Biblio

Supervisory Control and Data Acquisition (SCADA) systems are utilized extensively in critical power grid infrastructures. Modern SCADA systems have been proven to be susceptible to cyber-security attacks and require improved security primitives in order to prevent unwanted influence from an adversarial party. One section of weakness in the SCADA system is the integrity of field level sensors providing essential data for control decisions at a master station. In this paper we propose a lightweight hardware scheme providing inferred authentication for SCADA sensors by combining an analog to digital converter and a permutation generator as a single integrated circuit. Through this method we encode critical sensor data at the time of sensing, so that unencoded data is never stored in memory, increasing the difficulty of software attacks. We show through experimentation how our design stops both software and hardware false data injection attacks occurring at the field level of SCADA systems.

Supervisory control and data acquisition (SCADA) systems play pivotal role in the operation of modern critical infrastructures (CIs). Technological advancements, innovations, economic trends, etc. have continued to improve SCADA systems effectiveness and overall CIs’ throughput. However, the trends have also continued to expose SCADA systems to security menaces. Intrusions and attacks on SCADA systems can cause service disruptions, equipment damage or/and even fatalities. The use of conventional intrusion detection models have shown trends of ineffectiveness due to the complexity and sophistication of modern day SCADA attacks and intrusions. Also, SCADA characteristics and requirement necessitate exceptional security considerations with regards to intrusive events’ mitigations. This paper explores the viability of supervised learning algorithms in detecting intrusions specific to SCADA systems and their communication protocols. Specifically, we examine four supervised learning algorithms: Random Forest, Naïve Bayes, J48 Decision Tree and Sequential Minimal Optimization-Support Vector Machines (SMO-SVM) for evaluating SCADA datasets. Two SCADA datasets were used for evaluating the performances of our approach. To improve the classification performances, feature selection using principal component analysis was used to preprocess the datasets. Using prominent classification metrics, the SVM-SMO presented the best overall results with regards to the two datasets. In summary, results showed that supervised learning algorithms were able to classify intrusions targeted against SCADA systems with satisfactory performances.

Software-Defined Networking (SDN) technique is presented in this paper to manage the Naval Supervisory Control and Data Acquisition (SCADA) network for equipping the network with the function of reconfiguration and scalability. The programmable nature of SDN enables a programmable Modular Topology Generator (MTG), which provides an extensive control over the network’s internal connectivity and traffic control. Specifically, two functions of MTG are developed and examined in this paper, namely linkHosts and linkSwitches. These functions are able to place the network into three different states, i.e., fully connected, fully disconnected, and partially connected. Therefore, it provides extensive security benefits and allows network administrators to dynamically reconfigure the network and adjust settings according to the network’s needs. Extensive tests on Mininet have demonstrated the effectiveness of SDN for enabling the reconfigurable and scalable Naval SCADA network. Therefore, it provides a potent tool to enhance the resiliency/survivability, scalability/compatibility, and security of naval SCADA networks.

The SCADA (Supervisory Control And Data Acquisition) has become ubiquitous in industrial control systems. However, it may be exposed to cyber attack threats when it accesses the Internet. We propose a three-layer IDS (Intrusion Detection System) model, which integrates three main functions: access control, flow detection and password authentication. We use the reliability test system IEEE RTS-79 to evaluate the reliability. The experimental results provide insights into the establishment of the power SCADA system reliability enhancement strategies.

The aim of this paper is to examine noteworthy cyberattacks that have taken place against ICS and SCADA systems and to analyse them. This paper also proposes a new classification scheme based on the severity of the attack. Since the information revolution, computers and associated technologies have impacted almost all aspects of daily life, and this is especially true of the industrial sector where one of the leading trends is that of automation. This widespread proliferation of computers and computer networks has also made it easier for malicious actors to gain access to these systems and networks and carry out harmful activities.

