IoT- Based SCADA system Security in the core of cyber-warfare ITEC810 Final Report Student’s Name: Manar Alanazi #44162839 Supervisor’s Name: Rajan shankaran 11 May 20182 | P a g e Table of Contents SUMMARY ..
…..
Best services for writing your paper according to Trustpilot
…..
….
…
……
…..
…..
….
……
……
…….
…..
….
…
…..
……
…..
……
…….
…..
…
……
….
……
…
… 5 1.INTRODUCTION .
…
…
….
….
…
…..
…..
…
……
…
…..
….
…
….
……
…….
…..
…
….
…..
…
….
…
…………………. 6 2.OVERVIEW ……………………………………………………………………………………………………………… 6 2.1 BACKGROUND ………………………………………………………………………………………………………. 7 2.2 SIGNIFICANCE …………………………………………………………………………………………………………………………….. 8 3. RESEARCH FOCUS…………………………………………………………………………………………………………………………. 9 3.1 RESEARCH PROBLEM…….……………………………………………….……………………….……………………….………….…..…… 9 3.2 RESEARCH QUESTION ………………………………………………………………………………………………………………….. 9 3.3 RESEARCH AIM …………………………………………………………………………………………………………………………… 9 4. RESEARCH METHODOLOGY …………………………………………………………………………………………………………. 10 4.1 QUALITIVE RESEARCH………..……………………………………………………………………………….………………………….…….10 4.2 QUANTITIVE RESEARCH………………………………………………………………………………….………………………………….…10 4.3 DATA COLLECTION………….……………………………..……………………………………………..………………………………..……10 5. MERIT OF THE RESEARCH AND PROPOSED CONTRIBUTION TO ICS ………………………………………………… 11 6. LITERATURE REVIEW …………………………………………………………………………………………………………………… 11 6.1 SCADA SECURITY REQUIREMENT ………………………………………………………………………………………………… 11 6.2 RISK ASSESSMENT MODELS ……………………………………………………………………………………………………….. 13 6.3 SECURING SCADA SYSTEM IN GENERAL ……………………………………………………………………………………….. 17 6.4 SECURING IoT-SCADA SYSTEM CLOUD BASED ………………………………………………………………………………. 19 6.5 CRITICAL ANALYSIS AND SUMMARY ……………………………………………………………………………………………. 21 7. RESEARCH PLAN …………………………………………………………………………………………………………………………. 22 8. RESULT AND FINDINGS ………………………………………………………………………………………………………………. 23 8.1 IoT-SCADA CLOUD BASED SECURITY FRAMEWORK ……………………………………………………………………….. 24 8.2 THE BRIGHT SIDE OF USING IoT-SCADA CLOUD BASED……………………………………………………..…………….……29 9. CONCLUSION ……………………………………………………………………………………………………………………………… 29 10. REFERENCES …………………………………………………………………………………………………………………………….. 303 | P a g e List of figures Figure 1: IoT-SCADA Cloud based topology 7 Figure 2: Expected increase in IoT devices in 20204 8 Figure 3: Symbols from CORA risk assessment tool 16 Figure 4: CORA Risk assessment tool 19 Figure 5: project grant chart 22 Figure 6: Project process 22 Figure 7: IoT-SCADA framework 24 Figure 8: SCADA forensics 284 | P a g e List of acronyms and abbreviations SCADA Supervisory Control and Data Acquisition HMI Human Machine Interface CI Critical infrastructure ICS Industrial control system CPSs Cyber Physical Systems RTU Remote Terminal Unit PLC Programmable Logical Controller5 | P a g e SUMMARY SCADA (Supervisory Control And Data Acquisition) is an industrial control system which acts as an open eye for monitoring several critical infrastructures including electricity, nuclear systems, water supply system, smart grid and transports. This significant as any cyber-attacks expose these critical infrastructures will threaten human lives in extreme case. The goal of this project is to conduct depth investigation of the best existed security practices to secure and protect ICSs, including SCADA system in general and IoT-SCADA cloud-based, as well as outline the security requirements to achieve better security practices. This is an impartial literature review of previous investigations in the field of SCADA security to evaluate the potential approaches which could attenuate the security vulnerability of SCADA systems. This study will focus on a comprehensive analysis between different risk assessments models and methodologies to abstract and identify the security requirements which then will be used to establish a security policy framework. The first part of this paper will illustrate the project background and justifications, as well as benefits, aims and the expected outcomes. The second part will illustrate the methodology and plan that would be followed to extract the security policy frame work. Thus, the expected outcome of this project is creating a security framework which can at least mitigate the cyber-attacks on critical infrastructure resulting from the security vulnerabilities of the new evolution of SCADA systems.6 | P a g e 1. INTRODUCTION Supervisory Control And Data Acquisition (SCADA) are vitally important as it serves as the backbone of critical infrastructure and manufacture. SCADA systems connected to Industrial Control Systems to offer operatives with the capacity to control the Cyber Physical Systems, such as pumps and valves. These cyber physical systems are now integrated with the internet of thing environment. AS SCADA systems have undergone a significant evolution through four different generations from monolithic generation to IoT-cloud based generation, the stake level of security for each generation has changed as well. Hence, wired communication and typical protocols were used when SCADA systems early initiated and were merely objected to controlling and monitoring these systems. There are multiple advantages can be gained to ICSs from the combination of IoT-cloud environment such as cost reduction, embedded security and an increase in flexibility. Nonetheless, SCADA systems became more vulnerable to cyber-threats and attacks when these systems were subjected to the IoT-cloud domain within complicated network architecture. This is significant since the previous generations of SCADA systems already have inadequate security standards, nonetheless, the security concerns of SCADA systems are growing up with the integration of CPSs and IoT. Thus, the aim of this project is to investigate previous and existing best practices to secure the industrial control systems in order to be able to create a security policy framework which could at least mitigate the security vulnerabilities of SCADA system. The first section of this paper will give an overview about the project process and its organization. The second section will describe the research focus followed by the methodology that used to organize this research project. After that, the risk assessments models and methodologies will be evaluated in the literature review section to identify the security risks of IoT-SCADA Cloud based. The best mitigation techniques to secure SCADA System in general and IoT-SCADA cloud will be identified based upon the security requirements. The security policy framework will be then abstracted to at least mitigate the security vulnerability of SCADA systems. 