IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v34y2021ics1874548221000251.html
   My bibliography  Save this article

Architecture and security of SCADA systems: A review

Author

Listed:
  • Yadav, Geeta
  • Paul, Kolin

Abstract

Pipeline bursting, production lines shut down, frenzy traffic, trains confrontation, the nuclear reactor shut down, disrupted electric supply, interrupted oxygen supply in ICU – these catastrophic events could result because of an erroneous SCADA system/ Industrial Control System (ICS). SCADA systems have become an essential part of automated control and monitoring of Critical Infrastructures (CI). Modern SCADA systems have evolved from standalone systems into sophisticated, complex, open systems connected to the Internet. This geographically distributed modern SCADA system is more vulnerable to threats and cyber attacks than traditional SCADA. Traditional SCADA systems were less exposed to Internet threats as they operated on isolated networks. Over the years, an increase in the number of cyber-attacks against the SCADA systems seeks security researchers’ attention towards their security. In this review paper, we first review the SCADA system architectures and comparative analysis of proposed/implemented communication protocols, followed by attacks on such systems to understand and highlight the evolving security needs for SCADA systems. A short investigation of the current state of intrusion detection techniques in SCADA systems is done, followed by a brief study of testbeds for SCADA systems. The cloud and Internet of things (IoT) based SCADA systems are studied by analyzing modern SCADA systems’ architecture. In the end, the review paper highlights the critical research problems that need to be resolved to close the security gaps in SCADA systems.

