Vulnerabilities in SCADA

Verified

Added on 2023/04/21

AI Summary

This document discusses the major vulnerabilities present in SCADA systems, including zero day vulnerability, database injection, and remote control. It provides recommendations to prevent these vulnerabilities and explores the threat creators behind them. References are also provided for further reading.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: VULNERABILITIES IN SCADA
VULNERABILITIES IN SCADA
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2
VULNERABILITIES IN SCADA
Table of Contents
Vulnerability....................................................................................................................................3
Frequency........................................................................................................................................4
Recommendations............................................................................................................................5
Threat Creators................................................................................................................................6
References........................................................................................................................................7

3
VULNERABILITIES IN SCADA
Vulnerability
The major vulnerabilities that are present in the functioning of the SCADA and ICS systems
are as follows: -
 Zero Day Vulnerability: Zero Day Vulnerability has the potential to degrade the accuracy
of the entire project. In case of occurrence of Zero Day Vulnerability the developers do
not get time to develop the patch and implement the same patch in order to overcome the
issue that is present in the entire system (Ullah & Mahmoud 2017). Occurrence of this
issue is not very high. This issue arises only during the setting up of the program that is to
be performed with the help of SCADA.
Zero Day Vulnerability cannot be detected with the help of the general versions of
antimalware or IDS and IPS devices. The methodology that is needed to be implemented
includes alerting of administrators regarding the outbound internet activities that are
unauthorized in nature. A general alert is to be sent which will indicate that the presence of
issues. Implementation of Honeyed method and Linear data transformation technique will help in
better management if the issue.
 Data base injection: Data base injection is also termed as SQL injection. In this case a
malicious code is introduced to the program that is to be functioned in SCADA. As the
field devices are built in analog methodology implementation of database injection issues
arises. Due to the increase in IP communication in between 2 systems the chances of data
base injection also increase in a SCADA system (Ren, Yardley & Nahrstedt 2018)

4
VULNERABILITIES IN SCADA
Implementation of routine applications must be done in order to detect the issues that are
present in the SCADA system. Performing querying in efficient manner with the help of the
HTML tags helps in detection of the malware system. This routine auditing helps in detection of
the occurrence of the data base injection system.
 Remote control
SCADA systems have the compatibility to stay connected with other systems with
the help of remote-control systems. This feature of SCADA systems acts as both benefit
and disadvantage for the system that uses SCADA (Sajid, Abbas & Saleem, 2016). The
major disadvantage that is present in case of using this remote-control system is that with
the help of the remote system the imposters can gain access to the data that are being
processed in the SCADA system. Attackers steal endpoints of SCADA systems in order
to proclaim the system that is functioning (Lee, 2018)
Implementation of SCADA vulnerability scanner might act helpful in order to detect the
unauthorized access to the SCADA project. In case the SCADA vulnerability scanner is
implemented in the system notification will be provided in case unauthorized users log into the
systems
Frequency
The frequency at which the vulnerability of SCADA and ICSs is ought to happen are as
follows: -
1. Zero Day Vulnerability: Chances of occurrence of Zero Day Vulnerability is not
very high but the severity of the consequences on its occurrence is relatively high.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5
VULNERABILITIES IN SCADA
2. Data base injection: Chances of occurrence of data base injection in a SCADA
system is relatively higher than that of Zero Day Vulnerability. The severity of
consequences is not as high as the consequence of Zero Day Vulnerability
3. Remote control: Chances of occurrence of remote control is very low. The main
reason of that the chances of occurrence of this aspect is low because the technology
that is required for performing this threat is very high end. The affect that it might do
to the entire system will be very high in case this problem arises.
Recommendations
The recommendations that will act helpful in order to perform the functioning in SCADA
system are as follows: -
 In case of the Zero Day Vulnerability prevention from this issue is better than searching
for cure procedures. Deploying of the incident response team for providing prevention in
case of Zero Day Vulnerability. With a team of trained individuals hired for protecting
the SCADA system the SCADA system stays protected
 Keeping the plug ins and the libraries updated are one of the main aspects that must be
taken into consideration as the updated versions are difficult to breach through. Not
sharing of the data base accounts among the different applications and the websites will
also act beneficial in preventing the data base injection. Validating the user supplied data
base information and audits will also act advantageous in this course
 Implementation of SCADA Vulnerability scanner will also help in better management of
the SCADA systems. With the help of the vulnerability scanner the benefit that is

6
VULNERABILITIES IN SCADA
enjoyed includes better notification provisioning regarding access of the data that are
present in the SCADA system.
Threat Creators:
1. Zero Day Vulnerability: Human factor
The main motive behind Zero Day Vulnerability is to destroy the entire SCADA system from
functioning and making the developers unable to rectify the issues
2. Data Base injection: Human factor
The main motive behind this issue is to make the data that are stored on the data base invalid and
corrupt the data that are present
3. Remote access: Human factor
The main motive behind occurrence of tis issue includes gaining of data in an unauthorized
manner and using the same against the genuine user.

7
VULNERABILITIES IN SCADA
References
Lee, C. (2018). Discovering Cyber Vulnerabilities in SCADA Control System via Examination
of Water Treatment Plant in Laboratory Environment. The UNSW Canberra at ADFA
Journal of Undergraduate Engineering Research, 9(1).
Ren, W., Yardley, T., & Nahrstedt, K. (2018, October). EDMAND: Edge-Based Multi-Level
Anomaly Detection for SCADA Networks. In 2018 IEEE International Conference on
Communications, Control, and Computing Technologies for Smart Grids
(SmartGridComm) (pp. 1-7).
Sajid, A., Abbas, H., & Saleem, K. (2016). Cloud-assisted IoT-based SCADA systems security:
A review of the state of the art and future challenges. IEEE Access, 4, 1375-1384.
Ullah, I., & Mahmoud, Q. H. (2017, December). A hybrid model for anomaly-based intrusion
detection in SCADA networks. In Big Data (Big Data), 2017 IEEE International
Conference on (pp. 2160-2167). IEEE.

1 out of 7

+13062052269

info@desklib.com

Vulnerabilities in SCADA

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Analysis of Security Tools for JKL Company

Analyzing Security Options for JKL Company

Chevron's Infrastructure Evaluation

ManageEngineOpManage: Network Monitoring and Troubleshooting Solution

Assignment on CyberSecurity

Cisco Network Design for Sleepcity Expansion