradigm is based on intelligent computing systems that can autonomously take actions under given conditions. These technologies have been successfully applied to many problem domains requiring autonomous operation. One such area of national interest is SCADA systems that monitor critical infrastructures such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks. The SCADA systems have evolved into a complex, highly connected system requiring high availability. On the other hand, cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. This highlights the need for newer measures that can proactively and autonomously react to an impending threat. This article proposes a SCADA system framework to leverage autonomic computing elements in the architecture for coping with the current challenges and threats of cyber security.

Improving Security for SCADA Control Systems

Conference Paper

Full-text available

Jan 2008

Mariana Hentea

The continuous growth of cyber security threats and attacks including the increasing sophistication of malware is impacting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. The reliable operation of modern infrastructures depends on computerized systems and SCADA systems. Since the emergence of Internet and World Wide Web technologies, these systems were integrated with business systems and became more exposed to cyber threats. There is a growing concern about the security and safety of the SCADA control systems. The Presidential Decision Directive 63 document established the framework to protect the critical infrastructure and the Presidential document of 2003, the National Strategy to Secure Cyberspace stated that securing SCADA systems is a national priority. The critical infrastructure includes telecommunication, transportation, energy, banking, finance, water supply, emergency services, government services, agriculture, and other fundamental systems and services that are critical to the security, economic prosperity, and social well-being of the public. The critical infrastructure is characterized by interdependencies (physical, cyber, geographic, and logical) and complexity (collections of interacting components). Therefore, information security management principles and processes need to be applied to SCADA systems without exception. Critical infrastructure disruptions can directly and indirectly affect other infrastructures, impact large geographic regions, and send ripples throughout the national and global economy. For example, under normal operating conditions, the electric power infrastructure requires fuels (natural gas and petroleum), transportation, water, banking and finance, telecommunication, and SCADA systems for monitoring and control.

A Survey of SCADA Testbed Implementation Approaches

Article

Full-text available

Jul 2017

Objectives: SCADA systems are turning into the central nerve system of the electric power system critical infrastructure. With the increasing availability and use of computer networks and the Internet as well as the convenience of cloud computing, SCADA systems have increasingly adopted Internet-of-Things technologies to significantly reduce infrastructure costs and increase ease of maintenance and integration. However, SCADA systems are obvious targets for cyber attacks that would seek to disrupt the critical infrastructure systems thus are governed by a SCADA system. Methods/Statistical Analysis: Cyber attacks exploit SCADA security vulnerabilities in order to take control or disrupt the normal operation of the system. Analyzing security vulnerability and loopholes are critical in developing security solutions for such systems. It is also equally important to test security solutions developed to protect SCADA systems. Findings: Experimenting on live systems is generally not advisable and impractical as this may render the system unstable. Such situation calls for the need of an experimental setup equivalent or quite close to the real scenario for developing and testing security solutions. Application/Improvements: This paper reviews common SCADA implementation approaches utilized in previous related works.

Assessing and Augmenting SCADA Cyber Security-A Survey of Techniques

Article

Full-text available

Jul 2017
COMPUT SECUR

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability.

RFDIDS: Radio Frequency-based Distributed Intrusion Detection System for the Power Grid

Conference Paper

Jan 2019

IoT-PEN: An E2E Penetration Testing Framework for IoT

Article

Sep 2020

The lack of inbuilt security protocols in cheap and resource-constrained Internet of Things (IoT) devices give privilege to an attacker to exploit these device’s vulnerabilities and break into the target device. Attacks like Mirai, Wannacry, Stuxnet, etc. show that a cyber-attack often comprises of a series of exploitations of victim device’s vulner- abilities. Timely detection and patching of these vulnerabilities can avoid future attacks. Penetration testing helps to identify such vulnerabilities. However, traditional penetration testing methods are not End-to-End, which fail to detect multi-hosts and multi-stages attacks. Even if an individual system is secure under some threat model, the attacker can use a kill-chain to reach the target system. In this paper, we introduced first-of-its-kind, IoT-PEN, a Penetration Testing Framework for IoT. The framework follows a client-server architecture wherein all IoT nodes act as clients and “a system with resources” as a server. IoT-PEN is an End-to-End, scalable, flexible and automatic penetration testing framework for discovering all possible ways an attacker can breach the target system using target-graphs. Finally, the paper recommends patch prioritization order by identifying critical nodes, critical paths for efficient patching. Our analysis shows that IoT-PEN is easily scalable to large and complex IoT networks.