Suggested Citation

  • Yadav, Geeta & Paul, Kolin, 2021. "Architecture and security of SCADA systems: A review," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    • Handle: RePEc:eee:ijocip:v:34:y:2021:i:c:s1874548221000251
    DOI: 10.1016/j.ijcip.2021.100433
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548221000251
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2021.100433?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Genge, Béla & Graur, Flavius & Haller, Piroska, 2015. "Experimental assessment of network design approaches for protecting industrial control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 11(C), pages 24-38.
    2. Snyder, Hannah, 2019. "Literature review as a research methodology: An overview and guidelines," Journal of Business Research, Elsevier, vol. 104(C), pages 333-339.
    3. Basnight, Zachry & Butts, Jonathan & Lopez, Juan & Dube, Thomas, 2013. "Firmware modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 76-84.
    4. Zhu, Ruijin & Zhang, Baofeng & Mao, Junjie & Zhang, Quanxin & Tan, Yu-an, 2017. "A methodology for determining the image base of ARM-based industrial control system firmware," International Journal of Critical Infrastructure Protection, Elsevier, vol. 16(C), pages 26-35.
    5. Sajid Nazir & Shushma Patel & Dilip Patel, 2017. "Autonomic Computing Architecture for SCADA Cyber Security," International Journal of Cognitive Informatics and Natural Intelligence (IJCINI), IGI Global, vol. 11(4), pages 66-79, October.
    6. Luiijf, Eric & Ali, Manou & Zielstra, Annemarie, 2011. "Assessing and improving SCADA security in the Dutch drinking water sector," International Journal of Critical Infrastructure Protection, Elsevier, vol. 4(3), pages 124-134.
    7. Reeves, Jason & Ramaswamy, Ashwin & Locasto, Michael & Bratus, Sergey & Smith, Sean, 2012. "Intrusion detection for resource-constrained embedded control systems in the power grid," International Journal of Critical Infrastructure Protection, Elsevier, vol. 5(2), pages 74-83.
    8. Schuett, Carl & Butts, Jonathan & Dunlap, Stephen, 2014. "An evaluation of modification attacks on programmable logic controllers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 7(1), pages 61-68.
    9. Lahza, Hassan & Radke, Kenneth & Foo, Ernest, 2018. "Applying domain-specific knowledge to construct features for detecting distributed denial-of-service attacks on the GOOSE and MMS protocols," International Journal of Critical Infrastructure Protection, Elsevier, vol. 20(C), pages 48-67.
    10. Papa, Stephen & Casper, William & Moore, Tyler, 2013. "Securing wastewater facilities from accidental and intentional harm: A cost-benefit analysis," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 96-106.
    11. Goldenberg, Niv & Wool, Avishai, 2013. "Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 6(2), pages 63-75.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Michał Krzykowski, 2021. "Legal Aspects of Cybersecurity in the Energy Sector—Current State and Latest Proposals of Legislative Changes by the EU," Energies, MDPI, vol. 14(23), pages 1-14, November.
    2. Luiz Fernando Ribas Monteiro & Yuri R. Rodrigues & A. C. Zambroni de Souza, 2023. "Cybersecurity in Cyber–Physical Power Systems," Energies, MDPI, vol. 16(12), pages 1-34, June.
    3. Alaa O. Khadidos & Hariprasath Manoharan & Shitharth Selvarajan & Adil O. Khadidos & Khaled H. Alyoubi & Ayman Yafoz, 2022. "A Classy Multifacet Clustering and Fused Optimization Based Classification Methodologies for SCADA Security," Energies, MDPI, vol. 15(10), pages 1-24, May.
    4. Oyeniyi Akeem Alimi & Khmaies Ouahada & Adnan M. Abu-Mahfouz & Suvendi Rimer & Kuburat Oyeranti Adefemi Alimi, 2021. "A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification," Sustainability, MDPI, vol. 13(17), pages 1-19, August.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. SICARD, Franck & ZAMAI, Éric & FLAUS, Jean-Marie, 2019. "An approach based on behavioral models and critical states distance notion for improving cybersecurity of industrial control systems," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 584-603.
    2. Monzer, Mohamad-Houssein & Beydoun, Kamal & Ghaith, Alaa & Flaus, Jean-Marie, 2022. "Model-based IDS design for ICSs," Reliability Engineering and System Safety, Elsevier, vol. 225(C).
    3. adepu, Sridhar & Mathur, Aditya, 2021. "SafeCI: Avoiding process anomalies in critical infrastructure," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    4. CHERIFI, Tarek & HAMAMI, Lamia, 2018. "A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol," International Journal of Critical Infrastructure Protection, Elsevier, vol. 20(C), pages 68-84.
    5. Safari, Mohammad & Parvinnia, Elham & Haddad, Alireza Keshavarz, 2021. "Industrial intrusion detection based on the behavior of rotating machine," International Journal of Critical Infrastructure Protection, Elsevier, vol. 34(C).
    6. Knowles, William & Prince, Daniel & Hutchison, David & Disso, Jules Ferdinand Pagna & Jones, Kevin, 2015. "A survey of cyber security management in industrial control systems," International Journal of Critical Infrastructure Protection, Elsevier, vol. 9(C), pages 52-80.
    7. Zhu, Ruijin & Zhang, Baofeng & Mao, Junjie & Zhang, Quanxin & Tan, Yu-an, 2017. "A methodology for determining the image base of ARM-based industrial control system firmware," International Journal of Critical Infrastructure Protection, Elsevier, vol. 16(C), pages 26-35.
    8. Gopal Vishwakarma & Wonjun Lee, 2018. "Exploiting JTAG and Its Mitigation in IOT: A Survey," Future Internet, MDPI, vol. 10(12), pages 1-18, December.
    9. Ali Zackery & Joseph Amankwah-Amoah & Zahra Heidari Darani & Shiva Ghasemi, 2022. "COVID-19 Research in Business and Management: A Review and Future Research Agenda," Sustainability, MDPI, vol. 14(16), pages 1-32, August.
    10. Eusebius Pantja Pramudya & Lukas Rumboko Wibowo & Fitri Nurfatriani & Iman Kasiman Nawireja & Dewi Ratna Kurniasari & Sakti Hutabarat & Yohanes Berenika Kadarusman & Ananda Oemi Iswardhani & Rukaiyah , 2022. "Incentives for Palm Oil Smallholders in Mandatory Certification in Indonesia," Land, MDPI, vol. 11(4), pages 1-28, April.
    11. Qianxiang Zhu & Yuanqing Qin & Yue Zhao & Zhou Chunjie, 2020. "A hierarchical colored Petri net–based cyberattacks response strategy making approach for critical infrastructures," International Journal of Distributed Sensor Networks, , vol. 16(1), pages 15501477198, January.
    12. Peter Schnell & Phillip Haag & Hans Christian Jünger, 2022. "Implementation of Digital Technologies in Construction Companies: Establishing a Holistic Process which Addresses Current Barriers," Businesses, MDPI, vol. 3(1), pages 1-18, December.
    13. Chen, Yanyan & Mandler, Timo & Meyer-Waarden, Lars, 2021. "Three decades of research on loyalty programs: A literature review and future research agenda," Journal of Business Research, Elsevier, vol. 124(C), pages 179-197.
    14. Hongxia Jin & Lu Lu & Haojun Fan, 2022. "Global Trends and Research Hotspots in Long COVID: A Bibliometric Analysis," IJERPH, MDPI, vol. 19(6), pages 1-14, March.
    15. Prince Donkor Ameyaw & Walter Timo de Vries, 2020. "Transparency of Land Administration and the Role of Blockchain Technology, a Four-Dimensional Framework Analysis from the Ghanaian Land Perspective," Land, MDPI, vol. 9(12), pages 1-25, December.
    16. Amal Almansour & Reem Alotaibi & Hajar Alharbi, 2022. "Text-rating review discrepancy (TRRD): an integrative review and implications for research," Future Business Journal, Springer, vol. 8(1), pages 1-15, December.
    17. Švarc, Jadranka & Dabić, Marina, 2021. "Transformative innovation policy or how to escape peripheral policy paradox in European research peripheral countries," Technology in Society, Elsevier, vol. 67(C).
    18. So, Hau Wing & Lafortezza, Raffaele, 2022. "Reviewing the impacts of eco-labelling of forest products on different dimensions of sustainability in Europe," Forest Policy and Economics, Elsevier, vol. 145(C).
    19. Mónica de Castro-Pardo & Pascual Fernández Martínez & Amelia Pérez Zabaleta & João C. Azevedo, 2021. "Dealing with Water Conflicts: A Comprehensive Review of MCDM Approaches to Manage Freshwater Ecosystem Services," Land, MDPI, vol. 10(5), pages 1-32, April.
    20. Mackey, Jeremy D., 2022. "The effect of cultural values on the strength of the relationship between interpersonal and organizational workplace deviance," Journal of Business Research, Elsevier, vol. 149(C), pages 760-771.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:34:y:2021:i:c:s1874548221000251. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.