The world’s most important industrial economy is particularly vulnerable to both external and internal threats, such as the one uncovered in Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS). Upon those systems, the success criteria for security are quite dynamic. Security flaws in these automated SCADA systems have already been discovered by infiltrating the entire network in addition to reducing production line hazards. The objective of our review article is to show various potential future research voids that recent studies have, as well as how many methods are available to concentrate on specific aspects of risk assessment of manufactured systems. The state-of-the-art methods in cyber security risk assessment of SCADA systems are reviewed and compared in this research. Multiple contemporary risk assessment approaches developed for or deployed in the settings of a SCADA system are considered and examined in detail. We outline the approaches’ main points before analyzing them in terms of risk assessment, conventional analytical procedures, and research challenges. The paper also examines possible risk regions or locations where breaches in such automated SCADA systems can emerge, as well as solutions as to how to safeguard and eliminate the hazards when they arise during production manufacturing.

SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Supervisory Control and Data Acquisition (SCADA) systems are used to control and monitor components within the energy grid, playing a significant role in the stability of the system. As a part of critical infrastructures, components in these systems have to fulfill a variety of different requirements regarding their dependability and must also undergo strict audit procedures in order to comply with all relevant standards. This results in a slow adoption of new functionalities. Due to the emerged threat of cyberattacks against critical infrastructures, extensive security measures are needed within these systems to protect them from adversaries and ensure a stable operation. In this work, a solution is proposed to integrate extensive security measures into current systems. By deploying additional security-gateways into the communication path between two nodes, security features can be integrated transparently for the existing components. The developed security-gateway is compliant to all regulatory requirements and features an internal architecture based on the separation-of-concerns principle to increase its security and longevity. The viability of the proposed solution has been verified in different scenarios, consisting of realistic field tests, security penetration tests and various performance evaluations.

This paper describes a cybersecurity model for Supervisory Control and Data Acquisition system (SCADA) using techniques similar to those used in reliability systems modelling. Previously, cybersecurity events were considered a part of the reliability events of a cyber physical system [1] [2]. Our approach identifies and treats such events separately as unique class of events by itself. Our analyses shows that the hierarchical model described below has the potential for quantifying the cybersecurity posture of a SCADA system, which goes beyond the usual pass/fail metrics that are currently in use [3]. A range of Mean Time to Security Failure (MTTSF) values as shown in the sensitivity studies below can capture both peacetime and wartime cyber risk assessment of the system. While the Attack and Countermeasure Tree (ACT) constructed below could be taken as somewhat simplistic, more detailed security events can be readily introduced to the ACT tree to reflect a better depiction of a cyberattack. For example, the Common Processing Systems (CPS) systems themselves can be further resolved into constituent components that are vulnerable to cyberattacks. Separate models can also be developed for each of the individual failure events, i.e. confidentiality, integrity, and availability, instead of combining them into one failure event as done below. The methodology for computing the MTTSF metric can be extended to other similar cybersecurity metrics, such as those formulated by the Center for Internet Security (CIS) [3], e.g. mean time to restore to operational status, etc. Additional improvements to the model can be obtained with the incorporation of the repair and restore portion of the semi-Markov chain in Figure 3, which will likely require the use of more advance modeling packages.

Security is an essential requirement of Industrial Control System (ICS) environments and its underlying communication infrastructure. Especially the lowest communication level within Supervisory Control and Data Acquisition (SCADA) systems - the field level - commonly lacks security measures.Since emerging wireless technologies within field level expose the lowest communication infrastructure towards potential attackers, additional security measures above the prevalent concept of air-gapped communication must be considered.Therefore, this work analyzes security aspects for the wireless communication protocol IO-Link Wireless (IOLW), which is commonly used for sensor and actuator field level communication. A possible architecture for an IOLW safety layer has already been presented recently [1].In this paper, the overall attack surface of IOLW within its typical environment is analyzed and attack preconditions are investigated to assess the effectiveness of different security measures. Additionally, enhanced security measures are evaluated for the communication systems and the results are summarized. Also, interference of security measures and functional safety principles within the communication are investigated, which do not necessarily complement one another but may also have contradictory requirements.This work is intended to discuss and propose enhancements of the IOLW standard with additional security considerations in future implementations.

Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS) use advanced computing, sensors, control systems, and communication networks to monitor and control industrial processes and distributed assets. The increased connectivity of these systems to corporate networks has exposed them to new security threats and made them a prime target for cyber-attacks with the potential of causing catastrophic economic, social, and environmental damage. Recent intensified sophisticated attacks on these systems have stressed the importance of methodologies and tools to assess the security risks of Industrial Control Systems (ICS). In this paper, we propose a novel game theory model and Monte Carlo simulations to assess the cybersecurity risks of an exemplary industrial control system under realistic assumptions. We present five game enrollments where attacker and defender agents make different preferences and we analyze the final outcome of the game. Results show that a balanced defense with uniform budget spending is the best strategy against a look-ahead attacker.

The Supervisory control and data acquisition (SCADA) systems have been continuously leveraging the evolution of network architecture, communication protocols, next-generation communication techniques (5G, 6G, Wi-Fi 6), and the internet of things (IoT). However, SCADA system has become the most profitable and alluring target for ransomware attackers. This paper proposes the deep learning-based novel ransomware detection framework in the SCADA controlled electric vehicle charging station (EVCS) with the performance analysis of three deep learning algorithms, namely deep neural network (DNN), 1D convolution neural network (CNN), and long short-term memory (LSTM) recurrent neural network. All three-deep learning-based simulated frameworks achieve around 97% average accuracy (ACC), more than 98% of the average area under the curve (AUC) and an average F1-score under 10-fold stratified cross-validation with an average false alarm rate (FAR) less than 1.88%. Ransomware driven distributed denial of service (DDoS) attack tends to shift the state of charge (SOC) profile by exceeding the SOC control thresholds. Also, ransomware driven false data injection (FDI) attack has the potential to damage the entire BES or physical system by manipulating the SOC control thresholds. It's a design choice and optimization issue that a deep learning algorithm can deploy based on the tradeoffs between performance metrics.

Monitoring and managing electric power generation, distribution and transmission requires supervisory control and data acquisition (SCADA) systems. As technology has developed, these systems have become huge, complicated, and distributed, which makes them susceptible to new risks. In particular, the lack of security in SCADA systems make them a target for network attacks such as denial of service (DoS) and developing solutions for this issue is the main objective of this thesis. By reviewing various existing system solutions for securing SCADA systems, a new security approach is recommended that employs Artificial Intelligence(AI). AI is an innovative approach that imparts learning ability to software. Here deep learning algorithms and machine learning algorithms are used to develop an intrusion detection system (IDS) to combat cyber-attacks. Various methods and algorithms are evaluated to obtain the best results in intrusion detection. The results reveal the Bi-LSTM IDS technique provides the highest intrusion detection (ID) performance compared with previous techniques to secure SCADA systems

In dynamic control centers, conventional SCADA systems are enhanced with novel assistance functionalities to increase existing monitoring and control capabilities. To achieve this, different key technologies like phasor measurement units (PMU) and Digital Twins (DT) are incorporated, which give rise to new cyber-security challenges. To address these issues, a four-stage threat analysis approach is presented to identify and assess system vulnerabilities for novel dynamic control center architectures. For this, a simplified risk assessment method is proposed, which allows a detailed analysis of the different system vulnerabilities considering various active and passive cyber-attack types. Qualitative results of the threat analysis are presented and discussed for different use cases at the control center and substation level.

Transient simulation is a critical task of validating the dynamic model of the power grid. We propose an off-line method for validating dynamic grid models and assessing the dynamic security of the grid in the presence of cyberattacks. Simulations are executed in PowerWorld and PSCAD/EMTDC to compare the impact on the grid of cyber-attacks. Generators in the IEEE 14-bus system have been modified to match the need of adjustment in modern power system operation. To get effective measurements for state estimation, SCADA polling model is reproduced in PSCAD/EMTDC by providing controlled sampling frequency. The results of a tripped line case and injecting false data to the loads caused by cyberattacks is presented and analyzed.

