This document discusses security concerns in industrial control systems. It provides an overview of industrial control systems (ICS) and SCADA systems, which are widely used to control infrastructure systems. It outlines several vulnerabilities in ICS, including issues with legacy systems not being designed with modern cybersecurity threats in mind. Specific threats like zero-day vulnerabilities, non-prioritized tasks, and database/communication protocol issues are examined. The conclusion states that additional digital security techniques are needed to protect critical infrastructure control systems.

1. Faculty in charge
Sreejith Kailas
Assistant Professor
EEE Department
Aswanth M Rajeev
Sooraj S
Hafiz T P

2.  INTRODUCTION
 SECURITY CONCERNS IN INDUSTRIAL CONTROL SYSTEMS
 ICS- AN OVERVIEW
 VULNERABILITIES IN ICS
 CHALLENGES IN SCADA SECURITY
 MAJOR THREATS TO SCADA SYSTEMS
 CONCLUSION

3.  Current industrial control systems (ICS) are the result of augmenting several state-of-the-art
information technology and telecommunication features to ordinary electromechanical physical
systems .
 A typical ICS comprises of remote troubleshooting facilities, maintenance tools, a human
machine interface (HMI), and various control loop configurations.
 ICS is a generic term for many control system configurations and
 architectures like distributed control systems (DCS), supervisory control and data acquisition
systems (SCADA), programmable logic controllers (PLC), industrial automation and control
systems (IACS) etc.
 SCADA based control systems makes use of a centralized data acquisition mechanism to
supervise the field targets which are distributed unevenly.
 SCADA systems are widely used in waste water treatment plants, petrochemical pipelines,
electrical transmission lines and public transportation systems including railways.

4.  The operation of an ICS requires transfer of critical data over the internet. Here, they
encounter many issues. One is the capability of legacy control systems to deal with the
sophisticated cyber threats of our times.
 Many of the systems have been developed and installed without giving adequate concern to
these recent security issues. Also, it is difficult to incorporate the necessary security
mechanisms in these systems.
 One important characteristic of cyber attacks in general is that the techniques of attack become
more sophisticated with the proliferation of the systems connected to a network.
 Recent studies reveal that there are over one million ICS/SCADA systems connected to the
internet with unique IP addresses. It is said that this figure is rising every day by an amount of
2000 to 8000 new systems .
 Metadata based search engines like Shodan and its various clones have demonstrated the
capability to easily detect and connect to critical control systems.
 Botnets are also a serious alternative to hack ICS.

5.  Here the figure shows the world percentage of different types of ICS components. The major
share is contributed by SCADA/HMI based systems followed by the PLC and hardware based
systems.
 A typical layout of an ICS system is depicted in figure . The system has many components like
control system loops, remote station monitoring & maintenance tools, and machine interfaces.
These are all built around specific network protocols over layered network architectures.

6.  The process variables are manipulated by the ICS using transducers/sensors,
programmable logic controllers, actuators etc.
 The sensors measure the input physical quantities and then give the
corresponding outputs in terms of electrical or nonelectrical quantities. This
data is sent as control variables to the controller.
 Upon receiving this data, the controller makes use of a process algorithm and
set-points to generate the manipulated variables. Further, it is transmitted to the
actuators.
 The control personnel interact through means of the human machine interfaces
(HMI) to monitor and adjust the set-points and to set the controller parameters.
 The troubleshooting and maintenance mechanisms are there for prevention,
identification, and recovery from system malfunctioning and system failures.
 ICS can no more be considered as stand-alone, independent, self-made
systems rather, they have evolved as networked multilevel systems running on
technical, enterprise and business applications.

7.  ICS systems are affected by many vulnerabilities. The types of vulnerabilities have increased
drastically during recent years from 1997 in 2010 to 189 in 2015.

8.  This drastic increase is due to two important reasons:
i. The hectic research activity by security experts and hackers to determine
and patch up the potential vulnerabilities in industrial control systems.
ii. Increase in the number of ICS with TCP/IP connectivity as is mentioned
earlier.
 Memory overflow is an important issue in SCADA systems. When the data
overruns the allocated memory space, it will corrupt other data and program
sections.
 Overflow can be created by a malicious agent through a denial-of-service
(DoS) attack. This is possible due to the lack of authentication in ordinary
TCP/IP connections.

9.  Another threat is through malware scripts injected by an attacker in the code of the client
websites.
 An attacker can also masquerade as a client with a genuine request. Legacy ICS in general do
not have a mechanism to verify the authenticity of such requests.
 This is all the more severe due to lack of proper encryption techniques. The human-machine
interfaces (HMI) in ICS are vulnerable to password stealing also.

10. SCADA - General system schematics

11.  The control centre comprises of the control server, routers, HMI, data archiving server and
control work stations.
 The data from the remote field instruments are collected by the control centre and presented to
the HMI.
 The control centre initiates the required actions based on the detected events. Field sites are
connected to the control centre by means of a WAN or dial-up modem connection.
 Field sites have control mechanisms for actuators and have the capability to capture
information from the sensors/transducers in the required format.
 The connection between the SCADA and the remote terminal units (RTU's) are established by
different means of wired, wireless RF and even by satellite communication systems.
 Sensors as well as actuators which are commonly referred as RTU's plays vital roles in
gathering the physical information and feeding that to the master controller like PLC's and
other controllers.
 The network connections between the control center and the field sites are potential locations
for attacks.

12.  Different topologies of SCADA system

13.  There are many SCADA communication topologies, viz., point-to-point, series,
series-star, and multi-drop.
 The point-to-point topology, though simplest in its functionality and
commonly-used, is not economically viable due to the requirement of
individual channels for each connection.
 The number of channels is significantly less in the series topology.
 Series-star and multi-drop configurations employ one channel for each
connected device results. This increases the overall complexity of the system.
 The functionality of these topologies will have to be augmented with dedicated
components for managing communication, message switching and buffering
tasks.

14. 1. Zero Day Vulnerabilities:
 The term zero day implies that the developer does not get enough time to develop and deploy a
patch to overcome the flaw.
 Stack overflow is one of them. This attack can occur on the field devices as well as the
servers.
2. Non-prioritization of Tasks:
 This is a serious flaw in many industrial control real-time operating systems.
 Memory sharing between the equally privileged tasks lead to serious security issues.
 Non-kernel tasks may be protected from overflows using guard pages. However, typically the
guard pages are of small size in many implementations and thus not provide stringent
protection.

15. 3. Database Injection:
 Database injection also exploits the vulnerabilities in a SCADA system. Harmful query
statements can be created when the client inputs are not properly filtered. This is widely
reported for SQL-based databases.
 In SQL injection, the attacker sends a command to SQL server through the web server and
attempt to reveal critical authentication information.
4. Communication Protocol Issues:
 communication protocols did not give sufficient importance to authentication.
 encryption is effective only in an authenticated commincation between entities. For secure
TCP/IP communication, Internet Protocol Security (IPsec) framework can be employed.
 encryption is effective only in an authenticated commincation between entities. For secure
TCP/IP communication, Internet Protocol Security (IPsec) framework can be employed.
 IPsec uses two protocols for authentication and encryption: Encapsulating Security Payload
(ESP) and Authentication Header (AH).

16.  In this study, we have analyzed the security vulnerabilities of industrial control systems in
general with a special emphasis on SCADA systems.
 The study will provide a necessary background to delineate the threats/ risks associated with
the communication protocols used in SCADA systems.
 Through and overlay of additional digital security mechanisms and techniques, it is possible to
achieve competent security in ICS and SCADA systems.