2. OVERVIEW This project will focus on the evaluation of risk assessment models and methodologies which can be used to identify the security risk of IoT-SCADA in cloud environment. Therefore, diverse arrays of risk assessment tools were selected, and in-detail examined the context of industrial control system including SCADA. Next, typical applied security mechanisms to relatively achieve a secure SCADA system in general will be investigated and then evaluated with IoT-cloud based. Finally, the result of analysis will cover the security policy frame work which can help to at least mitigate the security vulnerability in the field of IoT-SCADA cloud based.7 | P a g e 2.1 BACKGROUND AND MOTIVATION Securing four generations of SCADA systems are identified in diverse research papers and it is gaining more significance by many researchers in the field of SCADA security. The technological revolution is reflected a new idea for conventional SCADA systems which have been operated since 1950. Due to the overlaying use of both technologies IoT and cloud computing, the security level of SCADA systems is decreasing. Hence, SCADA systems is becoming more vulnerable due to the integration of ICSs with IoT environment. SCADA systems in IoT-cloud topology consists of a Human Machine Interface (HMI), Programmable Logic Control (PLC), Remote Terminal Units (RTUs), actuators and sensors as presented in figure1. Figure 1:IoT-SCADA Cloud based topology At the supervision stage, the most important accountability of SCADA systems is to monitor the processes of the system and employ the appropriate controls accordingly. SCADA systems are Cyber Physical Systems used in industries and manufactures. These systems involve a vast range of application sectors including transport, electricity, energy and water, and currently several Researches are investigated in this field (Fortino,2012). Web-SCADA, which has a supplementary feature which is anywhere and anytime accessibility to the system via a secure web browser connection. Web-SCADA is a scalable and flexible system as it can easily participate with new project features, simple maintenance, and is able to be customized in other industrial applications such as electricity, water supply, transportation, monitoring (Webscada,2017).8 | P a g e 2.2 SIGNIFICANCE Since SCADA systems serve as the heart of several manufacturing and critical infrastructures, it is very essential to mitigate the security risks for SCADA systems. More importantly, with the invention of cloud computing and IoT, any device can be a part of the network. As a result, the revolutionized SCADA system which is bas on an IoT-Based cloud environment has exposed SCADA system to several security issues and threats to safety and human life in such extreme case. Thus, IoT- SCADA systems are vulnerable to cyber-attacks. It is estimated that there will be more than 50 billion IoT devices will be connecting to the internet in 2020 according to Cisco statistics demonstrated in Figure 2, which means the connectivity of IoT-SCADA will experience a critical challenge based on the theory of “more devices, more security challenges”. As there are many devices can be hacked, hackers or who are also known as cyber criminals will accomplish more since they can take a remote control on IoT devices. Figure 2: Expected increase in IoT devices in 202041 This is a significant issue, without the right intervention could result in more catastrophic effects in several critical infrastructures and manufactures. Industrial control system should be secure enough to limit the level of the harmful impacts resulting from cyber-attacks on these systems. 1 Evance,D.,2011. The Internet of Things How the Next Evolution of the Internet Is Changing Everything. Whitepaper. Retrieved from: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf9 | P a g e 3. RESEARCH FOCUS The focus of this research is on the analysis of different risk assessment models and methodologies used for SCADA research such as the Quantitative Threat-Risk Index Model (QTRIM), the Fault Tree Analysis (FTA), Attack trees, Cost of Risk Analysis System (CORAS) and Risk Watch for Critical Infrastructure (Nuclear Power compliant). This analysis would help to identify the appropriate risk assessment tool which can be then used in the ICSs including IoT-SCADA cloud based. SCADA system security mechanisms in general will be also investigated and then evaluated with the revolutionized generation of SCADA which is integrated with IoT and cloud environment. However, this research will deeply focus on IoT-SCADA cloud based. 3.1 RESEARCH PROBLEM There are several researches into the field of SCADA security which performs a significant challenge in the modern era. High profile SCADA security threats are increasing due to the evolution of the SCADA system which has been revealed to an IoT environment. Despite the advantages that can be gained from the IoT-Based SCADA system, such as cost reduction for heavy equipment, SCADA systems are becoming more vulnerable to cyber-attacks compared with the traditional SCADA systems. 3.2 RESEARCH QUESTION The essential questions that need to be investigated in detail to complete this project are listed as following: What are the security requirements to secure SCADA systems, how can we identify the security requirements? How can we achieve best security standards in SCADA system? How can we accomplish effective security measures for IoT-SCADA systems cloud based? How effective and efficient establishing or developing a security framework? 3.3 RESEARCH AIM The aim of this project is to investigate previous and existing best practices to secure the industrial control systems in order to be able to create a security framework based upon SCADA security requirements to at least mitigate the security vulnerabilities of SCADA systems. The expected benefits of this project are predicted to be addressing the security risks of ICSs such as SCADA systems. Furthermore, it aims to reduce the level of threats that expose critical infrastructures and manufactures. Finally, describing future research directions to secure these critical Cyber Physical systems CPSs and assist the research community in identifying the research gaps in this regard.10 | P a g e 4. RESEARCH METHODOLOGY This is research would be a pragmatic approach which involves mixed method approaches that employs data collection and analysis techniques associated with both quantitative and qualitative data. The process or techniques method will be applied in the latter part of the project after the analysis of risk assessment tools and decided what an appropriate tool will be further used in the formulation of the security framework. Whereas the qualitative model is the establishment of the security framework structure for IoT-SCADA system cloud based which will explore of the best mitigation techniques to achieve a secure SCADA system in general, as well as deeply focus on the current state of SCADA. 4.1 QUALITIVE RESEARCH All sources should be allocated for the research, including study cases and journals from various databases such as IEEE. Various number of academic sources will be also investigated. The key words use for finding information about the security mechanisms in SCADA systems, particularly in IoT-Cloud based SCADA system. The analysis would be then conducted by abstracting the security of the SCADA system in general and IoT-cloud based SCADA security and evaluating the best mitigation techniques of IoT-SCADA system in cloud environment to achieving best security approach. 