Assessing and augmenting SCADA cyber security: a survey of techniques

Sajid Nazir, Shushma Patel, Dilip Patel

    Research output: Contribution to journalArticle

    420 Downloads (Pure)

    Abstract

    SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of Internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability.
    Original languageEnglish
    Pages (from-to)436-454
    JournalComputers & Security
    Volume70
    Early online date5 Jul 2017
    DOIs
    Publication statusPublished - Sep 2017

    Fingerprint

    SCADA systems
    Critical infrastructures
    Water supply
    Power generation
    Scalability
    Internet
    Economics
    water management
    compromise
    Costs
    exploitation
    assets
    manufacturing
    vulnerability
    threat
    infrastructure
    costs
    economics

    Keywords

    • SCADA systems
    • cyber security

    Cite this

    Nazir, Sajid ; Patel, Shushma ; Patel, Dilip. / Assessing and augmenting SCADA cyber security: a survey of techniques. In: Computers & Security. 2017 ; Vol. 70. pp. 436-454.
    @article{67c46b7669954c7fa4bea60fef212b36,
    title = "Assessing and augmenting SCADA cyber security: a survey of techniques",
    abstract = "SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of Internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability.",
    keywords = "SCADA systems, cyber security",
    author = "Sajid Nazir and Shushma Patel and Dilip Patel",
    note = "Acceptance in SAN (via screenshot of published paper) AAM: 12m embargo Compliant as paper added to previous HEI repository - link is to repository page (gives deposit and embargo date) as file under embargo.",
    year = "2017",
    month = "9",
    doi = "10.1016/j.cose.2017.06.010",
    language = "English",
    volume = "70",
    pages = "436--454",
    journal = "Computers & Security",
    issn = "0167-4048",
    publisher = "Elsevier B.V.",

    }

    Assessing and augmenting SCADA cyber security: a survey of techniques. / Nazir, Sajid; Patel, Shushma; Patel, Dilip.

    In: Computers & Security, Vol. 70, 09.2017, p. 436-454.

    Research output: Contribution to journalArticle

    TY - JOUR

    T1 - Assessing and augmenting SCADA cyber security: a survey of techniques

    AU - Nazir, Sajid

    AU - Patel, Shushma

    AU - Patel, Dilip

    N1 - Acceptance in SAN (via screenshot of published paper) AAM: 12m embargo Compliant as paper added to previous HEI repository - link is to repository page (gives deposit and embargo date) as file under embargo.

    PY - 2017/9

    Y1 - 2017/9

    N2 - SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of Internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability.

    AB - SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of Internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability.

    KW - SCADA systems

    KW - cyber security

    U2 - 10.1016/j.cose.2017.06.010

    DO - 10.1016/j.cose.2017.06.010

    M3 - Article

    VL - 70

    SP - 436

    EP - 454

    JO - Computers & Security

    JF - Computers & Security

    SN - 0167-4048

    ER -