ArticlePDF Available

A Survey on SCADA Systems: Secure Protocols, Incidents, Threats, and Tactics

Authors:
Dimitrios Pliatsios at University of Western Macedonia
Dimitrios Pliatsios
Panagiotis G. Sarigiannidis at University of Western Macedonia
Panagiotis G. Sarigiannidis
Thomas Lagkas at Democritus University of Thrace
Thomas Lagkas
Antonios Sarigiannidis at Aristotle University of Thessaloniki
Antonios Sarigiannidis
Download full-text PDFDownload full-text PDF
Read full-text
Download citation

Abstract and Figures

Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.
Figures - uploaded by Panagiotis G. Sarigiannidis
Author content
All figure content in this area was uploaded by Panagiotis G. Sarigiannidis
Content may be subject to copyright.
090668
92.pdf
Content uploaded by Panagiotis G. Sarigiannidis
Author content
All content in this area was uploaded by Panagiotis G. Sarigiannidis on Apr 16, 2020
Content may be subject to copyright.
A Survey on SCADA Systems: Secure Protocols, Incidents, Threats, and Tacti
cs.pdf
Available via license: CC BY 4.0
Content may be subject to copyright.
A preview of the PDF is not available
... Each vendor may implement its own protocols for device communication, authentication, and data handling, resulting in a fragmented security landscape. This lack of standardization introduces gaps that attackers can exploit to infiltrate the system [26]. Establishing universal security protocols and conducting regular security audits are critical for ensuring a unified and secure IoT-SCADA ecosystem. ...
... Access control mechanisms, such as role-based access control (RBAC), are implemented to limit data access to authorized personnel and devices, reducing the risk of insider threats [26]. Data backup and disaster recovery plans are also integral to data layer security, ensuring that critical information can be restored in the event of a breach or system failure [27]. ...
... Tools such as Security Information and Event Management (SIEM) systems collect and analyse activity logs from IoT devices and SCADA systems, identifying unusual patterns that could signal a breach [25]. Advanced monitoring systems use machine learning (ML) algorithms to detect anomalies, such as unauthorized device connections or unusual data traffic, which traditional tools may overlook [26]. ...
Cloud security frameworks for protecting IoT devices and SCADA systems in automated environments
Article
Full-text available
  • Jan 2025
As automation increasingly relies on the Internet of Things (IoT) and Supervisory Control and Data Acquisition (SCADA) systems, cloud security frameworks have emerged as critical components for safeguarding data integrity and operational resilience. IoT devices and SCADA systems, widely deployed in industrial automation, energy management, and critical infrastructure, generate vast amounts of data and depend on real-time communication. However, their integration into cloud-based systems introduces significant cybersecurity challenges, including unauthorized access, data breaches, and vulnerabilities in communication protocols. Cloud security frameworks provide robust solutions by offering scalable and adaptive tools to protect data and system operations in automated environments. These frameworks leverage encryption, access control, and real-time monitoring to ensure secure data transmission and storage. Advanced solutions integrate machine learning (ML) and artificial intelligence (AI) for proactive threat detection, anomaly detection, and rapid response to cyberattacks. By analysing system behaviours and historical patterns, ML-driven security systems enhance the ability to identify vulnerabilities and prevent breaches before they escalate. This paper explores the role of cloud security in protecting IoT devices and SCADA systems, focusing on innovative security measures such as zero-trust architectures, intrusion detection systems, and ML-enhanced cybersecurity protocols. The paper also examines the challenges of implementing these frameworks, including scalability, compliance with regulatory standards, and maintaining operational efficiency in automated environments. Addressing these issues is essential for building resilient, secure, and efficient automated ecosystems.
View
... • Gestión de la cadena de suministro: La evaluación de la seguridad de los proveedores y la verificación de la integridad de los equipos y software adquiridos son cruciales para prevenir la introducción de vulnerabilidades a través de la cadena de suministro (Pliatsios et al., 2020). ...
