Article attached? Write a 2 1/2 page paper that supports or opposes the author’s findings.? Please find two to three other peer-reviewed articles
Article attached
Write a 2 1/2 page paper that supports or opposes the author's findings. Please find two to three other peer-reviewed articles that support your position/argument.
Assessing and augmenting SCADA cyber security: a survey of techniques
Nazir, Sajid; Patel, Shushma; Patel, Dilip
Published in: Computers & Security
DOI: 10.1016/j.cose.2017.06.010
Publication date: 2017
Document Version Peer reviewed version
Link to publication in ResearchOnline
Citation for published version (Harvard): Nazir, S, Patel, S & Patel, D 2017, 'Assessing and augmenting SCADA cyber security: a survey of techniques', Computers & Security, vol. 70, pp. 436-454. https://doi.org/10.1016/j.cose.2017.06.010
General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.
Take down policy If you believe that this document breaches copyright please view our takedown policy at https://edshare.gcu.ac.uk/id/eprint/5179 for details of how to contact us.
Download date: 12. Apr. 2021
Abstract—SCADA systems monitor and control critical
infrastructures of national importance such as power generation
and distribution, water supply, transportation networks, and
manufacturing facilities. The pervasiveness, miniaturisations and
declining costs of internet connectivity have transformed these
systems from strictly isolated to highly interconnected networks.
The connectivity provides immense benefits such as reliability,
scalability and remote connectivity, but at the same time exposes
an otherwise isolated and secure system, to global cyber security
threats. This inevitable transformation to highly connected
systems thus necessitates effective security safeguards to be in
place as any compromise or downtime of SCADA systems can
have severe economic, safety and security ramifications. One way
to ensure vital asset protection is to adopt a viewpoint similar to
an attacker to determine weaknesses and loopholes in defences.
Such mind sets help to identify and fix potential breaches before
their exploitation. This paper surveys tools and techniques to
uncover SCADA system vulnerabilities. A comprehensive review
of the selected approaches is provided along with their
applicability.
Index Terms— cyber defence, anomaly detection, attack tools,
vulnerability, simulation, modelling, SCADA.
I. INTRODUCTION
UPERVISORY Control and Data Acquisition (SCADA)
systems are used to monitor and control critical national
infrastructures such as smart grids, oil and gas, power
generation and transmission, manufacturing, and
transportation networks. They are also used to manage public
utilities like buildings control, water, sewage, and traffic
lights. The downtime or compromise of these systems can
have disastrous consequences for the economy, public health
and national security.
SCADA systems (Figure 1) are cyber physical systems with
communication networks (wired and wireless) interfacing the
monitoring and control system with the hardware and
providing a large attack surface [1]. The architecture can be
envisaged as four layers as shown in Fig 1. At the lowest
level, field or slave devices (sensors, pumps, motors) provide
an interface for control and monitoring of the physical
process. At the next higher level, Remote Terminal Unit
(RTU) and Programmable Logic Controllers (PLC) aggregate
control (acting as master) for many field devices by passing
commands and responses through the communications
network to the SCADA server. PLC is a computer system
running Ladder Logic for decision making to control the field
devices. The operator monitors the process state through
Fig. 1. A simplified layered architecture for typical SCADA system.
Human-machine Interface (HMI) and controls the process by
activating commands as required [2]. A typical SCADA
system could have multiple supervisory systems, PLCs, RTUs,
HMIs, process and control instrumentation, sensors and
actuator devices over a large geographical area, interconnected
through a communications network.
The use and applications of SCADA systems has increased
as a result of rising levels of industrial process automation,
reduced cost of operation and growth in global economies.
Growth is expected to increase in the use of SCADA systems
and the investment is expected to reach up to $ 11.16 billion
by 2020 [3]. With the proliferation of the Internet of Things
(IoT), SCADA sensor and actuator devices which are Internet
connected SCADA systems are being transformed from a
traditional on-site, stand-alone system to an Internet-connected
remotely accessible system. An overview of challenges and
security requirements for IoT is provided in [4]. A significant
obstacle in IoT adoption is security aspects as it would be an
attractive target for hackers [4], [5].
There are many benefits of Internet access including
scalability, better communications protocols, efficiency, cost
effectiveness, interoperability between components [6] and
remote access, but SCADA systems were never designed with
network connectivity and security [5], [7] in mind. The focus
had always been on reliability rather than security, and
protection had been ensured through isolation and obscurity
[8], [9] by using proprietary standards. Since the 1990s the
control systems are being integrated with computer networks
[10] and also more and more Commercial-off-the-shelf
(COTS) products are being used in SCADA systems [11].