4.2 QUANTITIVE RESEARCH The quantitative research captures the review of academic literature of various risk assessment tools in industrial control systems including SCADA systems via different scholarly websites in SCADA research. The current state of SCADA systems papers or journals abstracted using keywords such as risk assessment, security service, security mechanism, security framework and ICSs security. Each allocated article in this research will give intuition on what are the commonly used risk assessment tools in the field of ICS research. The influence of data in the result will then be confirmed in the final phase which is establishing a security framework based on the security requirement that identified by using the appropriate risk assessment model. 4.3 DATA COLLECTION The data collected in this literature consists of a collection of recent papers in the field of SCADA system research and the risk assessment tools utilized to identify the security risks. Also, this literature review is based on analysing and comparing the area of study. Major findings related to SCADA security in general and IoT SCADA System in cloud environment.11 | P a g e 5. MERIT OF THE RESEARCH AND PROPOSED CONTRIBUTION TO SCADA SYSTEM The combination of CPSs and IoT has brought several benefits to ICSs and manufactures, including the cost reduction of heavy equipment, real time control, redundancy and flexibility. Nevertheless, the stake of the security level has been significantly dropped when these CIs were exposed to the complex network architecture, combing both IoT and clod environment. Consequently, these CIs have been affected by diverse arrays of cyber threat and attacks. These threat and attack are being investigated in many researches in the field of SCADA systems. However, not many researches are being conducted in the particular field of revolutionised SCADA system which is based on IoT and cloud environment. Therefore, the information in this paper can be used by future researchers who will be interested in IoT-SCADA Cloud based and will simplify the essential background for future research. 6. LITERATURE REVIEW A literature review based on analysing the vital risk assessment models and tools in order to be able to establish the causes of the vulnerabilities in the critical infrastructures which in turn can assist to identify IoT-SCADA security requirements. Specially within IoT and cloud environments, they are far more subjected to vulnerabilities. Once the security requirement has been identified, the key areas of SCADA security in general will be evaluated with the current state of SCADA which integrated with both IoT and cloud environment. As a result of this evaluation, we can create an efficient security framework to limit the security vulnerability and cyber-attacks on IoT-SCADA cloud-based, as well as enhance the level of security to ICSs including SCADA 6.1 IDENTIFING THE SECURITY REQUIREMENTS The major difference between IT and ICS systems is that the former manages data whereas the latter control the physical world including critical infrastructures, industries and manufactures. Also, industrial control system including SCADA have its key features which is totally different from conventional IT systems. This difference is centred on potential risks and priorities. In fact, significant risks and threats expose the industrial control system will result in a physical damage to the natural environment and also threaten human lives in extreme case, as well as negatively affect the nation’s economy as it can cause loss of productions (Stouffer et all,2011). When it comes to ICS security such as SCADA, the following measures should be considered to achieve secure SCADA system. 6.1.1 PERFORMANCE Industrial control system controls the physical world in real-time. For SCADA systems, automatic response time or system response to human interaction is very important. Also, jitter and latency12 | P a g e are not acceptable in SCADA systems as any late response to, for example, send notification messages in case of conducted attacks to the human machine interface (HMI) will result in a catastrophic impact on critical infrastructure and manufacture that control (Igure et all,2006), (Hentea,2008). 6.1.2 AVAILABILITY AND RELIAIBILITY The availability requirement of SCADA system can be considered as one of the most significant issues since an unavailable SCADA system leads to unexpected physical damage which also threaten human life(Jiang,2015). Hence, comprehensive pre-implementing tests are very important to assure high availability for SCADA systems. Also, most control systems cannot be easily worn-out and started without causing negative impacts on production. In many cases, the products or equipment being utilized is more significant than the information being transmitted (Stouffer et all,2011). Hence, providing redundant components is essential to ensure continuity in case of the main components are not available. 6.1.3 RISK ASSESSMENT AND MANAGEMENT National critical infrastructures, such as electricity, transports, water supply systems and nuclear systems which under control of industrial control system including SCADA, are highly susceptible and vulnerable to cyber-attacks and threats. Conducting regular risk assessment can improve SCADA systems security management and clarify security plans and their implementations (Sajid et all,2016). Hence, risk management can be built based upon the risk assessment, and both approaches can assist to achieve best security practices industrial control systems including SCADA(Cherdantseva,2016). 6.1.4 OPERATING SYSTEM SECURITY Operating system security should be inclusively taken into account as the cyber physical devices in the new generation of SCADA system has been integrated with IoT environment. This integration has negatively affected the level of security in SCADA systems. Default factory settings result in configuration errors in the IoT device operating systems. Input validation is utilised at any system to ensure that there is no escalation privilege or unauthorized actions are allowed to access the context provided to any application (Hossain et all,2015). The well-known vulnerability of input validation is buffer overflow which can be resulted in software errors. 6.1.5 PLATFORM SECURITY The Programmable Logic Control PLC and Remote Terminal Unit RTU have been designed for real-time use in rugged environment, also consist of logic and programming to communicate with the centralized SCADA system (Macaualay,2016). Historically, PLCs have limited processing capabilities,13 | P a g e whereas they have been recently adopted with multi-processor environment. So, PLCs are essential part in control system networks as they are managed with the highest priority. Thus, it is significant to apply intrusion detection system and high-level security mechanisms to accomplish and satisfy the platform security requirements for IoT-SCDA cloud-based. 