A Study on Security Vulnerabilities Assessment and Quantification in SCADA Systems

摘要

Supervisory Control And Data Acquisition Systems (SCADA) monitor and control industrial and critical infrastructure functions such as electricity, oil, water and natural gas production and distribution processes. Consequently, failure in the intended operation of SCADA system results in catastrophic consequences. With the increased interconnectivity of SCADA systems and the commercial availability of cloud computing, SCADA systems have increasingly adopted Internet of Things (IoT) technologies to significantly reduce infrastructure costs and increase ease of maintenance and integration. As a result, the exposure of these systems to cyber threats has increased enormously. Therefore, there is a necessity to identify, remediate and mitigate system?s security vulnerabilities to protect and prevent possible attacks. This study serves two folds; firstly, different types of vulnerabilities in SCADA systems have been identified and reviewed. Secondly, two test cases have been presented to demonstrate the severity of the identified vulnerabilities on SCADA systems. This study draws attention to the impact of threat on SCADA systems and their consequences.