SCADA server and user interfaces are now accessible over the
Internet and cellular networks, providing many entry points
S. Nazir, S. Patel, D. Patel
Assessing and Augmenting SCADA Cyber
Security-A Survey of Techniques
S
for an attacker [8], [12]. Most SCADA communications
protocols are just plain-text [13], [14] with no message
authentication [15] making it easier for a man-in-the-middle
(MITM) attack. TCP/IP protocols have their own
vulnerabilities that can be exploited [5]. PLCs would treat
code as legitimate as long as it has the correct syntax [16]. The
threat landscape for SCADA systems has been broadened [8]
by Internet and cellular network connectivity, bringing along
open standards such as web technologies, which have known
security loopholes making it very easy for an attacker to gain
an in-depth knowledge of SCADA networks [17], [18]. The
modern SCADA communications use a variety of
communication media, such as WiFi, cellular, and Bluetooth.
Vulnerabilities in the communications protocols have been the
main focus and target of cyber attacks. Failure to protect the
SCADA infrastructure against the evolving threats of the
changed connectivity landscape can have disastrous
consequences. In the prevailing cyber security global
environment, it is not a matter of if an attack of catastrophic
proportion would happen, but rather when.
A Denial-of-Service (DoS) attack on a website can render a
service unavailable, but similar attacks on SCADA systems
can have potentially disastrous consequences [19] because of
the fallout of the controlled process getting out of control.
Stuxnet [16], June 2010, was the first malware designed to
attack control systems and was the first attack of its kind that
brought SCADA security vulnerabilities to prominence [19].
Prior to that although vulnerable, SCADA systems were not
considered to be actively targeted. Malware, such as Flame
(2012) that copied data, recorded Voice over Internet Protocol
(VoIP) audio and intercepted network traffic [19]. Stuxnet
(2010) and Duqu (2011) used USB devices to spread and
attacked the PLCs by changing the Ladder Logic code [19].
Havex (2014) can reportedly infect the software downloads
from the SCADA manufacturers’ web sites [20]. An active
group of attackers, Dragonfly [21], mainly target energy
sectors through malware tools and infect targeted
organisations using spam emails. These malware attacks
highlight security weaknesses in SCADA system design [22].
Other attacks like Slammer at Davis-Besse nuclear plant [10]
negate the illusion of security. The cyber attacks on SCADA
systems have seen a 100% increase [23]. General technology
awareness, widespread availability of free information, and the
current global security situation of state and non-state elements
with malicious intent, all combine to make launching such
attacks easier and probable.
Countering the cyber attack is an emergent need to provide
adequate safeguards against the cyber attacks by strengthening
the defence. The general cyber security safeguards such as
restricted physical access, cryptography, patch management,
separation of corporate and production systems (through
Demilitarized Zones (DMZ), Firewalls and Access Control
Lists (ACLs)), and activity logging are all applicable (Figure
2) but need to be viewed in conjunction with typical SCADA
systems characteristics. Nonetheless these security measures
are important as the corporate network could be the entry
point for launching an attack on the SCADA network. Most of
these security measures are not capable of defending SCADA
systems from attacks against SCADA protocols [24]. For
instance, SCADA characteristics make it difficult to apply
existing cryptographic techniques, due to limited
computational capability, low data rate, and the need for real-
time response [17]. The confidentiality, integrity and
availability (CIA) triad [25], applies to SCADA systems but
with a changed order of priority as Availability, integrity and
confidentiality (AIC), with availability being the most
important. Agencies such as the National Institute of
Standards and Technology (NIST), USA and European
Network and Information Security Agency (ENISA), provide
best practice documents for cyber security for SCADA
systems in particular. Protection for telework devices is
described in [26], Cyber security of SCADA systems in [27].
Guidelines for Patch management are provided in [28].
Protecting Industrial Control Systems (ICS) [2] has
recommendations for Europe and member states, which
identifies security challenges and recommends a common test
bed for security testing. North American Electric Reliability
Corporation (NERC) has released Critical Infrastructure
Protection (CIP) documents. The industry regulations have
started mandating the cyber security safeguards and this trend
is likely to increase in the future.
Investigating the effect of an attack on an actual system is
neither recommended due to the unintended consequences, nor
feasible on a replicated system due to the cost and effort
involved. Analysis methods and tools are very important to
secure such systems [29]. Therefore SCADA cyber security
researchers mostly rely on developments of simulation
software and hardware to model SCADA attacks to analyse
the system security. SCADA system security can be assessed
by using vulnerability analysis through actively attacking a
system which not only uncovers the vulnerabilities but can be
Fig. 2. DMZ with separation of trust zones.
used to determine the system failure response, which helps to
understand the system and provide necessary safeguards by
fixing the vulnerabilities. Techniques such as penetration
testing and vulnerability analysis can be considered inclusive
in vulnerability assessment [30].