Supervisory control and data acquisition (SCADA) networks provide high situational awareness and automation control for industrial control systems, whilst introducing a wide range of access points for cyber attackers. To address these issues, a line of machine learning or deep learning based intrusion detection systems (IDSs) have been presented in the literature, where a large number of attack examples are usually demanded. However, in real-world SCADA networks, attack examples are not always sufficient, having only a few shots in many cases. In this paper, we propose a novel few-shot learning based IDS, named FS-IDS, to detect cyber attacks against SCADA networks, especially when having only a few attack examples in the defenders’ hands. Specifically, a new method by orchestrating one-hot encoding and principal component analysis is developed, to preprocess SCADA datasets containing sufficient examples for frequent cyber attacks. Then, a few-shot learning based preliminary IDS model is designed and trained using the preprocessed data. Last, a complete FS-IDS model for SCADA networks is established by further training the preliminary IDS model with a few examples for cyber attacks of interest. The high effectiveness of the proposed FS-IDS, in detecting cyber attacks against SCADA networks with only a few examples, is demonstrated by extensive experiments on a real SCADA dataset.

Modern power grids are dependent on communication systems for data collection, visualization, and control. Distributed Network Protocol 3 (DNP3) is commonly used in supervisory control and data acquisition (SCADA) systems in power systems to allow control system software and hardware to communicate. To study the dependencies between communication network security, power system data collection, and industrial hardware, it is important to enable communication capabilities with real-time power system simulation. In this paper, we present the integration of new functionality of a power systems dynamic simulation package into our cyber-physical power system testbed that supports real-time power system data transfer using DNP3, demonstrated with an industrial real-time automation controller (RTAC). The usage and configuration of DNP3 with real-world equipment in to achieve power system monitoring and control of a large-scale synthetic electric grid via this DNP3 communication is presented. Then, an exemplar of DNP3 data collection and control is achieved in software and hardware using the 2000-bus Texas synthetic grid.

Industry 4.0 or also known as the fourth industrial revolution poses a great cybersecurity risk for Supervisory control and data acquisition (SCADA) systems. Nowadays, lots of enterprises have turned into renewable energy and are changing the energy dependency to be on wind power. The SCADA systems are often vulnerable against different kinds of cyberattacks and thus allowing intruders to successfully and intrude exfiltrate different wind farm SCADA systems. During our research a future concept testbed of a wind farm SCADA system is going to be introduced. The already existing real-world vulnerabilities that are identified are later on going to be demonstrated against the test SCADA wind farm system.

Supervisory control and data acquisition (SCADA) systems are used with monitoring and control purposes for the process not to fail in industrial control systems. Today, the increase in the use of standard protocols, hardware, and software in the SCADA systems that can connect to the internet and institutional networks causes these systems to become a target for more cyber-attacks. Intrusion detection systems are used to reduce or minimize cyber-attack threats. The use of deep learning-based intrusion detection systems also increases in parallel with the increase in the amount of data in the SCADA systems. The unsupervised feature learning present in the deep learning approaches enables the learning of important features within the large datasets. The features learned in an unsupervised way by using deep learning techniques are used in order to classify the data as normal or abnormal. Architectures such as convolutional neural network (CNN), Autoencoder (AE), deep belief network (DBN), and long short-term memory network (LSTM) are used to learn the features of SCADA data. These architectures use softmax function, extreme learning machine (ELM), deep belief networks, and multilayer perceptron (MLP) in the classification process. In this study, anomaly-based intrusion detection systems consisting of convolutional neural network, autoencoder, deep belief network, long short-term memory network, or various combinations of these methods on the SCADA networks in the literature were analyzed and the positive and negative aspects of these approaches were explained through their attack detection performances.

In today’s world, Supervisory Control and Data Acquisition (SCADA) networks have many critical tasks, including managing infrastructure such as power, water, and sewage systems, and controlling automated manufacturing and transportation systems. Securing these systems is crucial. Here we describe a project to design security into an example system using formal specifications. Our example system is a component in a cybersecurity testbed at the University of Cincinnati, which was described in previous work. We also show how a design flaw can be discovered and corrected early in the system development process.