6.1.6 RECOURCE LIMITATION SCADA systems and its real time Operating Systems often have limited resources. Legacy systems also have inadequate resources compared to revolutionized IT systems. There may not be computing resources available on SCADA components, in particular, IoT-SCADA cloud-based to retrofitting these systems with current security capabilities (Stuoffer,2016). Thus, a logical access to SCADA systems should be limited to reduce privilege escalation which has become a significant issue due to the integration of SCADA systems with IoT environment. (Ejesh et all,2017) has proposed using a demilitarized zone (DMZ) network architecture with direct connection to firewalls to restrict network traffic access from a direct transmission between the corporate and SCADA networks, and gaining separate authentication mechanisms and credentials for the organization and SCADA networks users. The ICS including SCADA should also use a network topology that has multiple layers, with the most critical communications occurring in the most secure and reliable layer (Stuffer,2016). 6.1.7 COMMUNICATION SECURITY Information exchange between different networks should be conducted via a separate network segment (DMZ) (Ejesh,2017). The primary idea of secure communication is to establish a secure channel over an unsecure network. This guarantees protection from passive attacks such as eavesdroppers and man-in-the-middle attacks by using suitable cipher suites and trusted digital certificates (Vittor et all,2017). 6.2 RISK ASSESSMENTS MODELS AND METHODOLOGIES Critical analysis of several Risk Assessment Models will be conducted in this section which also involves identifying the strength and weakness of the risk assessment methodologies such as the Quantitative Threat-Risk Index Model (QTRIM), the Fault Tree Analysis (FTA), Attack trees, Cost of Risk Analysis System (CORAS) and Risk Watch for Critical Infrastructure (Nuclear Power compliant). This analysis would help to identify the appropriate risk assessment tool which can be then used in the ICSs including IoT-SCADA cloud based.14 | P a g e 6.2.1 QUANTITIVE THREAT-Risk INDEX MODEL (QTRIM) (Beitel,2004) proposed using the Quantitative Threat-Risk Index Model (QTRIM) is efficient risk assessment tool to predict the possibility of terrorist attacks against a national infrastructure. It is developed and tested at the Idaho National Engineering and Environmental Laboratory (INEEL) and analyse the risk probability using terrorist specific constraints, objectives, value systems, logistics, and opportunities on a balance scorecard framework. The limitation of this model is that these measures should be adapted with each subject terrorist group require a particular research into group motivations, philosophies, and political schemas. Furthermore, a standard to account for intelligence information should be involved in case if it is accurately suggesting cause and effect. 6.2.2 FAULT TREE ANALYSIS (FTA) One of the primary object of using FTA is to calculate the probability of an undesired event. This calculation can be achieved by using the Boolean representation of the system(Cetinkaya,2001). Nonetheless, the calculation is consuming a long time. This model is basically representing the triggering event at the leaf node, whereas the root node represents an undesired event, or failure, and the various events which leads to the top event are modelled as branches of nodes. 6.2.3 ATTACK TREE This model provides a formal way of conducting security analysis of the system protocols such as MODBUS/TCP based devices, by using the FTA model and replacing the fault as the attack goal and event probabilities for failure rates. The major benefit of applying attack trees is the representation of well comprehensive attack sequences. A sample of using attack tree to assess the security vulnerabilities in SCADA system has been proposed by (Eric,2004). This defence modelling was based on the attacker’s goals against a MODBUS-based SCADA system including eight significant goals. First of all, gain access to SCADA System and then Identify MODBUS Device. After that, disrupt Master-Slave communications, disable Slave, Read Data from Slave, write Data to Slave, Program Slave and finally compromise slave. It started with the goal of gaining an unauthorised physical access to the building using “OR” operator as following below to clarify that it is only one goal is required, as well as “AND” operator to identify that all goals are required (Eric,2004). The result of this experiment has been summarized in table 1 which illustrates various attacks conducted via remote field stations, the SCADA transmission infrastructure, trusted third parties or wireless control network connections.15 | P a g e Table 1: The result of attack tree analysis2 6.2.4 RISK WATCH FOR CRITICAL INFRASTRUCTURE A profitable mechanism which provides risk assessments for critical infrastructure, in particular the nuclear power. It is based upon the new Nuclear Energy Institute guidelines covered in the NEI 04-04 Revision 1: “Cyber Security Program for Nuclear Power Reactors”. Both the Nuclear Regulatory Commission and the Nuclear Energy Institute contributed in the evolution of this software, which was funded by the U.S. Department of Defence through the Technical Support Working Group (Francia,2012). 2 BYRES, Eric J.; FRANZ, Matthew; MILLER, Darrin. The use of attack trees in assessing vulnerabilities in SCADA systems. In: Proceedings of the international infrastructure survivability workshop. 2004.16 | P a g e 6.2.5 COST OF RISK ANALYSIS SYSTEM (CORAS) CORAS tool is a high-tech risk assessment tool which is developed to provide documentation, maintenance and reporting the target of analysis resulting from the CORAS risk assessment. CORA also uses special diagrams inspired by UML for reporting and analysing the results. The significant features over previous attack tree analysis methods is that CORAS can deal with more complex gates, temporal dependencies between attack steps, shared subtrees, and realistic, multi-parametric cost structures. Furthermore, due to its compositionality, our approach is flexible and easy to extend (Kumar,2015). A sample of CORAS risk modelling is conducted by (Francia,2012), is shown in the figure 3 below. Figure 3: Symbols from CORA risk assessment tool3 In that experiment, assets (e.g. the corporate reputation) have been identified and classified to different level of importance, went from the least to the significant importance. These identified assets then associated with potential threats scenarios to determine the level of impacts on these assets. Figure 4 illustrates the sample of CORA modelling. It is assumed that an IT technician was under training in a corporate utilised SCADA system, and this technician misconfigured the system. As a result, an eavesdropper or a hacker could gain an advantage from the vulnerability resulting from the misconfiguration of the system. Another vulnerability related to this scenario is that an unrestricted access control was given to the technician so that the hacker used social engineering attack to reveal critical information and compromise the confidentiality, as well as discover the rogue access point to access the network which clearly will lead to system disruption. 