Aerospace and Electronic Systems Magazine May 2017 - 36

Security of SCADA Systems against Cyber-Physical Attacks

Figure 3.

Attack detection and isolation methods.

method to reveal this attack by triggering data losses on control
signals.
Covert attack: Covert attacks on NCSs have been investigated in [12]. The strategy consists of coordinating control
signals and sensor measurements into a concerted malicious
attack. This attack is designed as follows. First, the state attack vector can be chosen freely based on malicious targets
and available resources. Second, the sensor attack vector is designed in such a way that it can compensate for the effects of the
state attack vector on the sensor measurements. The covert attack strategy can be considered the worst-case attack because of
its ability to bypass traditional anomaly detectors. However, the
covert attack needs to compromise numerous sensors to assure
its stealth. Therefore, SCADA system defenders can obviate a
covert attack by protecting some critical sensors or purchasing
new secure sensors [38].
Surge attack, bias attack, and geometric attack: While studying the security of process control systems against cyber attacks,
the authors in [5] designed three types of stealthy attacks: the surge
attack, the bias attack, and the geometric attack. The surge attack
seeks to maximize damage as soon as possible, while the bias attack tries to modify the system by small perturbations over a long
period. Finally, the geometric attack integrates the surge attack and
the bias attack by shifting the system behavior gradually at the beginning and maximizing the damage at the end.

ATTACK DETECTION AND ISOLATION METHODS
As shown in Figure 3, attack detection and isolation methods can
be broadly classified into three main categories: information security, data-based, and model-based approaches.
36

INFORMATION SECURITY APPROACH
The information security approach focuses mainly on ensuring
the confidentiality, integrity, and availability of information [75].
Data confidentiality is related to nondisclosure of information to
unauthorized parties. The confidentiality of data is generally performed by authentication or access control methods. In contrast,
the integrity of data refers to the trustworthiness of data (i.e., there
is no unauthorized modification of data content or properties).
Data integrity is generally realized by both prevention mechanisms (e.g., encryption algorithms, authentication, and/or access
control) and detection mechanisms (e.g., integrity checking methods). The availability of data is concerned with the utilization of
information or resources when needed. An example of unavailability of data is DoS attacks.
Guidelines and methods [1], [2], [76], [77] have been proposed for improving the security of SCADA systems against cyber-physical attacks. Some examples include 1) designing specific
firewalls between the process network and the corporate network
or between MTUs and RTUs or PLCs, 2) using demilitarized zones
to isolate the process network from the corporate network, 3) exploiting virtual private networks (VPNs) for transmitting data over
public networks, and 4) developing IDSs for SCADA systems
[78]. In addition, sequential methods have been proposed in [79]
and [80] for the monitoring of network traffic in computer systems
against DoS attacks.
It is believed that the appropriate utilization of information security measures may help in reducing the number of
cyber incidents, as well as mitigating their consequences.
However, they are mainly applicable for protecting SCADA
systems from cyber attacks on the control center (i.e., attack
points A1-A3 in Figure 2) and on the communication layer

IEEE A&E SYSTEMS MAGAZINE

MAY 2017

Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine May 2017