Securing SCADA systems
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 10 October 2008
Abstract
Purpose
Supervisory control and data acquisition (SCADA) systems are widely used by utility companies during the production and distribution of oil, gas, chemicals, electric power, and water to control and monitor these operations. A cyber attack on a SCADA system cannot only result in a major financial disaster but also in devastating damage to public safety and health. The purpose of this paper is to survey the literature on the cyber security of SCADA systems and then suggest two categories of security solutions.
Design/methodology/approach
The paper proposes the use of secure socket layer/transport layer security (SSL/TLS) and IP security (IPsec) solutions, implemented on the test‐bed at the University of Louisville, as the optimal choices when considering the level of security a solution can provide and the difficulty of implementing such a security measure. The paper analyzes these two solution choices, discuss their advantages and disadvantages, and present details on efficient ways of implementing these solutions.
Findings
The SSL/TLS solution to the protocol security using public domain toolkits such as OpenSSL may provide a fast, effective, and economical solution. However, the SSL/TLS protocol and its implementation toolkits have their limitations so this approach may need another enhancement.
Practical implications
IPsec can be used to provide IP‐level security in addition to SSL/TLS.
Originality/value
The use of these enhanced security approaches in SCADA systems should effectively reduce the vulnerability of these critical systems to malicious cyber attacks, and thereby potentially avoiding the serious consequences of such attacks.
Keywords
Citation
Patel, S.C. and Sanyal, P. (2008), "Securing SCADA systems", Information Management & Computer Security, Vol. 16 No. 4, pp. 398-414. https://doi.org/10.1108/09685220810908804
Publisher
:Emerald Group Publishing Limited
Copyright © 2008, Emerald Group Publishing Limited