Supervisory Control And Data Acquisition Security Concerns Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The fast growing IT technologies have emerged the need for higher IT security measures. This paper reviews security concerns in Supervisory Control and Data Acquisition (SCADA) systems. Different infrastructures that use the SCADA control systems, and the probable threats and risks to these infrastructure systems are evaluated. Integrating these control systems with huge networks for remote control and remote access which leads to a vast amount of threats to these systems. It also made it easier for cybercrime-terrorists to access information and damage systems such as vice president in plant data at 2006 said 'Scada systems are like hacker's playground'. It has been also tried to give a brief recommendation to companies who use SCADA systems. Finally wireless attacks and existing responses to different types of attacks are assessed. Here we aim to gather all important information about SCADA systems and how they work all in just few pages.


After big manufacturers and traffic and power control companies started using remote control and monitoring systems, there were some serious Global incidents which made technical experts start thinking about security issues that these systems may comprise and level of risks that may be posed.

There are two primary types of Control Systems:

Distributed Control Systems (DCS) usually are used within a single processing or generating plant or for controlling systems on small geographic area.

Supervisory Control and Data Acquisition (SCADA) systems typically are used for large, geographically single distribution operations (APIWATHANOKUL, 2009)

SCADA stands for Supervisory Control and Data Acquisition. It is generally a dedicated control system comprising of hardware and software that controls and manages a system or sub systems of an infrastructure (Futuronix, n.d.). The growing trend to use SCADA in the infrastructure of companies and in a larger extent in the infrastructures of a country, on one side, and the ability to attack a firm using cyber techniques on the other, have brought SCADA attacks on to sight.

The example of the Iranian nuclear facilities in Bushehr is a proper example for this: Some experts believe that the attack on the Iranian nuclear facilities through a virtual environment was needed a huge support and backing and even could be supported by one country (Kaspersky, 2010). This paper illustrates different threats and vulnerabilities to SCADA systems, and recommends controls for that vulnerability before they could be exploited by cyber attackers, especially the probable wireless intimidations.

There are four main components in each SCADA systems:

1. Data acquisition: Sensors (digital or analog) and control relays

2. Data Communication: Data Remote Telemetry Units (RTU) (local collection points for gathering reports)

3. Data Presentation: SCADA master units (large computer consoles which serves central processor and provide HMI (Human Machine Interface)

4. Control: Communication network which connects SCADA master units to RTUs, and helps with remote control & monitoring side of the processes. (Berry, 2008)


SCADA systems were developed when the networks were not actually developed (, n.d.). They were refered to as monolythic SCADA or the first generation SCADA systems. Later the distributed or second generation and the networked or the third generation were established.

Mostly they had GUI for their users to be able to control and access systems. They have been operated both on Unix and windows Operating systems. Soon after they were operated only on windows which was not the good idea because of security holes in the windows OS .

The networked SCADA has been developed in order to help the users to Improve their ability on remote control and monitor the SCADA systems. In this type, an interface called Human-Machine Interface (HMI) has been developed. The data from the interface are recorded and archived for later references. (Epiphan Systems Inc, n.d.). HMI is an easy way to standardize the facilitation of monitoring multiple RTU's or PLCs (programmable logic controllers).The SCADA system communicates with the PLCs throughout the system network and processes information.HMIs can also be linked to a database, which can use data gathered from PLC's or RTU's to provide graphs on trends, logistic info, schematics for a specific sensor or machine or even make troubleshooting guides accessible. (Scada, n.d.)


There are different applications for SCADA systems. Initially the infrastructure was created then the need for real time control system led to the introduction of monolithic SCADA, but the concept can be considered the other way round. The following applications use the SCADA control systems:

Electricity gridlines

Oil Refinery

Nuclear Power Plant

Manufacturing Factories

Electricity generator plants

Water distribution systems

Water reserves

Traffic lights in cities

Computer train controls

National telephone systems

Nuclear Reactors,

Materials, and Waste

Postal and Shipping

Public Health and Healthcare

Etc (Graham & Maynor, 2006)

SCADA system can be viewed in smaller context, for instance the air conditioning systems or the package within a building. But what attracts more attention, is the national wide systems that need more protection. There were some incidents with the SCADA system previously that act as an alert for industries and government.