Generic Simulators for SCADA systems are described in
[31] but the focus is not on cyber security. Smart Grid
simulators [32] provide a useful reference for simulation tools
but do not address SCADA or cyber security. Vulnerability
assessment and analysis comprises of a spectrum of
techniques from the simplest ones doing port scanning to those
involving exploitation of vulnerabilities, as in an actual attack
[27].
This paper provides a comprehensive survey of simulation,
modelling and related techniques helpful for assessing the
cyber-attack vulnerabilities of SCADA systems. In this paper
we aim to cover the array of techniques for assessing SCADA
vulnerabilities under simulation, modelling, tools and
techniques as these are often employed by researchers for
SCADA cyber security. This categorisation is purely with a
view to better organise the research literature rather than a
taxonomy. We also highlight recent technology innovations
which can aid in minimizing the effect of cyber security risks.
The rest of the paper is organized into the following
sections. Section II provides SCADA systems’ characteristics
and vulnerabilities. Section III covers the simulation and
modelling techniques for identifying security weaknesses.
Section IV describes other tools and techniques for evaluating
defence. Section V provides conclusions, and Section VI
discusses future research directions.
II. SCADA SYSTEM CHARACTERISTICS AND VULNERABILITIES
SCADA system (Figure 1) differs in characteristics from a
conventional information technology (IT) system [8], [27].
SCADA systems have tighter constraints on reliability, latency
and uptime that preclude some IT security measures [15].
SCADA are cyber physical systems, that is, cyber system
(control and communications) and physical system (sensors,
actuators) comprising a system of systems, interact as a
cohesive and unified whole. The software commands manifest
actions to modify physical processes. It is important to
consider these differences when devising the protection
strategies.
A. Generic OS
SCADA systems run over conventional operating systems
(OS), thus inheriting vulnerabilities which can compromise
the SCADA system [10]. The vulnerabilities of the operating
systems are periodically announced by the vendors [33]. The
patches are normally issued after vulnerabilities are
discovered, but there could be a substantial time lag to release
patches or the patches may not be applied in time. The patch
for the vulnerability exploited by Stuxnet in 2010 became
available in 2012 [28]. There is generally a time lag for patch
application, for instance, Slammer infections occurred six
months after the patch to fix the vulnerability had been
released [10]. Similarly lack of user incentives [34] to apply
patching enabled Code Red, a malware to infect 360,000
servers, although a security patch had been released earlier. In
some cases, an attack comes before vulnerability is discovered
and is termed as a Zero day attack.
B. Legacy systems with long operational life
The installation of SCADA systems is costly and time-
consuming and most systems remain in operation from eight
to fifteen years [10]. A system may have devices from many
different manufacturers using various standards or proprietary
communications protocols [35]. This is sometimes well past
the expected supported lifespan of the software and also
hardware. Thus at times a system would comprise of legacy
components and their associated vulnerabilities [29].
C. Multiple Points of Entry and Failure
A SCADA system is geographically spread over a large
area starting at the sensors, in the field, to the user and control
interface. Although SCADA servers may themselves be well
protected against cyber attacks, however similar guarantees do
not exist for field devices. The communication network,
comprising of wireless Internet, cellular and Bluetooth provide
multiple remote entry points which can be exploited by
attackers. Wireless networks are especially vulnerable using
freely available tools like Aircrack-NG that can sniff, test and
even decrypt packets [36].
D. Communication Protocols
The low-level networking protocols used for industrial
systems use simple plain-text messages based on a master-
slave communications model. These lack security and
encryption, as these were designed for isolated systems [13].
For example, Modbus protocol can be attacked as reported
in [8], [37] with varying consequences [37]. Other recent
protocols, such as Distributed Network Protocol 3.0 (DNP3)
also have their vulnerabilities [5], [38], [39] and packets can
also be analysed [36] through network sniffing tools to gain
information and cause damage. Widely used protocols IEC
60870-5-101 and IEC 60870-5-104 lack application and data
link layer security and have vulnerabilities that can be
exploited [13]. With an understanding of the process and the
protocol, an attacker can maliciously alter the process control
by injecting valid control commands and responses with
malicious intent [13], [22]. Attacks on protocol
implementation [37] can cause failures resulting in possible
exploits [8].