Poster: SmartPatch: a patch prioritization framework for SCADA chain in smart grid

Conference Paper

Sep 2020

Supervisory Control and Data Acquisition (SCADA) systems are the industrial control systems and operational infrastructure that can monitor and control the electricity grid. Electricity grids are increasingly transforming from the one-directional way of generating, transmitting, and distributing electricity to smart grids that are multi-directional in the way they monitor, automate, and remotely operate the power sector. SCADA systems are increasingly under cyber attacks illustrating growing vulnerabilities to the smart grids. The U.S. power industry notes the importance of SCADA chain cyber risks and the need to take proactive measures (timely patching of vulnerabilities) to mitigate the risks. However, not all vulnerabilities are always exploited by attackers; and not all vulnerabilities can be patched in resource-constrained scenarios. Therefore, the patch sequence needs to be strategic and efficient. In this poster, we address the critical need to prioritize patching the smart grid SCADA systems on time. This is even more prominent with the advent of new technologies, usage of backup systems, updated standards, and new regulations on the safety and security of the smart grid. In this direction, we present SmartPatch - a patch prioritization method to address patch sequencing of the SCADA chain in the smart grid systems. It analyzes the possible attacker behavior as well as system criticality using game theory for decision making. It provides a patch prioritization strategy that is cost-constrained and reduces the impact of the possible attacks to a large extent.

Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks

Article

Oct 2020
COMPUT ELECTR ENG

This article presents the development of a Generic Object Oriented Substation Event (GOOSE) message traffic prediction system using a Nonlinear Autoregressive Model with Exogenous Input (NARX) input. An Artificial Neural Network was adopted to detect Distributed Denial-of-Service (DDoS) attacks in networks using the IEC-61850 protocol. The system uses the OpenFlow protocol to split the multicast groups of GOOSE messages, in which each transmission is analysed separately. The implemented intelligent system used 62 prediction steps with a percentage relative error of up to 5%. The system was embedded in the ZYBO development platform with the OpenMul controller. The results showed that the percentage relative error of each sample presents a determinant signature for classifying the state of operation of the electrical system, making it possible to identify DDoS attacks in communication networks for electric power substations.

Omni SCADA Intrusion Detection Using Deep Learning Algorithms

Article

Jul 2020

In this article, we investigate deep-learning-based omni intrusion detection system (IDS) for supervisory control and data acquisition (SCADA) networks that are capable of detecting both temporally uncorrelated and correlated attacks. Regarding the IDSs developed in this article, a feedforward neural network (FNN) can detect temporally uncorrelated attacks at an F <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">1</sub> of 99.967±0.005% but correlated attacks as low as 58±2%. In contrast, long short-term memory (LSTM) detects correlated attacks at 99.56±0.01% while uncorrelated attacks at 99.3±0.1%. Combining LSTM and FNN through an ensemble approach further improves the IDS performance with F <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">1</sub> of 99.68±0.04% regardless the temporal correlations among the data packets.

A Seamless Cloud Migration Approach to Secure Distributed Legacy Industrial SCADA Systems

Conference Paper

Feb 2020

A Taxonomy of Supervised Learning for IDSs in SCADA Environments

Article

Apr 2020

Supervisory Control and Data Acquisition (SCADA) systems play an important role in monitoring industrial processes such as electric power distribution, transport systems, water distribution, and wastewater collection systems. Such systems require a particular attention with regards to security aspects, as they deal with critical infrastructures that are crucial to organizations and countries. Protecting SCADA systems from intrusion is a very challenging task because they do not only inherit traditional IT security threats but they also include additional vulnerabilities related to field components (e.g., cyber-physical attacks). Many of the existing intrusion detection techniques rely on supervised learning that consists of algorithms that are first trained with reference inputs to learn specific information, and then tested on unseen inputs for classification purposes. This article surveys supervised learning from a specific security angle, namely SCADA-based intrusion detection. Based on a systematic review process, existing literature is categorized and evaluated according to SCADA-specific requirements. Additionally, this survey reports on well-known SCADA datasets and testbeds used with machine learning methods. Finally, we present key challenges and our recommendations for using specific supervised methods for SCADA systems.