3 Kumar, R., Ruijters, E., & Stoelinga, M. (2015, September). Quantitative attack tree analysis via priced timed automata. In International Conference on Formal Modeling and Analysis of Timed Systems (pp. 156-171). Springer, Cham.17 | P a g e Figure 4:CORA Risk assessment4 6.3 SCADA SYSTEM SECURITY IN GENERAL This section investigates the possible security approaches for securing SCADA systems in General, including Policy management, data integrity and Communication protocol. Systematic analysis which focus on the security area of SCADA system in general will facilitate identifying the security area of the revolutionised SCADA that already integrated with cloud and IoT environment. 6.3.1 POLICY MANAGEMENT (Watts,2003) proposed using attack tree to assist the security risks of SCADA and he argued that applying better password policies limits the unauthorised access to SCADA system, at the same time helps to strengthen the system access point. However, penetration sequence of the attack does not appear at the leaf node when using attacks tree as a defence modelling. Hence, strong access point can be achieved using appropriate rules for authentication and authorization. 4 Francia III, G. A., Thornton, D., & Dawson, J. (2012, January). Security best practices and risk assessment of SCADA and industrial control systems. In Proceedings of the International Conference on Security and Management (SAM) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).18 | P a g e 6.3.2 DATA INTEGRITY (Davis et al,2006) presented a test-bed using Real-time Immersive Network Simulation Environment (RINSE), which evaluates vulnerabilities in operation systems. three scenarios are accomplished. The system accomplishes perfectly as there are no attacks in the first attack, whereas, the DoS attack is initiated in the second scenario. The third scenario employs filters to measure the impact of a DoS attack. A disadvantage of this approach is that the focus only is not the software, the hardware is not considered. (Cárdenas et al,2008) presented a methodology which helps to detect attacks by monitoring and analysing the physical system under observation. As recommended by Cárdenas, attack-resilient algorithms are beneficial to make the systems able to combat intentional attacks such as Stuxnet. (Gonzalez et all,2016) suggested that using Power Finger Print (PFP) is an innovative method to detect malicious activities in the control system. PFP is able to monitor the control system directly to detect cyber-attacks in ICSs. Nevertheless, PFP does not attempt to prevent Side-channel attack such as stealing the secret key as it has only the capability of monitoring ICSs and characterizing the normal behaviour of Side-channel attacks. (Suo et all, 2012) suggested a well-known and widely trusted suite of cryptographic algorithms applied to internet security protocols such as table 2. Table 2: A SUITE OF CRYPTOGRAPHIC ALGORITHMS5 While the symmetric encryption algorithm typically performs data encryption for confidentiality such as the advanced encryption standard (AES) block cipher, the asymmetric algorithm performs digital signatures and key exchange. Also, the rivest shamir adelman (RSA), the diffie-hellman (DH) asymmetric key agreement algorithm performs key agreement. Finally, SHA-1 and SHA-256 secure hash algorithms are applying for data integrity. A further fundamental asymmetric algorithm is 5 Suo, H., Wan, J., Zou, C., & Liu, J. (2012, March). Security in the internet of things: a review. In Computer Science and Electronics Engineering (ICCSEE), 2012 international conference on (Vol. 3, pp. 648-651). IEEE19 | P a g e named as elliptic curve cryptography (ECC) which can provide the same functionality of RSA, however short key exchange, the implementation of ECC has been slowed and maybe be encouraged recently (Suo et all,2012). 6.3.3 COMMUNICATION SECURITY There are some solutions are being established to overcome the security risks resulting from insecure communication between two end points, these solutions can provide integrity, authenticity, and confidentiality for communication. For instance: TLS/SSL or IPSec. TLS/SSL is invented to encrypt the link in the transport layer, and IPSec is designed to protect security of the network layer. So, they can offer integrity, authenticity, and confidentiality at each layer (Orazio et all,2018). Intrusion detection or prevention mechanisms should be employed to track network communications from lower trust networks, such as the corporate network and remote access networks. 6.4 IoT-SCADA SECURITY IN THE CLOUD ENVIRONMENT This section would cover depth investigation of possible security approaches to enhance the security of IoT- SCADA cloud based. 6.4.1 DATA ENTEGRITY AND PRIVACY (Antonini et al,2014) explored security challenges to SCADA systems, and (Baker et al,2015) illustrated a security platform for Service Oriented Architecture (SOA) based SCADA systems. The purpose of SOA is to present an advanced solution to combine cloud platforms into SOA SCADA systems. Also, it looked forward enhancing security and integrity problems for these systems. The authors try to pay readers’ attention for building a secure cloud platform which supports the use of SOA SCADA systems. Advanced Persistent Threats which are an unauthorized user with a hidden identity attempts to enter a network steals data or information from the system. (Bere et all,2015) investigated these sorts of threats, as well as suggested that APTs use zero-day attacks to steal data from systems. 6.4.2 DATA LOGS Data logs is a considerable security issue in IoT-Cloud SCADA system due to the presence of the cloud and result in accountability, monitoring and audit. The centralized logs can be achieved easily, whereas it is challenging to track system logs in IoT-Cloud SCADA because the theory of distributed control is applied in this generation of SCADA system. Industrial control system protocols give a permission to other ICSs hosts to read and write on other files without any logs (Nelson et all,2011). So, these systems lack the control feature.20 | P a g e 6.4.3 PRIVILEGE ESCALATION (Mekind,2018) proposed a light-weight Public-Key Infrastructure which allows device servers to authenticate and authorize user controls without sacrificing the overall SCADA performance. He suggested that a secure layer could be smoothly added to the current ICS. A Public-Key Infrastructure is a set of algorithms, protocols, software which assist to use asymmetric encryption and signature in distributed control system. So, this mechanism can be used for secure communication. He argued that the simple PKI architecture in which each device must verify a signed token, yet it can be replayed. Furthermore, The nonced PKI architecture in which each must verify a unique signed token by an initialization nonce, however can be replayed by an eavesdropper on that device. Moreover, Mekind et all pointed out that nonced PKI with digest architecture in which nonced tokens are no longer systematically transmitted for authorization. However, similar to the previous model, it is exposed to user identity spoofing. Finally, advanced PKI architecture in which every message being transmitted during a session is authenticated by a different cryptographic hash to prevent digest replay attacks by the incrementation of the nonce in each message. 