CFP last date
20 January 2025
Reseach Article

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

by Nasser Aghajanzadeh, Alireza Keshavarz-haddad
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 111 - Number 14
Year of Publication: 2015
Authors: Nasser Aghajanzadeh, Alireza Keshavarz-haddad
10.5120/19603-1450

Nasser Aghajanzadeh, Alireza Keshavarz-haddad . A Concise Model to Evaluate Security of SCADA Systems based on Security Standards. International Journal of Computer Applications. 111, 14 ( February 2015), 1-9. DOI=10.5120/19603-1450

@article{ 10.5120/19603-1450,
author = { Nasser Aghajanzadeh, Alireza Keshavarz-haddad },
title = { A Concise Model to Evaluate Security of SCADA Systems based on Security Standards },
journal = { International Journal of Computer Applications },
issue_date = { February 2015 },
volume = { 111 },
number = { 14 },
month = { February },
year = { 2015 },
issn = { 0975-8887 },
pages = { 1-9 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume111/number14/19603-1450/ },
doi = { 10.5120/19603-1450 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:47:50.737967+05:30
%A Nasser Aghajanzadeh
%A Alireza Keshavarz-haddad
%T A Concise Model to Evaluate Security of SCADA Systems based on Security Standards
%J International Journal of Computer Applications
%@ 0975-8887
%V 111
%N 14
%P 1-9
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

SCADA systems are essential for the critical infrastructures, such as electric power, oil, and gas production and distribution systems. Hence, incapacitation or destruction of SCADAs would have a debilitating impact on the defence or economic security of organizations and states. In this paper, we study fifteen SCADA cyber security standards and also assess the security of ten widely-used SCADA systems. Our investigation leads to a comprehensive categorized list of security solutions for SCADAs. This list is used to evaluate and compare security of the SCADA systems; also it will be used as model to improve the security of new SCADA systems.

References
  1. A. Shahzad and S. Musa, "Cryptography and Authentication Placement to Provide Secure Channel for SCADA Communication", International Journal of Security (IJS), Volume 6, Issue 3, 2012.
  2. K. Lynch, "Improving Security for SCADA Control Systems ", Interdisciplinary Journal of Information Knowledge and Management, Volume 3, 2008.
  3. P. Ralston, J. Graham, J. Hieb, "Cyber security risk assessment for SCADA and DCS networks", ISA Transactions 46, April 2007.
  4. A. Cagalaban, Y. So, S. Kim," SCADA Network Insecurity: Securing Critical Infrastructures through SCADA Security Exploitation", Journal of Security Engineering, Vol. 6, No. 6, 2009.
  5. C. Valli "SCADA Security – Slowly Circling A Disaster Area", WORLDCOMP 2009, Security and Management Conference 2009. (pp. 613-617) Las Vegas, USA.
  6. J. Ahokas, T. Guday, T. Lyytinen"Secure and Reliable Communications for SCADA Systems" INTERNATIONAL JOURNAL OF COMPUTERS AND COMMUNICATIONS, Issue 3, Volume 6, 2012.
  7. R. Kumar, "Recent Advances in SCADA alarm System", International Journal of Smart Home, Vol. 4, No. 4, October, 2010.
  8. J. Nordlander, " WHAT IS SPECIAL ABOUT SCADA SYSTEM CYBER SECURITY", Master Thesis, Stockholm, Sweden 2009
  9. American Gas Association (AGA). Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan (AGA 12, Part 1). AGA, March 2006
  10. CPNI. About CPNI. CPNI, http://www. cpni. gov. uk/aboutcpni188. aspx [Accessed 17 December 2008]
  11. DHS Security. History. DHS, http://www. dhs. gov/xabout/history/ [Accessed 17 December 2008]
  12. DHS Cyber Security Procurement Language for Control Systems version 1. 8. DHS, February 2008
  13. Department of Homeland Security (DHS) Catalog of Control Systems Security: Recommendations for Standards Developers. DHS, January 2008
  14. DOE. History. DOE, http://www. energy. gov/about/history. htm [Accessed 17 December 2008]
  15. Office of Energy Assurance, U. S. Department of Energy. 21 steps to Improve Cyber Security of SCADA Networks. Office of Energy Assurance, U. S. Department of Energy
  16. GAO. GAO at a Glance. GAO, http://www. gao. gov/about/gglance. html [Accessed 18 December 2008]
  17. GAO. Technology Assessment - Cybersecurity for Critical Infrastructure Protection. GAO, May 2004
  18. IEEE. About IEEE. IEEE, http://www. ieee. org/web/aboutus/home/index. html [Accessed 17 December2008]
  19. IEEE. IEEE Mission and Vision. IEEE, http://www. ieee. org/web/aboutus/visionmission. html [Accessed 17 December 2008]
  20. IEEE. IEEE Standard for Substation Intelligent Electronic Devices (IEDs) Cyber Security Capabilities. IEEE, December 2007
  21. IEEE. IEEE Guide for Electric Power Substation Physical and Electronic Security. IEEE, January 2000
  22. International Society of Automation (ISA). ANSI/ISA–99. 00. 01–2007 Security for Industrial Automation and Control Systems Part 1: Terminology, Concepts, and Models. ISA, October 2007
  23. ISA. ANSI/ISA-TR99. 00. 01-2007 Security Technologies for Industrial Automation and Control Systems. ISA, October 2007
  24. ISA. ANSI/ISA—TR99. 00. 02—2004 Integrating Electronic Security into the Manufacturing and Control Systems Environment. ISA, October 2004
  25. International Organization for Standardization (ISO) About ISO. ISO, http://www. iso. org/iso/about. htm [Accessed 17 December 2008]
  26. ISO Information technology — Security techniques — Code of practice for information security management Final Draft. ISO, 2005
  27. North American Electric Reliability Corporation (NERC). , NERC CIP-001-1 - CIP-009-1. NERC, 2006
Index Terms

Computer Science
Information Sciences

Keywords

Supervisory Control and Data Acquisition SCADA Cyber Security Security Standard