This document discusses security challenges for SCADA (Supervisory Control and Data Acquisition) systems. It provides an overview of SCADA basics and common threats like accidents, vandalism, insiders, and advanced persistent threats. Specific challenges are outlined, such as long lifecycles making systems difficult to upgrade and default/shared passwords. Recommendations include strategies for access control, software patching, and regular auditing. The ScadaScan tool is introduced as an open source scanner to identify SCADA devices and vulnerabilities.