6.4.4 Risk management (Wood et all,2017) proposed a security architectural pattern to address the security risks on SCADA system and critical infrastructure. His architectural pattern was based upon two layers of – conceptual and contextual layers – the Sherwood Applied Business Security Architecture (SABSA), which has been extensively used to design business security frameworks. A briefed overview of this architecture’s components is demonstrated in Table 2 below. Table 3:A Security Architectural Pattern for Risk Management of ICS within CNI (Wood,2017)21 | P a g e 6.4.5 Cyber Physical security (Wurm et all,2017) suggested sophisticated tamper-sensing mechanisms which can be used to prevent any sort of physical tampering. Researchers have proposed silicon-level solutions to reduce passive and active attacks, yet that does not completely remove the threat on other critical elements such as physical sensors and actuators. Hence, active sensor nets may also be utilised at the device level and with appropriate extensions at the system level to detect any unauthorized intrusion. 6. 5 CRITICAL ANALYSIS AND SUMMARY Employing proper defensive-modelling can help to attenuate the security risks to SCDA system. However, the connectivity has considerably increased with the integration of SCADA with IoT and cloud environment. Consequently, the level of security to the revolutionised SCADA system has significantly decreased and become more vulnerable to cyber-attacks. Based on the literature review, the previous generations of SCADA systems were much more secure than IoT-SCADA cloud based. However, a security framework can be effective to at least attenuate the security risks to the modern SCADA system. As there are diver arrays of risk assessment tools were examined in section 6.2, and each of which has its key characteristic, yet only one can be appropriate for all circumstances. The table below compare between the advantages and disadvantages of the different risk assessment models that discussed in section 6.2. QTRIM FTA Attack tree RWCI CORA Adaption with Large-Scale NETs • • • Efficient and effective for IoT-SCADA • • Complex threat assessment • • • A long-time process consumption • Table 4: Compsrision between different risk assessment tools The key feature of using CORA as a defensive model to IoT- SCADA is that provide well-organised analysis of the security risk, as well as appropriate to large scale networks. In contrast, RWCI is only used in nuclear system. Therefore, it does not support other sectors of critical infrastructures. Attacks tree is also as effective as CORA and has a comprehensive sequence result, yet the result of the security risk analysis will be disordered in large scale network. Finally, measures in QTRIM should be adapted with each subject terrorist group require a particular research into group motivations, philosophies, and political schemas. Furthermore, a standard to account for intelligence information should be involved in case if it is accurately suggesting cause and effect.22 | P a g e 7. RESEARCH PLAN This part illustrates the documented process of this project. While the Grant Chart demonstrates the schedule of activities since the beginning of this project, the project process summarises the flow of activities till reaching the targeted result. Figure5: Project Grant chart Figure6: Project Process IoT-SCADA in cloud23 | P a g e 8. RESULT AND FINDINGS IoT- SCADA systems are vulnerable to cyber-attacks. The variety between IoT- SCADA security and IT security on general should be logically comprehended as this comprehension could assist to develop more functional solutions which focus on IoT- SCADA security. Table 5 shows the major differences between IT and ICSs. Table 5: IT vs ICSs (Source: NIST,2016)6 6 Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16-16.24 | P a g e 8.1 IoT-SCADA cloud-based SECURITY FRAMEWORK Applying a security framework can assist to enhance the level of security to IoT-SCADA in cloud environment as it can provide a systematic approach to respond to cyber-attacks. This section will introduce a proposed security framework to IoT-SCADA cloud based, which is consist of sections and subsections as shown in Figure 7. Each section covers the area of the revolutionised SCADA system that is susceptible to malicious attacks, whereas the subsection covers the integrated part of the primary section that also needs further investigation. This approach can the corporate to immediately counteract the security risk using an appropriate security mechanism. Figure7: IoT-SCADA Cloud-based security framework 8.1.1 DATA SECURITY ? Integrity The generation, transmission, and storage of data within SCADA system should be immune enough from unauthorized access, including both its content, which might also involve the header for its source, destination and the payload itself. An authentication and identification service can provide digital signatures which can determine the sender’s and receiver’s identity information to prevent masquerading activities and25 | P a g e other passive attacks like MITM and DDOS. This mechanism should prevent the attacker from accessing, modifying, replaying and destroying any data being transmitted over SCADA Network. ? Privacy Embedded devices should be secure enough to achieve acceptable level of privacy and integrity as well. To defend against privacy and other security risks, cloud server and IoT should be considered when it comes to privacy concern. The employment of Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust (SMART) can protect only one embedded task with Read-only memory. Memory region in ROM inside the low-end micro-controller units (MCU)( Eldefrawy,2012). The key can only be accessed from this region. This mechanism is used to overcome the privacy issue resulted from the security vulnerability of embedded devices that has been integrated with internet of thing environment. ? Confidentiality Information related to the particular SCADA system should not be accessed from unauthorised party. The confidentiality of critical information such as passwords, encryption keys and detailed system layout map, should rank high when it comes to security issues in industry. Applicable reinforcement such as Advance Encryption Standards (AES) should be imposed in this aspect. 8.1.2 COMMUNIICATION SECURITY ? Wireless communication Due to the broadcast characteristic of the wireless medium, special considerations need to be taken into an account, including the establishment of wireless connection and how this connection can be configured. Furthermore, the acceptable configurations for wireless connections to the wired network are specified. (Khan, 2014) suggested using broadcast authentication in wireless sensor connection can provide a secure communication. So, transmitted data should be encrypted by using RC5 encryption technique to protect integrity and privacy of IoT-SCDA cloud-based. ? Wired communication To meet security and performance specifications, it is significant to consider the endpoint of each connection. Point 2-point connections (such as Ethernet, Fiber, and Microwave) typically terminate at a central system management facility. Cellular systems may provide an Internet connection requiring additional security, and phone-line systems must be protected against security breaches through the standard land-line, twisted-pair copper wire network. ? Third party communication Third-party software is used by IoT-cloud SCADA systems. (Sharma,2014) proposed using third-party authentication server may support a token-based authentication protocol for implementing single sign on26 | P a g e (SSO). Also, information exchange between different networks should be conducted via a separate network segment (DMZ). This can guarantee prevention from passive attacks which expose data integrity, privacy and confidentiality. 