Aerospace and Electronic Systems Magazine May 2017 - 31

Do et al.
IT systems in terms of the opportunity to damage physical infrastructure and to disrupt industrial facilities by cyber means.
Taking into account this distinct feature of SCADA systems,
terrorists may target safety-critical infrastructure using a computer network instead of an elaborate (and costly) physical attack. Documents devoted to training for cyber warfare relating
to national infrastructure have been found on al-Qaeda computers [49].

Nation-States
Nation-states are another threat to SCADA facilities. Highly capable organizations are able to acquire considerable resources
for deploying cyber attacks against SCADA systems [42]. For
example, the sophistication of the Stuxnet worm has led to some
speculation that it could have been created only with the sponsorship of a nation-state [50]. In addition, it is no surprise that most
armed forces are searching for new attack technologies, including cyber attacks against the safety-critical infrastructure of other
nations [41].

SCADA VULNERABILITIES
The investigation of SCADA vulnerabilities helps in understanding susceptible points and how they might be exploited for launching malicious attacks. The vulnerabilities of modern ICSs can be
broadly classified into four main categories [3]: architectural, security policy, software and hardware, and communication protocol
vulnerabilities.

Architectural Vulnerabilities
Modern SCADA architectures are not so different in principle
from those used in the 1980s and 1990s except that they have
moved from an isolated to an open environment. This advance
has, unfortunately, opened modern SCADA systems to various
types of cyber attacks. First, most SCADA networks are connected to their corporate network-they are thus more flexible
in terms of management. However, this flexibility leaves a backdoor for computer malware to enter the process network through
the enterprise network [46]. Second, numerous SCADA systems
use Web-based applications for monitoring physical processes.
This direct connection to the Internet could provide one possible
path for hackers to penetrate the process network. Third, local
access points could be another backdoor for malicious agents to
take control of field devices. Finally, adversaries can break into
the SCADA network through the connection with the vendor network [45].

Security Policy Vulnerabilities
Several standard software security procedures, such as delivering
a patch or updating the antivirus database, can affect SCADA systems. The utilization of several patches and antivirus software often 1) grants the process network access to the Internet, which may
expose the system to malicious agents, and 2) requires a system
reboot, which may lead to disruption. For example, a nuclear powMAY 2017

er plant was forced into an emergency shutdown after a software
update [51]. Therefore, it is preferable to use software patches and
update antivirus software rarely so as to keep the process network
as isolated as possible.

Software and Hardware Vulnerabilities
To respond to industrial requirements, SCADA systems have
become increasingly complex in both software and hardware.
It is inevitable that modern SCADA systems contain software
bugs and become vulnerable to hardware failures [52]. Typical
software bugs include [53]: buffer overflow, structured query
language (SQL) injection, and format string. For example, the
Slammer cyber incident [46], [54] was because of the vulnerabilities of the Microsoft structured query language (MS-SQL)
software. Moreover, SCADA systems are real-time operating
systems, making it difficult to implement traditional data encryption algorithms and consequently exposing the systems to integrity attacks.

Communication Protocol Vulnerabilities
Historically, with the idea in mind that SCADA systems would
be isolated from other networks, SCADA designers paid little
attention to security problems such as their integrity checking
mechanism, authentication mechanism, anti-repudiation mechanism, and anti-replay mechanism. Many SCADA communication
protocols, including Modbus, Distributed Network Protocol 3
(DNP3), and Allen-Bradley Ethernet/Internet Protocol (IP), lack
authentication features to prove the origin or the freshness of data
packets [55]. Hence, these systems are susceptible to denial-ofservice (DoS) attacks, man-in-the-middle attacks, and replay attacks.
Being implemented with proprietary communication protocols, traditional SCADA systems were thought to be secure. However, "security through obscurity" is not obvious in modern world.
IT has been evolving rapidly, leading to the adoption of standard
communication protocols [56] in most modern SCADA systems.
This evolution has reduced the isolation of SCADA systems from
the outside.

SCADA CYBER INCIDENTS
Numerous cyber incidents involving safety-critical infrastructures
have been documented over the last decades. These incidents have
raised significant concern about the security of SCADA systems,
especially after the Stuxnet incident in 2010. In the following, we
present in chronological order outstanding incidents that occurred
to ICSs.

Siberian Pipeline Explosion (1982)
The first cyber incident involving safety-critical infrastructures
might be counted as the explosion of a gas pipeline in Siberia in
1982 [32]. It was believed that a Trojan horse had been planted in
the SCADA system in charge of regulating the gas pipeline. By
changing the cooperation of pumps, turbines, and valves, the mali-

IEEE A&E SYSTEMS MAGAZINE

Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine May 2017