Mind Map of a SCADA system - INVITATION TO PARTICIPATE

—Supervisory Control and Data Acquisition (SCADA) systems form a critical component to industries such as national power grids, manufacturing automation, nuclear power production and more. By interacting with control machines and providing real-time support to monitor, gather, and record data, SCADA systems show major impact in industrial environments. Along with the uncountable benefits of SCADA systems, inconceivable risks have raised. Moreover, SCADA operators, production staff and sometimes systems experts have no or little knowledge when applying security due diligence. In this paper, we systematically review SCADA security based on different aspects (i.e. SCADA components, vulnerability, severity, impact, etc.). Our goal is to provide an all-inclusive reference for future SCADA users and researchers. We also use a time-based heuristic approach to evaluate vulnerabilities and show the importance of the evaluation. We aim to establish a fundamental level of security due diligence to ensure SCADA risks are well-comprehended and managed.

IET Conference Publications, 2009

The concern in our society for "cyber attacks" is increasing and cyber security has become a hot topic when it comes to protecting nation's critical infrastructures. A new technological landscape has not only made the SCADA-systems more open but also more vulnerable to cyber attacks due to existing vulnerabilities. An effective state of the art approach for understanding weaknesses of SCADA-systems is to create graphical models over the system architecture, and perform analyses based on this. Based on practical assessments, literature and interviews surveys with both industry professionals and academics this paper highlights some common pitfalls when using graphical models commonly used as a basis for cyber security assessments of SCADAsystems.

SCADA systems have evolved from exotic hardware and software in the 1970’s, to systems that can include standard PCs and operating systems, TCP/IP communications and Internet access. The threat exposure has increased further by the common practice of linking SCADA networks to business networks. Intentional security threats to SCADA systems can be grouped as follows: 1. Malware 2.Terrorist 3. Hacker 4. Insider The insider may be motivated to damage or disrupt the SCADA system or the utility’s physical system. So we provide user security to prevent users from accessing certain parts of the system.

Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

This report summarizes selected ICT R&D projects in Europe whose technologies can be used for critical infrastructure protection (CIP), especially the electric power grid. This

Abstract—Supervisory Control and Data Acquisition (SCADA) systems are deeply ingrained in the fabric of critical infrastructure sectors. These computerized realtime process control systems, over geographically dispersed continuous distribution operations, are increasingly subject to serious damage and disruption by cyber means due to their standardization and connectivity to other networks. However, SCADA systems generally have little protection from the escalating cyber threats. In order to understand the potential danger and to protect SCADA systems, this project is to study the possible vulnerabilities of SCADA system and to present a set of security oriented goals.

International Journal of Information Technology and Management, 2016

The management and protection of these SCADA systems must constantly evolve towards integrated decision making and policy driven by cyber security requirements. The current research stream in this domain aims, accordingly, to foster the smartness of the field equipment which exist through the generic concept of SCADA management and operation. Those components are governed by policies which depend on the components roles, as well as on the evolution of the crisis which also confer to the latter the latitude to react based on their own perception of the crisis evolution. Their latitude is calculated based on the component smartness and is strongly determined by, and depending on, the cyber safety of the component environment. Existing work related to crisis management tends to consider that components evolve and are organized in systems but as far as we know, no systemic solution exists which integrates all of the above requirements. This paper proposes an innovative version of ArchiMate® for the SCADA components modelling purpose to enrich their collaborations and, more particularly, the description of their behavior endorsed in the cyber-policy. Our work has been illustrated in the frame of a critical infrastructure in the field of petroleum supply and storage networks.