8.1.3 OS SECURITY ? Log analysis Most computer software and devices such as operating systems, application and other programable machine maintain activity logs. These logs are playing a significant role in troubleshooting, compliance checking, forensic analysis and intrusion detections. Thus, these logs can help to identify and control several intrusions. Such log analysis is normally supported by host-based IDS (Sajid,2017). ? File system integrity The integrity of software and operating systems can be validated through File integrity analysis. The cryptographic checksum is the most commonly utilised verification method. Applying checksum verification method is effective to identify Harmful files (black lists) and allowed files (white lists). Also, Checksum methods are supported by host-based IDS. ? Memory dump Both passive and active malicious activities existed within the memory of the operating system can be detected by memory dump analysis. Utilising revolutionised technologies, a volatility framework can examine several sorts of memory dumps. This sort of analysis facilitates the process of detection system calls and hidden processes, which also assists to detect the complex attacks and intrusions. 8.1.4 EMBEDED SECURITY DEVICES ? RTU security Important aspects such as virus testing, intrusion detection, access control, and encryption must be addressed when it comes to RTU security. ? Patching management Third-party software is used by IoT-cloud SCADA systems, and keeping this software continuously up to date is a challenge. Unknown errors in such software can trigger the possibility of arbitrary code execution by attackers. Monitoring the current security news and following the best approaches for updating and patching this critical infrastructure software is a requirement. 8.1.5 Risk assessment CORA CORAS tool is a high-tech risk assessment tool which is developed to provide documentation, maintenance and reporting the target of analysis resulting from the CORAS risk assessment. CORA also uses special diagrams inspired by UML for reporting and analysing the results. So, risk assessment can identify where the system is vulnerable to attack.27 | P a g e 8.1.6 END USER SECURITY ? User account and password The particular issue would be credential exposed in network traffic due to the use of the default user name and password, for example (admin: admin). Therefore, user account and password are vitally significant when it comes to end-user security in IoT-SCADA systems. Some policies give minimum requirements regarding to the passwords format, whereas other simply suggests using the current best practice. A shared password such as admin password need to have specific protections associated with creation, storage, and change requirements. Any additional password security requirements such as screen locks and maximum login are required. 8.1.7 SCADA FORENSIC Digital forensics has become an essential part of cyber security strategies. The key goal for a SCADA forensic process model is to find the security vulnerabilities and reduce the probability level of software failure. In the context of this paper, proposed SCADA forensics model by Wu, T. et al (2103) which combines incidence response and digital forensics investigation. The following phases where identified and are shown in Figure 4. collection Data is processed through several phases in SCADA systems, thus prioritizing and preservation of volatile data to identify which data has been overwritten or being compromised. Also, data collection depends on the volatility of the data. ? Acquiring volatile data of the physical Random Accessed Memory (RAM) that would normally be lost when the device is power off or restarted. ? Collection of Non-volatile evidence: data are forensic collected from non-volatile devices such as flash drives, SD cards from PLCs, USB sticks. Also, it is required to collect data from all mobile device such as Human Machine Interface workstations that are linked to the SCADA system.28 | P a g e Figure 8:SCADA Incident response forensic process7 Examination After a thriving collection of evidence, all collected data should be examined to provide all the answers to questions that were driven before the commencement of the investigation using different forensic distro such as Caine. Analysis The forensic examiner requires to go beyond examination of data collected to a critical analysis to find any relationship between the recovered forensic artefacts with evidential data to come out 7 Stirland, J., Jones, K., Janicke, H., & Wu, T. (2014). Developing cyber forensics for SCADA industrial control systems. In The International Conference on Information Security and Cyber Forensics (InfoSec2014) (pp. 98-111). The Society of Digital Information and Wireless Communication.29 | P a g e with a timeline of the incident and reconstruct the events in a test environment to help answer questions that has emerged during the forensic investigation. Reporting and Presentation The result gathered during the examination and analysis phase must be interpreted and a report written that can be read and understood by various audiences. The report contains answers to questions about the incident that called for the forensic investigation with conclusions that were reached during the examination and analysis of data collected. In the report the forensic examiner has to include his background, detailed description of the forensic tools and methodologies used and chain of custody documents. 8.2 THE BRIGHT SIDE OF IOT-SCADA CLOUD BASED There are many advantages can be gained from the revolutionized SCADA systems to various sorts of critical infrastructure. For instance, WEB-SCADA Medical system which is based on IoT gateway, as well as mobile and contextual sensors, helps Nurses to keep an eye on patient’s conditions and then react immediately in case if emergency raised. 9. CONCLUSION This literature review has explored some of the security techniques of SCADA in IoT-cloud environments while attempting to take special notes of the risk assessment tools present in IoT-Cloud based environment. I could simply evaluate the security mechanisms of SCADA system in General and IoT-Cloud based SCADA system, as well as create a proper framework to attenuate the security risks of the IoT-SCADA within the cloud.30 | P a g e Selected References 1. Stouffer, K., Falco, J., ; Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16-16. 