Vulnerability Assessment of Cyber Security for SCADA Systems

Abstract

Supervisory control and data acquisition (SCADA) systems use programmable logic controllers (PLC) or other intelligent electronic devices (IED), remote terminal units (RTU) and input/output (I/O) devices to manage electromechanical equipment in either local or distributed environments. SCADA systems cover a range of industrial sectors and critical infrastructures such as water treatment and supply, electricity generation and distribution, oil refining, food production and logistics. Several factors have contributed to the escalation of risks specific to control systems, including the adoption of standardized technologies with known vulnerabilities, interconnectivity with other networks, use of insecure remote connections and widespread availability of technical information about control systems. This chapter discusses vulnerability assessment of SCADA systems, focusing on several aspects such as asset discovery, identification of vulnerabilities and threats, mitigation of attacks and presentation of major privacy issues.