SCADA (Supervisory Control and Data Acquisition) systems: Vulnerability assessment and security recommendations

Growing dependency and remote accessibility of automated industrial automation systems have transformed SCADA (Supervisory Control and Data Acquisition) networks from strictly isolated to highly interconnected networks. This increase in interconnectivity between systems raises operational efficiency due to the ease of controlling and monitoring of processes, however, this inevitable transformation also exposes the control system to the outside world. As a result, effective security strategies are required as any vulnerability of the SCADA system could generate severe financial and/or safety implications. The primary task when identifying holes in the system is to have proper awareness of the SCADA vulnerabilities and threats. This approach will help to identify potential breaches or aspects in the system where a breach may occur. This paper describes various types of potential SCADA vulnerabilities by taking real incidents reported in standard vulnerability databases. A comprehensive review of each type of vulnerability has been discussed along with recommendations for the improvement of SCADA security systems. (C) 2019 Elsevier Ltd. All rights reserved.