Architecture and Prototype Implementation for Process-Aware Intrusion Detection in Electrical Grids

Conference Paper

Oct 2019

IoT-PEN: A Penetration Testing Framework for IoT

Conference Paper

Jan 2020

With the horizon of 5 th generation wireless systems (5G), Internet of Things (IoT) is expected to take the major portion of computing. The lack of inbuilt security and security protocols in cheap IoT devices give privilege to an attacker to exploit these device's vulnerabilities and break into the target device. IoT network security was initially perceived from the perspective of a single, or a few attacks surface only. However, attacks like Mirai, Wannacry, Stuxnet, etc. show that a cyber attack often comprises of a series of attacks on vulnerabilities of victim devices to reach the target device. Penetration testing is generally used to identify the vulnerabilities/ possible attacks on traditional systems periodically. A timely fix of these vulnerabilities can avoid future attacks. Traditional penetration testing methods focus on isolated and manual testing of a host that fails to detect attacks involving multi-hosts and multi-stages.In this paper, we introduced first-of-its-kind, IoT-PEN, a Penetration Testing Framework for IoT. The framework consists of server-client architecture with "a system with resources" as server and all "IoT nodes" as clients. IoT-PEN is an end-to-end, scalable, flexible, and automatic penetration testing framework for IoT. IoT-PEN seeks to discover all possible ways an attacker can breach the target system using target-graphs. It constructs prerequisite and postconditions for each vulnerability using the National Vulnerability Database (NVD). We also demonstrated that even if an individual system is secure under some threat model, the attacker can use a kill-chain (a sequence of exploitation of multiple vulnerabilities on different hosts) to reach the target system.

A Scalable Predictive Maintenance Model for Detecting Wind Turbine Component Failures Based on SCADA Data

Conference Paper

Aug 2019

SCADA (Supervisory Control and Data Acquisition) Systems: Vulnerability Assessment and Security Recommendations

Article

Nov 2019
COMPUT SECUR

PatchRank: Ordering updates for SCADA systems

Conference Paper

Sep 2019

Securing SCADA is a challenging task for the research community as well as the industry. SCADA networks form the basis of industrial productivity. Industry 4.0 is likely to see more expansive use of SCADA & IIoT for enhanced productivity. These complex systems consist of numerous vulnerable subsystems. It is challenging for the timely application of patches to all the vulnerabilities, due to resource constraints and the high cost of the patch process. Usually, the more severe (attack probable) weaknesses are patched first to secure the system. Often organizations ignore the vulnerabilities in the “critical” node in favor of securing a vulnerability in an isolated subsystem. Therefore, the sequence in which patches are applied needs to be prioritized. State of the art indicates that patch prioritization is primarily an art rather than any significant methodology being followed.This paper proposes PatchRank - a patch prioritization method for the SCADA systems based on Viable System Model, Common Vulnerability Scoring System, and Game theory. PatchRank provides a ranking of vulnerable nodes/subsystems as well as a ranking of subsystem vulnerabilities, thereby allowing well-formed strategies for patch management. This paper also proposes a “Usable Secure State” to define a security assurance level. A comparative analysis of PatchRank with other benchmark algorithms, i.e., SecureRank, CVSS, and density based prioritization shows that PatchRank converges to a usable secure state faster.