Security and Risk Analysis in SCADA

The security of SCADA systems which are real time control systems is concerned by both industries and governments. These systems can be targets for terrorist attacks for instance (Lemos, 2006). They also may be the result of an attack of one country on the other. A good example for this can be the Stuxnet attack on Iranian national nuclear facilities in Bushehr, which most experts believe that this could be an attack from a country or a powerful organization in terms of money. There should have been many experts involved in production and distribution of such a worm (Beaumont, 2010). There are many organizations that provide guidelines for industries and even government on how to protect their valuable infrastructure control systems. One of these offices is called NYC Office of Cyber Security (Lemos, 2006). The office is providing information only for the New York state cyber security, but some available guidelines can be used worldwide (CSIC, 2010).

One approach to assess the level of security of a SCADA system is to model the system. There are different approaches to model the level of security of this type of systems. An example of these modeling tools is through probabilistic validation of attack-effects (Rrushi & Campbell, 2008).

Nowadays the most important threat to SCADA systems can be cybercrime-terrorists. They are people who are motivated, well funded and well informed about the whole system that they about to hack with high goals to damage the systems or steal their critical information. This information may be sold later on the black markets.

Stuxnet can hide the injected code from PLC/SCADA programmer so they can't really detect it easily. Some companies like Siemens made remediation document for their clients so as soon as they detect the malware; they can prevent it from growing in the system. (Grinter, 2010).Important Threats for SCADA systems are:

Trojan Horses, Viruses, Worms, DDOS (Distributed Denial of Service), Cyber Attacks (Hackers).

To have a better understanding of one of these threats it is helpful to look at an Internet worm called the Slammer Worm and how it has affected control systems since its creation in 2003. According to records in the Repository for Industrial Security Incidents (RISI), this one worm has been responsible for more documented incidents of process disruption than any other source. Some of its uncertain achievements include interrupting power distribution SCADA systems, infecting the safety parameter display system (SPDS) in a nuclear plant which results in shortage of oil production operations in the Gulf of Mexico.

Another example of this kind of attack is when, the Slammer worm penetrated the network at Ohio's Davis-Besse nuclear power plant, disabling a safety monitoring system for nearly five hour. (David, 2009)

This Worm has used at least five different pathways to accessing its control-system. In one case it got into a petroleum control system via a maintenance laptop that was used at home and contaminated, then brought into the plant. In another case it infected a human machine interface (HMI) via a dial-up modem that was used for remote support. In the third case it passed right through a poorly configured firewall. In all these examples there were firewalls in place, but the worm either bypassed them by using a secondary pathway, or it took advantage of some flaw in the firewall's deployment. Slammer is just one example. An analysis of 75 security incidents against controls systems between 2002 and 2006 shows that more than half the external attacks come through secondary pathways such as dial-up connections, wireless systems and mobile devices. In these cases, the firewall did its job, but the security strategy failed. ( Eric J. Byres, 2009)

Here is list of some serious vulnerability that any SCADA system user needs to consider:

Availability of information about the companies and its employees through their website

Lack of security in network infrastructure of that system


Lack of firewall(between corporate network /SCADA), ID (Intrusion Detection), VPN (Virtual Private Network) in servers

Not having proper change management

No regular upgrade of policies and standards of systems

No periodic vulnerability assessment (Riptech, 2001) (Group & Center, 2006)

Connection between SCADA systems and other corporate networks needs to be protected and controlled and here are some controls identified to mitigate risks that can happen to SCADA systems through its network connection.


Effective security requires a defense in depth strategy where critical systems are protected by layers of security. Depending on a single corporate firewall for control system security violates that strategy by creating a single point of security Failure. (Byres, Leversage, & Kube, may 2007)

Instances of Solutions in defense in depth:

Key access points

Strong password policy

Access management software

Intrusion detection

Intrusion protection like HIPS (Host Intrusion Prevention System)

NIDS (Network Intrusion Detection System) which is also great for monitoring and response in SCADA.