2. WebSCADA, Web SCADA, Automation Systems, Process Control, Historian, Event Alarm, SCADA Solution, accessed on Feb. 5, 2016. Online. Available: http://www.webscada.com/SCADA/SolMedSys.aspx 3. Igure, V. M., Laughter, S. A., ; Williams, R. D. (2006). Security issues in SCADA networks. Computers ; Security, 25(7), 498-506. 4. Cárdenas, A. A., Amin, S., Lin, Z. S., Huang, Y. L., Huang, C. Y., ; Sastry, S. (2011, March). Attacks against process control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information, computer and communications security (pp. 355-366). ACM. 5. Fredriksen, R., Kristiansen, M., Gran, B. A., Stølen, K., Opperud, T. A., ; Dimitrakos, T. (2002, September). The CORAS framework for a model-based risk management process. In International Conference on Computer Safety, Reliability, and Security (pp. 94-105). Springer, Berlin, Heidelberg. 6. Jin, D., Li, Z., Hannon, C., Chen, C., Wang, J., Shahidehpour, M., ; Lee, C. W. (2017). Toward a cyber resilient and secure microgrid using software-defined networking. IEEE Transactions on Smart Grid, 8(5), 2494-2504. 7. Francia III, G. A., Thornton, D., ; Dawson, J. (2012, January). Security best practices and risk assessment of SCADA and industrial control systems. In Proceedings of the International Conference on Security and Management (SAM) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp). 8. Johnson, C., 2016, October. Securing Safety-Critical SCADA in the Internet of Things. In Conference on System Safety and Cyber Security (SSCS 2016) (Vol. 11, p. 13). 9. Church, P., Mueller, H., Ryan, C., Gogouvitis, S.V., Goscinski, A., Haitof, H. and Tari, Z., 2017. SCADA Systems in the Cloud. In Handbook of Big Data Technologies (pp. 691-718). Spring 10. WebSCADA, Web SCADA, Automation Systems, Process Control, Historian, Event Alarm, SCADA Solution, accessed on Feb. 5, 2016. Online. Available: http://www.webscada.com/SCADA/SolMedSys.aspx 11. Igure, V. M., Laughter, S. A., ; Williams, R. D. (2006). Security issues in SCADA networks. Computers ; Security, 25(7), 498-506. 12. Hentea, M. (2008). Improving security for SCADA control systems. Interdisciplinary Journal of Information, Knowledge, and Management, 3(1), 73-86. 13. Jiang, R., Lu, R., Luo, J., Lai, C., ; Shen, X. S. (2015). Efficient self?healing group key management with dynamic revocation and collusion resistance for SCADA in smart grid. Security and Communication Networks, 8(6), 1026-1039. 14. Sajid, A., Abbas, H., ; Saleem, K. (2016). Cloud-assisted iot-based scada systems security: A review of the state of the art and future challenges. IEEE Access, 4, 1375-1384. 15. Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., ; Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers ; security, 56, 1-27. 16. Hossain, M. M., Fotouhi, M., ; Hasan, R. (2015, June). Towards an analysis of security issues, challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.31 | P a g e 17. Vittor, T. R., Sukumara, T., Sudarsan, S. D., ; Starck, J. (2017, April). Cyber security-security strategy for distribution management system and security architecture considerations. In Protective Relay Engineers (CPRE), 2017 70th Annual Conference for (pp. 1-6). IEEE. 18. Macaulay, T., ; Singer, B. L. (2016). Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach Publications. 19. Ejesh, R., ; Zhonglin, Z. (2017, July). Safety of the SCADA Systems in Power Systems by Using Industry Protocols Data Communication. In Information Science and Control Engineering (ICISCE), 2017 4th International Conference on (pp. 1705-1708). IEEE. 20. Beitel, G.A., Gertman, D. I., and Plum, M.M. 2004. Balanced Scorecard Method for Predicting the Probability of a Terrorist Attack. Risk Analysis IV:581-592, WIT Press, Brebbia, C.A., ed.. 21. CETINKAYA, E.K., RELIABILITY ANALYSIS OF SCADA SYSTEMS.2001 22. Byres, E. J., Franz, M., ; Miller, D. (2004, December). The use of attack trees in assessing vulnerabilities in SCADA systems. In Proceedings of the international infrastructure survivability workshop. 23. Risk Watch for NEI. Website: http://www.riskwatch.com/index.php/neicompliance. Last access: March 06, 2012. 24. Kumar, R., Ruijters, E., ; Stoelinga, M. (2015, September). Quantitative attack tree analysis via priced timed automata. In International Conference on Formal Modeling and Analysis of Timed Systems (pp. 156-171). Springer, Cham. 25. D. Watts, ”Security ; vulnerability in electric power systems ,” in Proc. 35th North Amer. Power Symp., Rolla, MO, USA, Oct. 2003, pp. 559–566. 26. A. Giani, G. Karsai, T. Roosta, A. Shah, B. Sinopoli, and J. Wiley,“A testbed for secure and robust SCADA systems,” in Proc. 14th IEEE Real-Time Embedded Technol. Appl. Symp., 2008, pp. 1-4. 27. C. M. Davis, J. E. Tate, H. Okhravl, C. Grier, T. J. Overbye, and D. Nicol, `SCADA cyber security testbed development,” in Proc. 38th North Amer. Power Symp., Sep. 2006, pp. 483-488 28. Gonzalez, C.A. and Reed, J., 2016. Cyber Physical Intrusion Detection. In Cyber-security of SCADA and Other Industrial Control Systems (pp. 239-251). Springer International Publishing. 29. Suo, H., Wan, J., Zou, C., ; Liu, J. (2012, March). Security in the internet of things: a review. In Computer Science and Electronics Engineering (ICCSEE), 2012 international conference on (Vol. 3, pp. 648-651). IEEE. 30. D’Orazio, C. J., & Choo, K. K. R. (2017). A technique to circumvent SSL/TLS validations on iOS devices. Future Generation Computer Systems, 74, 366-374. 31. Nelson, T., Chaffin, M., 2011. Common Cybersecurity Vulnerabilities in Industrial Control Systems. Homeland security 32. Mekinda, L., Xu, C., Danilevski, C., Esenov, S., Santos, H., Bondar, V., … & Klimovskaia, A. (2018). Securing light source SCADA systems. 33. Wood, A., He, Y., Maglaras, L. A., & Janicke, H. (2017). A security architectural pattern for risk management of industry control systems within critical national infrastructure. International Journal of Critical Infrastructures, 13(2-3), 113-132. 34. Wurm, J., Jin, Y., Liu, Y., Hu, S., Heffner, K., Rahman, F., & Tehranipoor, M. (2017). Introduction to cyber-physical system security: A cross-layer perspective. IEEE Transactions on Multi-Scale Computing Systems, 3(3), 215-227.32 | P a g e 35. Eldefrawy, K., Tsudik, G., Francillon, A., & Perito, D. (2012, February). SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust. In NDSS (Vol. 12, pp. 1-15). 36. Khan, F. (2014, October). Secure communication and routing architecture in wireless sensor networks. In Consumer Electronics (GCCE), 2014 IEEE 3rd Global Conference on (pp. 647-650). IEEE. 37. Sharma, G. K., Hon, L. K. M., Burjoski, J. D., & Schneider, K. C. (2014). U.S. Patent No. 8,918,848. Washington, DC: U.S. Patent and Trademark Office. 38. Stirland, J., Jones, K., Janicke, H., & Wu, T. (2014). Developing cyber forensics for SCADA industrial control systems. In The International Conference on Information Security and Cyber Forensics (InfoSec2014) (pp. 98-111). The Society of Digital Information and Wireless Communication. 39. Evance,D.,2011. The Internet of Things How the Next Evolution of the Internet Is Changing Everything. Whitepaper. Retrieved from: https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
