Abstract:
Supervisory Control and Data Acquisition (SCADA) systems have become essential to many industries around the world. Nowadays, SCADA systems are controlling many critical infrastructures such as power grids, mega factories, water treatment systems, and even nuclear power plants. As a result, SCADA systems have become very attractive targets for malicious attacks. In this paper, we show a test-bed that we have developed to detect vulnerabilities within SCADA protocols against internal attacks in order to find out how easy it is to bypass security measures in such protocols. Furthermore, we have tested SCADA components to assess their vulnerabilities against the following attacks: Denial of Service (DoS) attacks, replay attacks, cryptographic attacks, and fragmentation attacks. Our results indicate that SCADA protocols and components are very vulnerable, and hence it is of paramount importance to find immediate solutions to these vulnerabilities. © 2013 IEEE.