Aerospace and Electronic Systems Magazine May 2017 - 30

Security of SCADA Systems against Cyber-Physical Attacks
investigating system vulnerabilities, on designing stealthy attack
strategies that are able to partially or completely bypass traditional
anomaly detectors, and on proposing countermeasures for revealing such low observable attacks. Some examples of stealthy attacks are the replay attack [9], the false data injection attack [10],
the zero-dynamics attack [11], and the covert attack [12].

SCADA Electric Power Grids
Electric power grids are essential to our society [13]. Modern
power systems are tightly coupled with a SCADA architecture
to control and supervise their operation. The security analysis
process [14] has shown that modern power grids are becoming
increasingly vulnerable to malicious attacks, not only on power
plants [15], [16] but also on transmission and distribution lines
[17]-[19]. Over the past few years, research has been dedicated
to studying the security of electric power grids by power system state estimation (PSSE) [20], [21]. PSSE is the process of
estimating unknown system variables based on sensor measurements transmitted from field devices to the control center. PSSE
is extremely important to power system operation because the
estimated states are used in numerous essential applications,
such as contingency analysis, optimal power flow, and even
electricity pricing. For example, the problem of false data injection attacks on PSSE has been considered in [22]-[24] for both
alternating current and direct current models. Furthermore, the
authors in [25] and [26] have shown that malicious attackers
could modify sensor measurements to bias the estimated state
variables to profit in the electricity pricing market. In addition,
the problem of cyber attacks on PSSE affecting the optimal power flow and load redistribution has been considered in [19] and
[18], respectively.

SCADA Gas Pipelines
The SCADA architecture and components for a gas transmission
and distribution system has been proposed in [27]-[29]. In recent
years, the security of SCADA gas pipelines has attracted increasing attention, as shown in [30] and [31]. Though there were numerous cyber incidents involving SCADA gas pipelines [32], [33],
the online monitoring of such important assets has perhaps not yet
been considered deeply. An exception is [29], in which the behavior of a simple SCADA gas pipeline under various attack scenarios
has been studied.

SCADA Water Networks
The surveillance of SCADA water networks has received relatively more research attention; for example, the security of SCADA
water irrigation networks has been considered in [34]-[36]. A
stealthy attack strategy for stealing water from an irrigation canal
without being detected has been considered in [34]. An approach
for detecting cyber attacks on the command signals, control signals, or sensor measurements of a wastewater treatment plant has
been introduced in [37]. Several statistical methods for detecting
cyber-physical attacks on SCADA water distribution networks
have been proposed in [38]-[40].
30

The previous work focuses mainly on specific SCADA systems (e.g., NCSs, electric power grids, gas pipelines, and water
networks) against a particular type of attack strategy (e.g., replay
attack, zero-dynamics attack, and covert attack). The previously
mentioned examples are terrestrial, because these are where the
incidents to date have occurred; however, many large-scale aerospace systems and systems of systems are SCADA and are similarly vulnerable: examples include air traffic control, distributed
sensor systems for surveillance, communication networks (especially satellite), and navigation systems. In this paper, we present
the security of general SCADA systems against malicious attacks
on both physical and cyber layers.

SECURITY OF SCADA SYSTEMS
To study the resilience of SCADA systems, we analyze security
threats, investigate system vulnerabilities, and recount previous
cyber incidents.

SCADA SECURITY THREATS
The security threats to modern SCADA systems can be broadly
classified into four main categories: insiders, hackers, criminal
groups, and nation-states.

Insiders
Disgruntled insiders are the principal source of cyber sabotage
against ICSs [41]. Such threats include employees who may intentionally or accidentally introduce malware into control systems.
Other insider sources include (outsourced) vendors, contractors,
or business partners [42]. Some examples of insider attacks can
be found in [43]-[45]. From the security point of view, such malicious attacks are extremely dangerous, because they come from the
knowledgeable few who would be able to gain unrestricted access
to control systems even if the control networks were isolated from
the outside world [41].

Hackers
The utilization of commodity information technology (IT) software makes modern SCADA systems potentially vulnerable to
various kinds of computer malware introduced by hackers. Some
of these are hobbyists and midskill coders; some are highly skilled
hackers [42]. Though malicious attacks performed by the hobbyists and the midskill coders generally do not target control systems
in a coordinated way, they nonetheless may cause side effects: e.g.,
control systems can become infected by a computer worm and may
not operate correctly [46]. In contrast, highly skilled hackers are
able to investigate and exploit the vulnerabilities of both computer
networks and SCADA systems for launching organized attacks
[47], [48].

Criminal Groups
Criminal groups such as terrorists are another threat to ICSs.
Such a threat distinguishes SCADA systems from traditional

