Abstract
The evolution of architecture of contemporary SCADA systems follows trends in industry sector. Today, SCADA systems imply the application of smart grid and artificial intelligence concepts, the use of IP-based technologies, new mobile devices, as well as the use of private and public cloud computing services. Security risk assessment of contemporary SCADA systems needs to include new security aspects. This chapter analyzes information security in contemporary SCADA systems. Focus is then directed to SCADA network architecture and recommended security mechanisms for mitigating the security risk that assumes the use of Defense in Depth concept. Special attention is paid to SCADA-specific intrusion detection and intrusion prevention technologies. A case study outlines recommendations for security risk mitigation of SCADA system in a hydropower plant.
TopBackground
The strategic role of critical infrastructure and technological progress causes the need for contemporary information and communication systems. All systems have to provide high reliability, availability, and transmission of correct and timely information in order to plan production, efficient resource utilization, remote control of production facilities, reporting and successful operation of industrial system.
IP technology is widely adopted as a base for the integration of operational and business services in contemporary industrial telecommunication networks. Such networks have flaws and vulnerabilities known to malicious users. Particularly, potential migration of SCADA systems towards cloud computing environment needs to be considered. Such a realization contributes to cost reduction and business efficiency improvement, but sets additional security requirements (Stojanovic, Bostjancic Rakas, & Markovic-Petrovic, 2019).
Key Terms in this Chapter
Intrusion Detection System: A hardware and/or software product that monitors network traffic for possible security breaches and issues alerts when suspicious activity is discovered. Possible security breach can be either attacks from outside the organization or attacks or malfeasance from within organizations.
Risk Management: The processes to manage information security risk to organizational functionality and assets, individuals, other organizations, etc. Risk management includes risk analysis, assessing risk, risk strategy choosing, security measurements implementation and monitoring risk over time.
Risk Assessment: The process of identifying, estimating, and prioritizing risks. This process comprises threat and vulnerability analyses and considers risk mitigation.
Firewall: A hardware/software capability that limits access between networks and/or systems in accordance with a specific security policy.
Security Zone: A collection of information systems connected by one, or more, internal networks under the control of a single authority and one security policy. The systems may be structured by physical proximity or by function and may be independent of location.
Intrusion Prevention System: A hardware and/or software product that block suspicious activity attempting to stop detected possible incidents. Basically, this system is extension of intrusion detection system.
Defense-in-Depth: Strategy of using multiple security measures in several layers to protect the information system.