Assessment of SCADA System Vulnerabilities

Conference Paper

Sep 2019

SCADA system is an essential component for auto-mated control and monitoring in many of the Critical Infras-tructures (CI). Cyber-attacks like Stuxnet, Aurora, Maroochy onSCADA systems give us clear insight about the damage a deter-mined adversary can cause to any country’s security, economy,and health-care systems. An in-depth analysis of these attacks canhelp in developing techniques to detect and prevent attacks. Inthis paper, we focus on the assessment of SCADA vulnerabilitiesfrom the widely used National Vulnerability Database (NVD)until May 2019. We analyzed the vulnerabilities based on severity,frequency, availability, integrity and confidentiality impact, andCommon Weaknesses. The number of reported vulnerabilitiesare increasing yearly. Approximately 89% of the attacks are thenetwork exploits severely impacting availability of these systems.About 19% of the weaknesses are due to buffer errors due to theuse of insecure and legacy operating systems. We focus on findingthe answer to four key questions that are required for developingnew technologies for securing SCADA systems. We believe thisis the first study of its kind which looks at correlating SCADAattacks with publicly available vulnerabilities. Our analysis canprovide security researchers with useful insights into SCADAcritical vulnerabilities and vulnerable components, which needattention. We also propose a domain-specific vulnerability scoringsystem for SCADA systems considering the interdependency ofthe various components.

Deep-Learning-Based Network Intrusion Detection for SCADA Systems

Conference Paper

Jun 2019

On cloud security requirements, threats, vulnerabilities and countermeasures: A survey

Article

May 2019

The world is witnessing a phenomenal growth in the cloud enabled services and is expected to grow further with the improved technological innovations. However, the associated security and privacy challenges inhibit its widespread adoption, and therefore require further exploration. Researchers from academia, industry, and standards organizations have provided potential solutions to these challenges in the previously published studies. The narrative review presented in this survey, however, provides an integrationist end-to-end mapping of cloud security requirements, identified threats, known vulnerabilities, and recommended countermeasures, which seems to be not presented before at one place. Additionally, this study contributes towards identifying a unified taxonomy for security requirements, threats, vulnerabilities and countermeasures to carry out the proposed end-to-end mapping. Further, it highlights security challenges in other related areas like trust based security models, cloud-enabled applications of Big Data, Internet of Things (IoT), Software Defined Network (SDN) and Network Function Virtualization (NFV).

SCADA security using SSH honeypot

Conference Paper

Mar 2019

Industrial Control System (ICS) is a term that refers to control systems in production, transmission and distribution architecture in Smart Grid. These systems can be SCADA (Supervisory Control and Data Acquisition System) and DCS (Distributed Control Systems). ICS have moved from proprietary system to open and standard technologies interconnected with others networks such as Internet. This move to interconnecting ICS with others networks have exposed this system to different attacks and have revealed serious weaknesses. So, these systems must deployed protection measures like IDS, Firewalls, IPS and others. However, detection based on these measures is often based on prior knowledge of the attacks themselves and are not able to study the behavior and techniques used by attackers, which means that new attacks are not detectable by them. So, in order to detect new attacks, understand malicious activities targeting ICS, and analyses attackers' behaviors and techniques used by them, in this article, we use a SSH honeypot tool called Kippo in order to log brute force attacks and shell interaction performed by attackers in order to take attention away in the production server.

A fog computing based approach to DDoS mitigation in IIoT systems

Article

May 2019
COMPUT SECUR

Distributed denial of service (DDoS)cyber-attack poses a severe threat to the industrial Internet of Things (IIoT)operation due to the security vulnerabilities resulted from increased connectivity and openness, and the large number of deployed low computation power devices. This paper applies Fog computing concept in DDoS mitigation by allocating traffic monitoring and analysis work close to local devices, and, on the other hand, coordinating and consolidating work to cloud central servers so as to achieve fast response while at low false alarm rate. The mitigation scheme consists of real-time traffic filtering via field firewall devices, which are able to reversely filter the signature botnet attack packets; offline specification based traffic analysis via virtualized network functions (VNFs)in the local servers; and centralized coordination via cloud server, which consolidates and correlates the information from the distributed local servers to make a more accurate decision. The proposed scheme is tested in an industrial control system testbed and the experiments evaluate the detection time and rate for two types of DDoS attacks and demonstrate the effectiveness of the scheme.