Vulnerabilidades y ciberseguridad en sistemas SCADA: Análisis de riesgos y estrategias de protección en infraestructuras críticas
Article
Full-text available
  • Mar 2025
Los sistemas SCADA (Supervisory Control and Data Acquisition) son fundamentales en infraestructuras críticas como energía, agua y transporte. Sin embargo, su creciente interconexión con redes corporativas e internet ha incrementado su vulnerabilidad a ciberataques. Las principales debilidades incluyen autenticación débil, uso de protocolos obsoletos y falta de segmentación de redes, facilitando accesos no autorizados y ataques de denegación de servicio (DoS). La explotación de estas vulnerabilidades puede provocar interrupciones del servicio, daños físicos y riesgos económicos y de seguridad. Este estudio emplea una revisión sistemática basada en la metodología PRISMA para analizar la literatura científica sobre vulnerabilidades en SCADA. Se consultaron bases de datos académicas como IEEE Xplore y Scopus, aplicando criterios de inclusión y exclusión para seleccionar estudios relevantes publicados entre 2009 y 2024. El análisis identificó vulnerabilidades críticas como configuraciones inseguras, protocolos sin cifrado, mala gestión de actualizaciones y errores humanos, afectando la seguridad y continuidad de infraestructuras críticas. Para mitigar estos riesgos, se proponen soluciones como segmentación de red, autenticación multifactor, cifrado de comunicaciones, detección de intrusos y actualización continua de software, junto con estrategias de gestión como evaluaciones de riesgo y capacitación en ciberseguridad. En conclusión, la protección de los sistemas SCADA requiere un enfoque integral que combine tecnologías avanzadas y gestión estratégica. La modernización de infraestructuras, el compromiso organizacional y la capacitación del personal son claves para fortalecer la resiliencia ante amenazas cibernéticas emergentes.
View
... Supervisory Control and Data Acquisition (SCADA) systems are the underlying control and monitoring components of critical infrastructures like power systems. SCADA systems integrate with protection relays using protocols like IEC 61850, DNP3 and Modbus, ensuring efficient data exchange, which is essential in accessing remote relays and ensures that the system can respond to faults even from distant control centres [39]. It continuously monitors voltage, current magnitudes, phase angle and impedance values. ...
Distance Relaying for the Protection of Modern Power System Networks
Article
Full-text available
  • Feb 2025
Distance relays (DRs) have long been considered one of the most reliable protection schemes for transmission lines (TLs), providing primary and backup protection. However, the increasing complexity of transmission networks, the integration of large-scale renewable energy and dynamic operating conditions present significant challenges to their effectiveness. Traditional DRs protection logic often struggles when networks deviate from predefined configurations, potentially leading to protection failures. Numerous solutions have been proposed in the literature to address individual challenges in distance relaying for the protection of TLs. However, there are only a few review papers which comprehensively cover these issues across multiple domains of problems encountered in modern power system networks. This paper thoroughly reviews the technical, topological, and operational challenges that impact DRs performance, as reported in the literature. It systematically categorizes protection issues and their corresponding solutions available in the literature into twelve key areas: power swings, voltage instability, load encroachment, parallel lines, multi-terminal lines, flexible alternating current transmission systems (FACTS) devices, series compensation, high voltage direct current (HVDC) lines, renewable energy integration, microgrids, high-impedance faults, and cyberattacks. Additionally, the paper identifies emerging research opportunities to tackle the increasing complexity of modern power systems, aiming to foster the development of more robust and adaptive distance protection schemes for TLs.
View
... 3) SCADA/Industrial control System (ICS) Security ICS is a broad term that refers to control systems such as SCADA and is used to control industrial processes in various industries (e.g., water, transportation, electrical). There are notable survey papers when it comes to SCADA/ICS security [33] [53][54] [55]. These works have power grid-relevant areas such as communication protocols, survivability and resilience, future trends (e.g., virtualization, software defined networking), studies of major critical infrastructure incidents (e.g., Havex), SCADA/ICS device vulnerabilities (e.g., buffer overflows, insecure hardware/software supply chains), security standards (e.g., NIST SP800-82, Guide for SCADA and ICS Security), control and mitigation strategies for compromised SCADA systems, and SCADA testbeds for security testing. ...
Distributed Energy Resource Management System (DERMS) Cybersecurity Scenarios, Trends, and Potential Technologies: A Review
Article
Full-text available
  • Jan 2025
Critical infrastructures like the power grid are at risk from increasing cyber threats due to high penetration of interconnected distributed energy resources (DER). Compromised DER endpoints can cause events, data breaches, communication loss, intentional device failures, and even cascading outages. To address these challenges, this paper explores cybersecurity issues in DER management systems (DERMS), including state-of-the-art reviews on architectures, communication protocols, access control privileges, data breaches, identity management policies, attacks such as false data injection, denial of service, distributed denial of service, malware, threats affecting data integrity, and network vulnerabilities. Realistic threat scenarios are outlined, followed by discussions on futuristic solutions like the zero trust framework. The paper presents new architectural patterns for recently released multi-level hierarchical framework as per IEEE 1547.3 standard to handle DERMS data and assets. The paper also discusses potential threats compromising the Confidentiality, Integrity, Availability, and Accountability (CIAA) properties at each level of the IEEE 1547.3 framework. This review is unique and comprehensive, as it covers existing research on cybersecurity challenges in DER-related assets and outlines the necessary capabilities to equip Intrusion Diagnostic Units (IDUs) in future DERMS technologies, all while ensuring compliance with IEEE 1547.3 standard requirements.
