Extending the cyber-attack landscape for SCADA-based critical infrastructure

Rodofile, Nicholas R.; Radke, Kenneth; Foo, Ernest

doi:10.1016/j.ijcip.2019.01.002

Cited by 29 publications

(17 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A similar classification is presented in [58]. The authors proposed a cyber-attack framework to extend the attack landscape for critical infrastructure, consisting of four attack classes, namely traditional IT-based attacks, protocol-specific attacks, configuration-based attacks, and process control attacks.…”

Section: Attack Types In Scada Systemsmentioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

188

View full text Add to dashboard Cite

Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.

show abstract

Section: Attack Types In Scada Systemsmentioning

confidence: 99%

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

Pliatsios

Sarigiannidis

Λάγκας

et al. 2020

IEEE Commun. Surv. Tutorials

188

View full text Add to dashboard Cite

show abstract

“…Rodofile et al 11 collected existing known attacks combined with the existing range of attack landscapes, expanded, and “filled the gaps” in the landscape. They presented a complete cyber‐attack system that perceives attacks against the entire SCADA‐based critical infrastructure.…”

Section: Related Workmentioning

confidence: 99%

An efficient machine learning model for malicious activities recognition in water‐based industrial internet of things

Selim

Hemdan

Shehata

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

The Industrial Control System (ICS) has an important role to reduce the interaction between humans and the industrial system. Cyber‐Physical Systems (CPSs) operate in critical infrastructures such as transport networks, gas, and water distribution networks, Unmanned Aerial Vehicle Systems (UASs), and nuclear power generation. In this paper, we provide a Machine Learning Model for Malicious Activities Recognition in Water‐based Industrial Internet of Things (MARWIIoT). This model can help industrial operators and administrators to recognize any malicious activities against industrial infrastructure. To classify the malicious activity, various machine learning methods, such as Logistic Regression (LR), Linear Discriminant Analysis (LDA), k‐nearest neighbors (KNN), Naïve Bayes (NB), and Support Vector Machine (SVM) can be used. The proposed MARWIIoT model is based on Genetic‐KNN with normalization to classify malicious activities efficiently. This model has been evaluated using a dataset covering 15 anomaly circumstances, including normal system behavior. The circumstances existing addressed various incidents from hardware failure to critical water infrastructure damage. The comprehensive results have indicated that the MARWIIoT model is superlative in compared existing machine learning models because it has the highest performance based on different evaluation metrics such as accuracy, precision, recall, and F1‐Score.

show abstract

“…IS governance in the utilities industry is a relatively new subject, since this market is increasingly heating. Due to the growing attacks to this environment the theme was given more importance, in order to ensure availability, confidentiality and integrity of information in the electricity industry (Amin and Wollenberg, 2005;Evans et al, 2019;Machado et al, 2016;Kim and Tong, 2013;Rodofile et al, 2019;Thiyagarajan et al, 2015;Woo and Kim, 2018).…”

Section: Information Security Governance In the Electricity Industrymentioning

confidence: 99%

“…On 05/07/2021 the Colonial Pipeline System (Texas, USA), the company that operates the largest fuel transfer pipeline on the east coast of the USA, suffered an attack forcing the company to deactivate its operation (Sanger et al, 2021). Another example is a malware that, on 01/25/2003, deactivated the security system from a nuclear company in the United States, Ohio, making impossible the control of temperature measurement sensors' indicators (Rodofile et al, 2019).…”

Section: Introductionmentioning

confidence: 99%

Information security governance in the electricity industry

Oliveira

Méxas

Machado

et al. 2021

BJO&PM

View full text Add to dashboard Cite

Goal: This study aims to assess the importance and use of Information Security (IS) governance in the electricity industry and other segments, in order to propose IS governance guidelines for this industry.Design / Methodology / Approach: Literature review was made of scientific articles, frameworks and norms that supported the field research applied to managers, coordinators and experts from IS area, totaling 104 respondents from different countries. The data collected were analyzed by comparing the degree of importance with the use, and also by means of cross-analysis.Results: It was observed that most respondents agree with the importance of the themes approached, however, in practice, these concepts are not always used by the organization. Besides, it was observed that when security is directly responding for the high level of the organization, the maturity level is between optimized and managed. However, where security is subordinated to the technology area, the level appears with higher percentage, as repeatable. Limitations of the investigation:The sample size is a limiting factor as it was conditioned to questionnaire responses sent to IS experts through electronic means and social networks and it is not possible to generalize as the population size is not known. Practical implications:To assist the electricity industry in taking measures turned to IS governance, and, with that, increase consumer protection with regard to their classified data and the company's reliability in power supply.Originality / Value: The present research originality lies in the proposal of 10 IS governance guidelines obtained from the literature review and the field research applied to IS experts, aiming to raise, more and more, its level of maturity.

show abstract

Extending the cyber-attack landscape for SCADA-based critical infrastructure

Cited by 29 publications

References 32 publications

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics

An efficient machine learning model for malicious activities recognition in water‐based industrial internet of things

Information security governance in the electricity industry

Contact Info

Product

Resources

About