Analysis of SCADA Security Using Penetration Testing: A Case Study on Modbus TCP Protocol

Conference Paper

Jun 2018

SCADAWall: A CPI-enabled firewall model for SCADA security

Article

Oct 2018
COMPUT SECUR

Many firewalls have been extending their security capabilities to support Supervisory Control and Data Acquisition (SCADA) systems or to protect the operations within industrial process control. A SCADA firewall usually needs to inspect deeper into the payload to understand exactly what detailed industrial applications are being executed. However, security features in traditional SCADA firewalls have drawbacks in two main aspects. First, a traditional Deep Packet Inspection (DPI) enabled SCADA firewall only partially inspects the content of payload. Specially-crafted packets carrying malicious payload can exploit this drawback to bypass the firewall's inspection. Second, existing SCADA firewalls have poor capability for protecting proprietary industrial protocols. In this paper, we propose a new SCADA firewall model called SCADAWall. This model is powered by our Comprehensive Packet Inspection (CPI) technology. SCADAWall also includes a new Proprietary Industrial Protocols Extension Algorithm (PIPEA) to extend capabilities to proprietary industrial protocol protection, and an Out-of-Sequence Detection Algorithm (OSDA) to detect abnormality within industrial operations. We have compared our security features with two commercial SCADA firewalls. Our experiment also shows that SCADAWall can effectively mitigate those drawbacks without sacrificing SCADA system's low latency requirement.

Virtualization of SCADA testbeds for cybersecurity research: A modular approach

Article

Jul 2018
COMPUT SECUR

SCADA systems were made robust to sustain tough industrial environments, but little care was taken to raise defenses against potential cyber threats. With time, the threats started pouring in and eliciting major concerns in the research community. The extremely high cost and critical nature of SCADA Systems has made it nearly impossible for researchers to perform experiments with live cyber-attacks. Hence, replicating the behavior of these complicated systems by developing high-fidelity testbeds and testing the vulnerabilities on them provides researchers with the necessary workspace to combat the threats currently haunting these legacy systems. However, high-fidelity testbeds like Deter and NSTB are not portable and are hard to replicate. Even though it was possible to identify some portable testbeds, they all have poor support on the virtualization of the SCADA controller or use hardware-in-the-loop, which affects portability. In this research, a novel-modular framework is proposed to replicate complex SCADA Systems entirely on a virtual simulation, which makes them very low cost and portable. The process of virtualizing each major component is discussed. Finally, the success of this methodology is demonstrated by replicating real world critical infrastructures, which are presented as case studies as well as cyberattacks to demonstrate the use of the framework for cybersecurity research.

Network security analysis SCADA system automation on industrial process

Conference Paper

Nov 2017

Applying domain-specific knowledge to construct features for detecting distributed denial-of-service attacks on the GOOSE and MMS protocols

Article

Jan 2018

Electric substation automation systems based on the IEC 61850 standard predominantly employ the GOOSE and MMS protocols. Because GOOSE and MMS messages are not encrypted, an attacker can observe packet header information in protocol messages and inject large numbers of spoofed messages that can flood a substation automation system. Sophisticated machine-learning-based intrusion detection systems are required to detect these types of distributed denial-of-service attacks. However, the performance of machine-learning-based classifiers is hindered by the relative lack of features that express GOOSE and MMS protocol behavior. This paper evaluates a number of features described in the literature that may be used to detect distributed denial-of-service attacks on the GOOSE and MMS protocols. However, these features do not include advanced features that capture the periodic transmission behavior of SCADA protocols. Three SCADA-protocol-specific steps are specified for constructing new GOOSE and MMS advanced features by leveraging domain knowledge and adopting a time-window-based feature construction method. The resulting feature set, which comprises seventeen new GOOSE and MMS advanced features, outperforms the feature sets described in previous research when used with the popular decision tree, neural network and support vector machine classifiers. The evaluations also reveal that the decision tree classifier is superior to the neural network and support vector machine classifiers. A key contribution of this research is the application of SCADA-protocol-based domain knowledge to develop high-performance intrusion detection systems that require reduced training and testing times.

Design of HART compliant analog input module for indigenous SCADA system

Conference Paper

Aug 2017

Architecture and security of SCADA systems: A review

Abstract

No full-text available

Recommended publications

Architecture and Security of SCADA Systems: A Review