Properly Configured Firewalls

Compliance Sustainability which provides security process for the whole SCADA systems and also some tools for forensics reports and compliance audits. (Defender)

Make sure you have an anti-virus installed. All credible anti-virus vendors now have signatures for the LNK and PIF vulnerabilities and many have signatures for the Stuxnet worm. (Grinter, 2010)

External and Internal Penetration Test (Grinter, 2010)

Policy and Standard Enforcements

Trainings and Awareness Of Staff

Physical security like CCTV, Smart Locks

Put In Proper Authorization and Authentication Policies which help to increase limitations on data access

Encrypting data which helps to minimize the risk of someone listening to the data communication

Wireless Security

As technology develops, manufactures and business companies want to improve the way they manage their businesses .Wireless connection is a fast, cost effective, reliable, and an adaptable extended coverage for data transition method to use in most businesses.

Traditionally, SCADA networks on large physical areas used licensed-band radio systems to allow remote nodes to communicate with a centralized management host. More recently, the large-scale use of 802.11 WLANs has created countless opportunities. (Byres et al may 2007)

Wireless SCADA is often used in scada systems, when building a wire line communications to the remote site is both too time and money consuming. In particular types of industry like Oil & Gas or Water & Wastewater, wireless SCADA is often the only solution due to the remoteness of the sites.

There are 4 solutions in these big industries for using wireless and can be built on private radio (licensed or unlicensed), cellular or satellite communications. (Bentek)

Interfacing between the SCADA Master Control Center (MCC) and the wireless network serving the RTUs may utilize a range of solutions such as; serial RS-232, LAN based TCP/IP, OLE for Process Control (OPC), and other. The system may utilize a wide range of SCADA-type communication protocols such as; DNP 3.0, BSAP, MDLC, IEC 60870-5-10x, and in some cases a range of PLC-type protocols such as DF-1, MODBUS, etc. (Ehrenreich, 2005).

Here are some important issues that utilities shall consider before selecting a wireless communication for their system:

• Data Security

First important issue can be using a perfectly secure and reliable protocol, including some type of integrated data encryption and data authentication. It shall not be very easy to analyze and modify neither easy to retransmit without being detected by Intrusion detection and HIPS.

•Communications Protocol

Data protocols which transmitted over wireless SCADA networks must be extremely robust, equipped with reliable error handling mechanism, and allow Peer-to-Peer and Store & Forward communications. The selected data protocol shall preferable allow combining multiple media into the network, where each RTU may act as a communication node. Use of three-layer PLC-type protocols (such as MODBUS, DF-1, etc.) might not perform adequately over complex wireless media, and might cause multiple retransmissions and downtime.

• Protocol Conversion

In a retrofitted SCADA system, an RTU may have to interface to an existing PLC or to a smart sensor integrated in the same system. RTUs must have built in capability to emulate or encapsulate other protocols. While implementing the encapsulation method is simpler, emulation will generate more operating benefits.While implementing the encapsulation method is simpler, emulation will generate more operating benefits. (Ehrenreich, 2005).


SCADA systems are widely used in the infrastructures of companies and in larger scale, countries. The technical implementation of the SCADA systems is one thing and keeping the system secure is another. The Impacts of not having security controls or not keeping them updated would lead to information misuse from malicious users, damage of image and reputation, and financial loss. Wireless technology has been used widely in the SACAD systems, which are then referred to as Mobile SCADA. The simple techniques for wireless security can be applied to Mobile SCADA systems as well. Data Security, Integrated RTUs and PLCs, and Protocol Conversing are some of the instances. As technology grows all threats which can have an effect on them will grow so the best solution is to try our best for the best prediction of those threats that can be exploited by those vulnerability in the Analyze phase of doing a SCADA project or using some new software. Our recommendation is that it is more secure if manufactures and companies consider consulting with security experts in their company before start using new technology to make sure they are aware and prepared of all the risks which can happen.