E. Real-time and Complex Interactions
SCADA systems monitor real-world processes under very
tight timing and operational constraints. Time is critical for
decision making, affecting a control system and vital process
deviations, which must be accurately reflected and effectively
managed. The stringent operational constraints (such as
timing) of a SCADA system mean that it is more prone to fail
in response to small deviations caused by an attacker. “Aurora
Generator Test” [1], [10] in March 2007, simulated a remote
cyber-attack resulting in destruction of a $1 million dollar
diesel-electric generator [40]. A patch application [25] or loss
of time synchronization [1] may have unintended consequences
detrimental to the prescribed operation. Application of a
software update resulted in automatic shutdown of a nuclear
plant [10]. Analysing and exploiting vulnerabilities may be
complicated but unintelligent computer viruses and mere
malfunctions in small devices can result in enormous
unintended effects [10].
F. Conflicting Priorities
SCADA control and monitoring projects remain in
continuous operation [41] for many decades after
commissioning. This creates a dilemma for the administrators
between ensuring adequate protection and sustained system
operation. Application of software upgrades and patches may
get postponed due to the desire to keep the system running
without change to the execution environment [28]. Anti-virus
and patches may result in undesirable consequences [10] or
may also tend to slow down the communication and may
interfere with normal functioning of the system.
The operational nature of these systems precludes post
commissioning cyber security testing due to associated risks
of jeopardising the controlled system.
G. Social Engineering and Insider Attacks
Social engineering attacks purporting to be from a known
person or organization can be used to infiltrate a system. Often
the cyber security is focused on an outsider’s attack, which
makes sense, but equally probable and dangerous is an attack
originating from within the trusted network, through a
deliberate or unintentional omission, or sabotage.
The attack in 2000 on a sewage control system in
Queensland, Australia [10], [42] causing flooding with a
million litres of sewage, was an act of a disgruntled employee.
Stuxnet infiltrated the network [10], [16] mainly through USB
sticks.
H. Backdoors
The Stuxnet [43] worm exploited system vulnerabilities to
attack a PLC in Iran’s uranium enrichment program in 2010. It
exploited an administrative backdoor, which can be used to
access a system remotely, and generally their availability on a
system is known to system maker only. Such coded backdoor
passwords which can be used to exploit a system remotely, are
not uncommon [19], [44]. Such malpractice could also take
place without the knowledge of a SCADA vendor, as
increasingly the product is assembled from components
manufactured from facilities across the globe [19].
I. Integral Protection
With cyber security awareness coming into prominence,
SCADA manufacturers also provide and emphasize security in
products. These features provide encryption and security
features such as Kerberos and multiplexing proxy. Activating
these in a project can make an intruder’s task difficult.
SCADA systems also provide other built-in mechanisms such
as User Groups, Historian, Encryption and Redundant Servers.
III. SIMULATION AND MODELLING
SCADA systems are not only complex but have many
system interdependencies which makes it difficult for them to
be tested for cyber defence. The production systems are
required to provide a continuous and reliable service, and
depending on the monitored process, even small delays are
intolerable. As such the systems cannot be taken out of service
for vulnerability checks, and also these are very costly and
hard to duplicate.
Simulation and modelling techniques are useful to model
and test complex systems. Development of realistic models
help to create scenarios that do not yet exist or would be very
costly to build. A model also makes it easier to quickly change
parameters to suit another scenario or configuration.
Simulation and modelling techniques are used
advantageously to evaluate and probe the defence of SCADA
systems. A summary is provided in Tables I and II.
A. Simulation Frameworks
Simulation frameworks are needed to model all aspects of
the SCADA system using simulators and emulators. Generally
a network simulator such as OMNeT++ is used for network
modelling and Simulink/MATLAB is used to simulate the
process control. A framework in general also provides the
facility to integrate the various simulators to realistically
represent the system as a whole.
1) High Level Architecture (HLA) HLA is a simulation integration platform designed by the
Department of Defence (DoD) [45] that can be used to
integrate simulators. This concept was chosen as no single
simulation can meet all the requirements. An individual or a
set of simulations can be applied across different uses, under
the HLA federation concept. Federation means a set of
interacting simulations, with each simulation termed as a
federate. The federates must allow exchange of data through
the Runtime Infrastructure (RTI).
HLA which is a co-simulation environment has been used
by researchers to design simulations using OMNeT++ and
MATLAB, for example.