IEEE A&E SYSTEMS MAGAZINE

MAY 2017



Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine May 2017

No label
Aerospace and Electronic Systems Magazine May 2017 - No label
Aerospace and Electronic Systems Magazine May 2017 - Cover2
Aerospace and Electronic Systems Magazine May 2017 - 1
Aerospace and Electronic Systems Magazine May 2017 - 2
Aerospace and Electronic Systems Magazine May 2017 - 3
Aerospace and Electronic Systems Magazine May 2017 - 4
Aerospace and Electronic Systems Magazine May 2017 - 5
Aerospace and Electronic Systems Magazine May 2017 - 6
Aerospace and Electronic Systems Magazine May 2017 - 7
Aerospace and Electronic Systems Magazine May 2017 - 8
Aerospace and Electronic Systems Magazine May 2017 - 9
Aerospace and Electronic Systems Magazine May 2017 - 10
Aerospace and Electronic Systems Magazine May 2017 - 11
Aerospace and Electronic Systems Magazine May 2017 - 12
Aerospace and Electronic Systems Magazine May 2017 - 13
Aerospace and Electronic Systems Magazine May 2017 - 14
Aerospace and Electronic Systems Magazine May 2017 - 15
Aerospace and Electronic Systems Magazine May 2017 - 16
Aerospace and Electronic Systems Magazine May 2017 - 17
Aerospace and Electronic Systems Magazine May 2017 - 18
Aerospace and Electronic Systems Magazine May 2017 - 19
Aerospace and Electronic Systems Magazine May 2017 - 20
Aerospace and Electronic Systems Magazine May 2017 - 21
Aerospace and Electronic Systems Magazine May 2017 - 22
Aerospace and Electronic Systems Magazine May 2017 - 23
Aerospace and Electronic Systems Magazine May 2017 - 24
Aerospace and Electronic Systems Magazine May 2017 - 25
Aerospace and Electronic Systems Magazine May 2017 - 26
Aerospace and Electronic Systems Magazine May 2017 - 27
Aerospace and Electronic Systems Magazine May 2017 - 28
Aerospace and Electronic Systems Magazine May 2017 - 29
Aerospace and Electronic Systems Magazine May 2017 - 30
Aerospace and Electronic Systems Magazine May 2017 - 31
Aerospace and Electronic Systems Magazine May 2017 - 32
Aerospace and Electronic Systems Magazine May 2017 - 33
Aerospace and Electronic Systems Magazine May 2017 - 34
Aerospace and Electronic Systems Magazine May 2017 - 35
Aerospace and Electronic Systems Magazine May 2017 - 36
Aerospace and Electronic Systems Magazine May 2017 - 37
Aerospace and Electronic Systems Magazine May 2017 - 38
Aerospace and Electronic Systems Magazine May 2017 - 39
Aerospace and Electronic Systems Magazine May 2017 - 40
Aerospace and Electronic Systems Magazine May 2017 - 41
Aerospace and Electronic Systems Magazine May 2017 - 42
Aerospace and Electronic Systems Magazine May 2017 - 43
Aerospace and Electronic Systems Magazine May 2017 - 44
Aerospace and Electronic Systems Magazine May 2017 - 45
Aerospace and Electronic Systems Magazine May 2017 - 46
Aerospace and Electronic Systems Magazine May 2017 - 47
Aerospace and Electronic Systems Magazine May 2017 - 48
Aerospace and Electronic Systems Magazine May 2017 - 49
Aerospace and Electronic Systems Magazine May 2017 - 50
Aerospace and Electronic Systems Magazine May 2017 - 51
Aerospace and Electronic Systems Magazine May 2017 - 52
Aerospace and Electronic Systems Magazine May 2017 - 53
Aerospace and Electronic Systems Magazine May 2017 - 54
Aerospace and Electronic Systems Magazine May 2017 - 55
Aerospace and Electronic Systems Magazine May 2017 - 56
Aerospace and Electronic Systems Magazine May 2017 - 57
Aerospace and Electronic Systems Magazine May 2017 - 58
Aerospace and Electronic Systems Magazine May 2017 - 59
Aerospace and Electronic Systems Magazine May 2017 - 60
Aerospace and Electronic Systems Magazine May 2017 - 61
Aerospace and Electronic Systems Magazine May 2017 - 62
Aerospace and Electronic Systems Magazine May 2017 - 63
Aerospace and Electronic Systems Magazine May 2017 - 64
Aerospace and Electronic Systems Magazine May 2017 - Cover3
Aerospace and Electronic Systems Magazine May 2017 - Cover4
http://www.brightcopy.net/allen/aesm/34-2s
http://www.brightcopy.net/allen/aesm/34-2
http://www.brightcopy.net/allen/aesm/34-1
http://www.brightcopy.net/allen/aesm/33-12
http://www.brightcopy.net/allen/aesm/33-11
http://www.brightcopy.net/allen/aesm/33-10
http://www.brightcopy.net/allen/aesm/33-09
http://www.brightcopy.net/allen/aesm/33-8
http://www.brightcopy.net/allen/aesm/33-7
http://www.brightcopy.net/allen/aesm/33-5
http://www.brightcopy.net/allen/aesm/33-4
http://www.brightcopy.net/allen/aesm/33-3
http://www.brightcopy.net/allen/aesm/33-2
http://www.brightcopy.net/allen/aesm/33-1
http://www.brightcopy.net/allen/aesm/32-10
http://www.brightcopy.net/allen/aesm/32-12
http://www.brightcopy.net/allen/aesm/32-9
http://www.brightcopy.net/allen/aesm/32-11
http://www.brightcopy.net/allen/aesm/32-8
http://www.brightcopy.net/allen/aesm/32-7s
http://www.brightcopy.net/allen/aesm/32-7
http://www.brightcopy.net/allen/aesm/32-6
http://www.brightcopy.net/allen/aesm/32-5
http://www.brightcopy.net/allen/aesm/32-4
http://www.brightcopy.net/allen/aesm/32-3
http://www.brightcopy.net/allen/aesm/32-2
http://www.brightcopy.net/allen/aesm/32-1
http://www.brightcopy.net/allen/aesm/31-12
http://www.brightcopy.net/allen/aesm/31-11s
http://www.brightcopy.net/allen/aesm/31-11
http://www.brightcopy.net/allen/aesm/31-10
http://www.brightcopy.net/allen/aesm/31-9
http://www.brightcopy.net/allen/aesm/31-8
http://www.brightcopy.net/allen/aesm/31-7
https://www.nxtbookmedia.com