Internal security attacks on SCADA systems

Author

Sayegh, N. ; Chehab, Ali ; Elhajj, I.H. ; Kayssi, Ayman

Author_Institution

Dept. of Electr. & Comput. Eng., American Univ. of Beirut, Beirut, Lebanon

fYear

2013

fDate

19-21 June 2013

Firstpage

22

Lastpage

27

Abstract

Supervisory Control and Data Acquisition (SCADA) systems have become essential to many industries around the world. Nowadays, SCADA systems are controlling many critical infrastructures such as power grids, mega factories, water treatment systems, and even nuclear power plants. As a result, SCADA systems have become very attractive targets for malicious attacks. In this paper, we show a test-bed that we have developed to detect vulnerabilities within SCADA protocols against internal attacks in order to find out how easy it is to bypass security measures in such protocols. Furthermore, we have tested SCADA components to assess their vulnerabilities against the following attacks: Denial of Service (DoS) attacks, replay attacks, cryptographic attacks, and fragmentation attacks. Our results indicate that SCADA protocols and components are very vulnerable, and hence it is of paramount importance to find immediate solutions to these vulnerabilities.

Keywords

SCADA systems; protocols; security of data; Denial of Service; DoS attacks; SCADA protocols; SCADA systems; Supervisory Control and Data Acquisition; cryptographic attacks; fragmentation attacks; internal attacks; malicious attacks; replay attacks; security measures; Computer crime; Cryptography; Floods; IP networks; Protocols; SCADA systems; SCADA; industrial security; test-beds;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications and Information Technology (ICCIT), 2013 Third International Conference on

Conference_Location

Beirut

Print_ISBN

978-1-4673-5306-9

Type

conf

DOI

10.1109/ICCITechnology.2013.6579516

Filename

6579516