View
... Os sistemas Supervisory Control and Data Acquisition (SCADA) são ferramentas essenciais para monitorar e controlar processos industriais e infraestruturas críticas, como redes elétricas, gasodutos, telecomunicações e sistemas de transporte. Eles permitem a coleta de dados em tempo real e o controle remoto de operações, sendo indispensáveis para a automação industrial e a melhoria da eficiência operacional (Pliatsios et al., 2020). De acordo com Chromik (2019), os sistemas SCADA têm se mostrado ferramentas essenciais para a monitoração e controle de processos industriais, incluindo o clinching. ...
View
View
View
View
Prioritising elements of digitalisation for lean and green SME operations: an ISM-MICMAC study in the Indian context
Article
  • Feb 2025
Purpose The purpose of this paper is to identify the key elements of digitalization for lean and green operations and develop a conceptual framework for their implementation. The paper focuses on small and medium-sized enterprises (SMEs) and aims to explore the role of digitalisation in enhancing their operational efficiency and sustainability. By identifying key factors and metrics related to digitalisation, the paper seeks to provide insights for strategic management to improve lean and green practices in SMEs. Design/methodology/approach Interpretive structural modeling (ISM) and Matrix of Cross-Impact Multiplication Applied to a Classification (MICMAC) approaches were deployed to classify the major dimensions of digitalisation. These methods were used to analyse the direct and indirect relationships among the identified elements of digitalisation. A comprehensive literature review and expert consultations were conducted to identify 13 key elements relevant to lean and green operations. The experts also assisted in determining the contextual relationships between the variables for the ISM model. Findings The analysis classified the 13 identified elements of digitalisation into different levels according to their driving power and dependence. The results from the ISM model indicated three levels of classifications. At level-1, Internet of things (IoT) and smart sensors (IoT & SS), automation and robotics directly influence lean and green operations. At level-2, real-time monitoring and control system and at level-3 fundamental elements of digitalisation such as big data analytics, predictive maintenance, cloud computing, energy management systems (EMSs), additive manufacturing, blockchain, digital workflow automation and digital collaboration platform. Originality/value All elements are interrelated and essential for making strategic decisions. This study emphasis the significance of prioritising these attributes to attain long-term excellence through digitalisation. For the industries that seek the reward of lean and green operations for their growth, this paper has great practical utility. Identifying the key factors of digitalisation would help strategic managers in handling lean and green environment of SMEs through these aspects.
View
View
HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems
Article
Full-text available
  • Jul 2019
Critical infrastructures, for example, electricity generation and dispersal networks, chemical processing plants and gas distribution are governed and monitored by Supervisory Control and Data Acquisition Systems (SCADA). Detecting intrusion is a prevalent area of study for numerous years, and several intrusion detection systems have been suggested in the literature for cyber-physical systems and industrial control system (ICS). In recent years, the virus seismic net, duqu and flame against ICS attacks have caused tremendous damage to nuclear facilities and critical infrastructure in some countries. These intensified attacks have sounded the alarm for the security of the industrial control system in many countries. The challenge in constructing an intrusion detection framework is to deal with unbalanced intrusion datasets, i.e. when one class is signified by a lesser amount of instances (minority class). To this end, we outline an approach to deal with this issue and propose an anomaly detection method for ICS. Our propose approach uses a hybrid model that takes advantage of the anticipated and consistent nature of communication patterns that occur amongst ground devices in ICS setups. First, we applied some preprocessing techniques to standardize and scale the data. Second, dimensionality reduction algorithms are applied to improve the process of anomaly detection. Third, we employed Edited Nearest-Neighbor rule algorithm to balance the dataset. Forth, by using Bloom filter, a signature database is created by noting the system for a specific period lacking the occurrence of abnormalities. Finally, to detect new attacks we combined our package contents level detection with another instance-based learner to make a hybrid method for anomaly detection. Experimental results with a real large scale dataset generated from a gas pipeline SCADA system shows that the propose approach HML-IDS outperforms the benchmark models with an accuracy rate of 97%.
View
A Survey of Security in SCADA Networks: Current Issues and Future Challenges
Article
Full-text available
  • Jul 2019
Supervisory Control and Data Acquisition (SCADA) systems are used for monitoring industrial devices. However, their security faces the threat of being compromised due to the increasing use of open access networks. The primary objective of this survey paper is to provide a comparative study of the on-going security research in SCADA systems. The paper provides a classification of attacks based on security requirements and network protocol layers. To secure the communication between nodes of SCADA networks, various security standards have been developed by different organizations. We conduct a study of the security standards developed for SCADA networks along with their vulnerabilities. Researchers have proposed various security schemes to overcome the weaknesses of SCADA standards. The paper organizes security schemes based on current standards, detection, and prevention of attacks. It also addresses the future challenges that SCADA networks may face, in particular, from quantum attacks. Furthermore, it outlines directions for further research in the field.