Chabuksawar et al. [46] used Command and Control (C2)
WindTunnel as a simulation framework (based on HLA) [47]
to simulate a plant, its controller and the interconnecting
network. The objective was to simulate network security
attacks using this framework that requires domain-specific
modelling language for defining integration models. The
SCADA system was a simplified version of the Tennessee
Eastman Control challenge problem [48]. DDoS attacks were
simulated on the routers concluding a proof of concept
implementation.
2) SCADASiM An integrated framework for control system simulation,
SCADASiM is presented by Mahoney and Gandhi in [9]. It
can be modelled and simulated at different levels of
abstractions commensurate with the problem at hand. The
modelling notation is through Autonomous Component
Architectures (ACA) that allows components to be modelled
at simulation runtime. The authors proposed a new language
Autonomous Component based policy Description Language
for Anomaly monitoring in Control Systems) (ADACS) that
was used for monitoring regulatory compliance.
3) SCADASim Queiroz et al. [49] present a framework for building
SCADA system simulations. Additionally it can be used to
create malicious attacks against SCADA systems. The
framework can be extended by SCADASim users to add their
own protocols otherwise there are too many protocols. The
framework is built on top of OMNeT++. Details of DoS and
spoofing attack simulation are provided in the paper.
4) Co-simulation Framework A co-simulation framework is proposed by Bytschkow et
al. [50] using Common information model (CIM) as an
intermediate model. It uses the approach of federation
enabling both simulation and deriving possible impacts. The
co-simulation framework is constructed using SCADA, CIM,
GRIDLAB-D and AKKA.
5) Emulation Framework A framework for emulation based security analysis using
Emulab and Simulink is proposed by Genge et al. [6] that can
be used to measure impact of attacks against both physical and
cyber parts of systems. The authors’ proposed framework
extends Emulab to incorporate additional features required for
cyber physical security analysis. The architecture comprises of
a cyber layer, physical layer, and a cyber physical link layer.
The authors provide a feature based, cost based and an
experimental scenario-based in comparison to other
frameworks reported in the literature and contend their
approach to be better. The authors provide two case studies
from the electrical and chemical domains. The first studies the
effect of Stuxnet on a Boiling Water power plant showing that
the proposed framework can be used to recreate a scenario
with complex malware. The second studies the effect of
network parameters on a cyber attack targeting a chemical
process, showing that in cyber attacks where the attacker
communicates with PLCs, the communications delays and
packet losses have little effect.
6) Integration Framework An integration framework has been proposed by Novak et
al. [51] that advocates semantic and technical integration of
simulation models into SCADA systems. The authors contend
that simulations cannot be developed without access to online
and historical data and thus propose a platform for integration
of simulations and SCADA. It reduces design-time errors (for
simulation) and improves re-configurability and reuse. Two
case studies are provided for design of simulation models for
passive houses, and an application allowing the management
and execution of simulations.
7) Real-time monitoring, Anomaly detection, Impact analysis, and Mitigation strategies (RAIM)
The security SCADA framework proposed by Ten et al.
[52] comprises of real-time monitoring, anomaly detection,
impact analysis, and mitigation strategies (RAIM). Real-time
monitoring can utilise the data for real-time control functions.
Anomaly detection and impact analysis can be done through
monitoring and correlating the system logs. The output is
ranked as varying degrees of risks, based on which mitigation
actions can be taken.
B. Test Beds
Test bed is a platform used to test systems or technologies
where the actual system cannot be endangered by testing, due
to unintended consequences, for example, checking the effects
of patch application and response to malware. A test bed must
capture the essence of the system under test for it to be useful.
The facility can also be shared to save cost or share
knowledge. Test bed creation is also recommended in [2].
Although some test beds have been developed by large
organisations, generally the access is restricted to affiliated
researchers only [53]. Unlike a simulation environment being
fully contained in software, a test bed uses hardware,
simulated and emulated devices. A survey of test beds in
software and hardware is provided in [53].
Test beds could be realised [54] as simple simulation based
(TrueTime), federated simulation (several dedicated
simulation federates for plant, network etc. such as HLA) or
emulation/implementation based (real hardware or emulator
such as EmuLab).
1) National SCADA Test Bed (NSTB) The Department of Energy, US, have established a National
SCADA test bed [55] that aims to provide testing, research
and training facilities to help improve the security of control
systems. However free access to academia and industry is not
available. Thus, many researchers have developed test beds to
investigate some element of security.
2) TRUST An experimental simulation test bed TRUST-SCADA [56]
was aimed to assess and address vulnerabilities, and to provide
an open-source design for a flexible test bed. DoD/HLA was
chosen as the integration platform, for the plant model
(Simulink/Stateflow), Network model using (OMNeT++,
NS2, OPNET) and controller (Simulink/Stateflow)
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.