The increasing using of IoT technologies in the industrial sector creates new challenges for the information security of such systems. Using IoT-devices for building SCADA systems cause standard protocols and public networks for data transmitting. Commercial off-the-shelf devices and systems are a new base for industrial control systems, which have high-security risks. There are some useful models are exist for security analysis of information systems, but they do not take into account IoT architecture. The nested attributed metagraph model for the security of IoT-based solutions is proposed and discussed.

Various Machine Learning techniques are considered to be "black-boxes" because of their limited interpretability and explainability. This cannot be afforded, especially in the domain of Cyber-Physical Systems, where there can be huge losses of infrastructure of industries and Governments. Supervisory Control And Data Acquisition (SCADA) systems need to detect and be protected from cyber-attacks. Thus, we need to adopt approaches that make the system secure, can explain predictions made by model, and interpret the model in a human-understandable format. Recently, Autoencoders have shown great success in attack detection in SCADA systems. Numerous interpretable machine learning techniques are developed to help us explain and interpret models. The work presented here is a novel approach to use techniques like Local Interpretable Model-Agnostic Explanations (LIME) and Layer-wise Relevance Propagation (LRP) for interpretation of Autoencoder networks trained on a Gas Pipelines Control System to detect attacks in the system.

An open source and low-cost Supervisory Control and Data Acquisition System based on Node-RED and Arduino microcontrollers is presented in this paper. The system is designed for monitoring, supervision, and remotely controlling motors and sensors deployed for oil and gas facilities. The Internet of Things (IoT) based SCADA system consists of a host computer on which a server is deployed using the Node-RED programming tool and two terminal units connected to it: Arduino Uno and Arduino Mega. The Arduino Uno collects and communicates the data acquired from the temperature, flowrate, and water level sensors to the Node-Red on the computer through the serial port. It also uses a local liquid crystal display (LCD) to display the temperature. Node-RED on the computer retrieves the data from the voltage, current, rotary, accelerometer, and distance sensors through the Arduino Mega. Also, a web-based graphical user interface (GUI) is created using Node-RED and hosted on the local server for parsing the collected data. Finally, an HTTP basic access authentication is implemented using Nginx to control the clients' access from the Internet to the local server and to enhance its security and reliability.

Security maintenance of Supervisory Control and Data Acquisition (SCADA) systems has been a point of interest during recent years. Numerous research works have been dedicated to the design of intrusion detection systems for securing SCADA communications. Nevertheless, these data-driven techniques are usually dependant on the quality of the monitored data. In this work, we propose a novel feature selection approach, called MSFS, to tackle undesirable quality of data caused by feature redundancy. In contrast to most feature selection techniques, the proposed method models each class in a different subspace, where it is optimally discriminated. This has been accomplished by resorting to ensemble learning, which enables the usage of multiple feature sets in the same feature space. The proposed method is then utilized to perform intrusion detection in smaller subspaces, which brings about efficiency and accuracy. Moreover, a comparative study is performed on a number of advanced feature selection algorithms. Furthermore, a dataset obtained from the SCADA system of a gas pipeline is employed to enable a realistic simulation. The results indicate the proposed approach extensively improves the detection performance in terms of classification accuracy and standard deviation.

A Supervisory Control and Data Acquisition (SCADA) system used in controlling or monitoring purpose in industrial process automation system is the process of collecting data from instruments and sensors located at remote sites and transmitting data at a central site. Most of the existing works on SCADA system focused on simulation-based study which cannot always mimic the real world situations. We propose a novel methodology that analyzes SCADA logs on offline basis and helps to detect process-related threats. This threat takes place when an attacker performs malicious actions after gaining user access. We conduct our experiments on a real-life SCADA system of a Power transmission utility. Our proposed methodology will automate the analysis of SCADA logs and systemically identify undesired events. Moreover, it will help to analyse process-related threats caused by user activity. Several test study suggest that our approach is powerful in detecting undesired events that might caused by possible malicious occurrence.