View
Complex Approach to Assessing Resilience of Critical Infrastructure Elements
Article
Full-text available
  • Mar 2019
The resilience of elements in a critical infrastructure system is a major factor determining the reliability of services and commodities provided by the critical infrastructure system to society. Resilience can be viewed as a quality which reduces the vulnerability of an element, absorbs the effects of disruptive events, enhances the element's ability to respond and recover, and facilitates its adaptation to disruptive events similar to those encountered in the past. In this respect, resilience assessment plays an important role in ensuring the security and reliability of not only these elements alone, but also of the system as a whole. The paper introduces the CIERA methodology designed for Critical Infrastructure Elements Resilience Assessment. The principle of this method is the statistical assessment of the level of resilience of critical infrastructure elements, involving a complex evaluation of their robustness, their ability to recover functionality after the occurrence of a disruptive event and their capacity to adapt to previous disruptive events. The complex approach thus includes both the assessment of technical and organizational resilience, as well as the identification of weak points in order to strengthen resilience. An example of the application of the CIERA method is presented in the form of a case study focused on assessing the resilience of a selected element of electrical energy infrastructure.
View
View
View
View
Cybersecurity Assessment
Chapter
  • Aug 2019
The electricity sector needs assurance that its critical components are sufficiently protected from cyberthreats. This assurance can be obtained from cybersecurity assessments, provided they are conducted methodologically. This chapter is focused on presenting a cybersecurity assessment approach and its supporting infrastructure, particularly applicable to the electricity sector due to avoidance of undesired interferences and interruptions in the systems’ operation. After introducing the relevant concepts, as well as reviewing alternative methods and testbeds, the details of the approach are provided.
View
A Systematic Approach to Cybersecurity Management
Chapter
  • Aug 2019
A continuous, systematic cybersecurity management process is required to ensure the vital protection of the electric power grid. In this chapter, after an overview of cybersecurity management methods specified in standards, a cybersecurity management approach for the electricity sector is presented which takes into account the specific characteristics of the industry and aims at incorporating all the strengths of the alternative methods.
View
Systemic Vulnerability Assessment of Urban Water Distribution Networks Considering Failure Scenario Uncertainty
Article
  • May 2019
Water distribution networks (WDNs) are vital infrastructures in cities. However, reports about urban WDNs incidents that result in major system breakdowns and water outages are not uncommon, which repeatedly highlights the urgency of addressing vulnerability challenges of WDNs. This study aims to propose a new method for system-level, scenario-independent vulnerability assessment of WDNs, which considers the uncertainty in various failures that may happen in the system. The proposed method is developed based on the notion that the vulnerability of WDN is largely determined by its heterogeneity in node importance, which impacts how likely system malfunction or breakdown would happen should a small amount of nodes be attacked. Accordingly, the proposed method uses a set of indicators to measure the functional, structural and overall importance of each node in WDN, and introduces a novel network entropy model to measure the heterogeneity of importance of these nodes. The proposed method then assesses the systemic vulnerability of WDN, by benchmarking its current entropy against the entropies associated with the least and most vulnerable states of the system. The efficacy of the proposed method is demonstrated in a case study, in which the assessment yielded by the proposed method was found theoretically reasonable as well as consistent with actual conditions of the case WDN.
View
Cyber Attack Detection and Mitigation: Software Defined Survivable Industrial Control Systems
Article
  • Apr 2019
Modern Industrial Control Systems (ICS) constitute complex and heterogeneous ‘system of systems’ embracing the numerous advantages of traditional Information and Communication Technology (ICT). The pervasive integration of off-the-shelf ICT into the core of ICS broadened the palette of features and applications, but it also raised new design challenges and exposed ICS to a new breed of cyber-physical attacks. In addition, despite all the security solutions in place, unavoidably, these systems may be compromised. Therefore, survivability, that is, the ability to face malicious actions and faults, becomes a salient feature/requirement in the design of modern cyber-connected ICS. We present a comprehensive solution for ensuring the survival of ICS under malicious activities and faults. We design a Software Defined Networking (SDN) and Network Function Virtualization (NFV) based communication infrastructure particularly tailored to address the communication requirements of ICS. We develop an attack detection and localization algorithm for bidirectional ICS flows, and we design an optimal intervention strategy that embraces the communication and security requirements of industrial applications. Finally, we present intrinsic details on recreating a real-life and emulated test infrastructure. Experimental results demonstrate the solution's applicability to networked robot control systems.
View