This chapter proposes an autonomic computing security framework for protecting cloud-based supervisory control and data acquisition (SCADA) systems against cyber threats. Autonomic computing paradigm is based on intelligent computing that can autonomously take actions under given conditions. These technologies have been successfully applied to many problem domains requiring autonomous operations. One such area of national interest is SCADA systems that monitor critical infrastructures such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks. The SCADA systems have evolved from isolated systems into a complex, highly connected systems requiring constant availability. The migration of such systems from in-house to cloud infrastructures has gradually gained prominence. The deployments over cloud infrastructures have brought new cyber security threats, challenges, and mitigation opportunities. SCADA deployment to cloud makes it imperative to adopt newer architectures and measures that can proactively and autonomously react to an impending threat.
TopIntroduction
Supervisory Control and Data Acquisition (SCADA) systems are used to monitor and control complex infrastructures of national importance such as transportation networks, power generation and manufacturing plants. SCADA systems can be visualised as a layered architecture, as shown in Figure 1. The field devices (sensors, etc.) at the lowest layer interact with the physical processes. At layer 2, the Programmable Logic Controllers (PLC), and Remote Terminal Units (RTUs) aggregate data values from the lower layer and communicate the commands and their responses through the communications network to the SCADA server and Human Machine Interface (HMI). The generation of commands at the top layer and collection of responses from the lowest layer results in the monitoring and control of the process. The applicability of SCADA systems has become widespread due to industrial automation, cost reduction and growth in global economies (Nazir et al., 2017a).
Traditionally, SCADA systems were developed as closed systems with security being the overriding factor, and no Internet connectivity. Isolation and obscurity as a mechanism for protection is no longer an option for critical infrastructures (Mahoney and Gandhi, 2011) because in order to leverage efficiency and gain a competitive advantage, the systems are increasingly becoming connected to the Internet and cloud technologies. SCADA system security vulnerabilities were first highlighted by the Stuxnet attack (Karnouskos, 2011). Subsequently, there has been an increase in the frequency and sophistication, of the attacks as evidenced by Constantin (2014).
Figure 1. Layered Architecture of a SCADA system.
The SCADA systems deployment to cloud can be configured in many ways, to suit the application. The SCADA application could be split over a hybrid cloud especially where the nature of the application dictates physical control over critical records such as in medical or finance applications. Also, it may be possible to deploy the complete application to the public cloud but a more likely cloud based deployment is where the sensors and control devices send the data over to the cloud, which can then be interpreted in real time (Larry, 2011). The HMI (Human Machine Interface) could be made available over the cloud for both the operator control and visualisation of the data and reporting. SCADA systems deployed on a cloud infrastructure could use the cloud providers’ software and integrated tools for data analytics, reporting, dashboards and user interface. There are endless possibilities of integrating SCADA systems with cloud infrastructure and software (Sam IT Solutions) that can provide many benefits compared to a system hosted on a private cloud. The SCADA system can thus be accessible from anywhere in the world. However, such cloud deployments add many levels of complexities.
SCADA systems are getting more complex and it is difficult to develop effective defence strategies, as there is a lack of understanding of the complex interactions between the many system entities (Khadraoui and Feltus, 2015). The systems complexity and interactions go beyond the capability of system developers and integrators as a result of interconnectivity (Kephart and Chess, 2003). Thus, increasingly there is a lack of understanding of the whole system, which makes it very difficult to tune a system and to make decisions in case of changing requirements. This has led to a realization that conventional and inflexible security techniques will not help. What is needed is a new way of looking at the problem of cyber security that is robust, manageable and self-realising with a minimum requirement for a human operator to monitor systems to make intelligent decisions.