PRINCIPLES AND PRACTICES OF CYBER SECURITY

TABLE OF CONTENTS
1.0 Introduction.....................................................................................................................................4

2.0 Discussion.......................................................................................................................................4

2.1 Literature Review........................................................................................................................4

2.2 Data management Plan................................................................................................................7

2.3 Security risk assessment and analysis..........................................................................................9

2.4 Recommendation for improvement............................................................................................12

3.0 Conclusion.....................................................................................................................................12

Reference List......................................................................................................................................13

Appendices..........................................................................................................................................15

2
 Abstract
The Abstract of Principles and Practices of Cyber Security by SCADA system for information
protection is a comprehensive set of guidelines that are used to protect the security of SCADA
systems and the data they contain from malicious attacks. It covers the principles and practices of
cyber security, such as “physical security, network security, authentication and encryption, access
control, and incident response". It also provides guidance on how to use these principles and practices
to secure SCADA systems, including best practices for system design and implementation, secure
operations and maintenance procedures, and incident response plans. The guidelines are intended to
help organizations understand the risks associated with SCADA systems, identify potential
vulnerabilities, and take the necessary steps to protect their systems and data.

3
1.0 Introduction
The study is conducted on the theory of principles and practices of cyber security. The project aligns
with a large manufacturing company whose headquarters has two sections and each section depends
on the local network system as “SCADA (Supervisory control and data acquisition)”. Thus, this
SCADA system maintains various kinds of critical data with the sensitive information company-based
so this project has declared the main purpose of the cyber security with the risk assessment and
analysis factors. For the business operation, the SCADA system is must be used in this large
company, actually, this system defines the combination factor of software and hardware automation
process by “Computing Operational Technology”. So, depending on this system the company makes
the proper data management plan to mitigate the security risk assessment through the SCADA system.
They are designed with measures to protect against unauthorized access, malicious attacks, and data
tampering. Security features such as strong authentication, encryption, firewalls, and intrusion
detection systems are used to protect the system from malicious activity. Additionally, SCADA
systems are designed to be updated regularly, so that any security vulnerabilities that are discovered
can be addressed quickly. By having a secure SCADA system in place, organizations can protect their
critical infrastructure from cyber threats and ensure the security of their operations.

2.0 Discussion

2.1 Literature Review

According to Rakas et al, 2022, SCADA systems have been around for a long time. From monolithic
systems in the first generation to spread systems using proprietary network technologies in the second
generation to completely networked systems in the third generation used today. The “Industrial
Internet of Things (IIoT)” and “Futuristic Internet (FIN) technologies” of “cloud/fog computing, big
data analytics, and mobile computing” will be utilized in the forthcoming fourth-generation SCADA
system. Physical and cyber security in SCADA is now merging. However, with the growing adoption
of Internet technologies, this is a relatively recent event that has developed in third-generation
SCADA systems. Security products have a high level of maturity in both corporate and public IT
networks. But putting the same approach into practise in industrial networks is challenging and
frequently calls for new control environment-specific solutions. A thorough understanding of "control
theory, physical systems, and network security" is required to solve problems with continuous real-
time system security tools already in existence for ICS setups that can be used to stop, find, stop, or
investigate cyberattacks. However, there aren't enough appropriate attack models or scenarios for
exploiting SCADA system vulnerabilities. As a result, efforts are required to enhance cyber-attack

4
modelling frameworks and procedures and implement them in appropriate test environments.
SCADA-specific adversary emulation tools should also be encouraged to be developed as free and
open source. These tools can be found in most IT networks.

According to Abu-Alhaija 2020, the study examines the serious cybersecurity challenges posed by the
growth of Internet technology. This document examines various areas of cyber security, from
“infrastructure to networks, databases, applications, identity and access management, cloud systems,
and the Internet”. Bridging the gaps between these areas has become imperative to combat
cyberattack security risks. A different focus for every organization and every provider in cyberspace-
related security domains has resulted in a disjointed security state of cyberspace. Additionally, a
disaster recovery plan should be firmly anchored as part of the overall concept. A business continuity
strategy to mitigate loss and disruption.

Figure 1: The areas of cyber security

(Source: https://www.researchgate.net)
Therefore, the development of methods and appropriate technology to ensure cyber security has
become an important aspect of the IT industry. Electronic security is just as important as physical
security because of the potential negative effects of operating critical cyber assets. SCADA
(Supervisory Control and Data Acquisition) system developments have also sparked worries about
cyber-related risks. SCADA systems are among the most significant industrial systems because they
can monitor and manage large, international industrial networks, such as power and gas distribution
networks. Additionally, interdependencies between “energy infrastructure, communications
infrastructure, and computing infrastructure” raise the risks of integrated infrastructure's complexity.
Although technical improvements serve to mitigate the limitations of existing power and
communication networks, technological complexity can also lead to security vulnerabilities that are
vulnerable to electronic intrusion.

5
According to Cruz and Simões 2021, the author's own experience has shown that cybersecurity
training that takes a very theoretical approach has a number of drawbacks. This is primarily because
the prerequisites are difficult and varied, frequently involving concepts related to the design of
“operating systems, networks, computer architecture”, and more. Finding trainee engagement in this
setting frequently entails striking a delicate balance between satisfying their expectations and
providing an appropriate path to advancement. Hands-on practice in high-fidelity environments is
essential for sparking interest and promoting a satisfying learning experience. To do this, it is
necessary to be able to create and implement a variety of use case training scenarios that are
specifically adapted to the needs of in-person, hybrid, or online learning teaching methods. It provides
an extensible framework for the building of lab and test settings for training purposes and describes
the design and development of cyber range environments based on the "Supervisory Control and Data
Acquisition System, (SCADA)". In this scenario, which was built from the ground up, students will
be able to interact with a very realistic world made up of actual and simulated components. Making a
SCADA for cybersecurity research can be done in a number of ways. The latter was used to
investigate intrusion detection “machine learning (ML) algorithms”. The testbed design has
educational potential despite its focus on research. A testbed for development and validation is also
presented in this work. It outlines the steps needed to construct a hybrid testbed environment with
“virtual machines, simulation models, emulated parts, and physical equipment”. The process of
configuration is made easier by this approach. Selecting and configuring components from an
inventory pool can create a virtual lab.

According to Nabil et al, 2020, a literature review of machine learning and deep learning (DL)
techniques for AI cybersecurity applications is presented in this overview paper. Each artificial
intelligence and data semantic method, including “deep learning, constrained Boltzmann machines,
feed-forward deep neural networks, and recurrent neural networks”, is briefly explained in the form of
a tutorial. SCADA systems and smart grid security applications make use of each DL method.
Controlling cybersecurity issues becomes increasingly important as data flows between various
information systems increase. The business is expanding at an exponential rate, particularly in the
electric energy and gas energy sectors. A proof of concept for a cyber-secure remote driving channel
was implemented as part of the Intelligence Control-Command Driving project. From an engineering
point of view, connected management system objects now require certain considerations. a method for
keeping track of connected objects and their operational exchanges with one another. A gap exists in
the current field of system cybersecurity. This is the use of artificial intelligence as a dynamic self-
learning strategy to deal with new threats that hackers will soon deploy technology based on artificial
intelligence for industrial system attacks. The system is depicted as a flaw in the cybersecurity chain
of the industry.

6
 Figure 2: Detect the weak link through the SCADA system
(Source: https://ceur-ws.org/Vol-2748/IAM2020_paper_35.pdf)
To better shield systems from cyberattacks, IDS can be used in conjunction with other security
measures like “access controls, authentication mechanisms, and encryption methods”. Based on
patterns of benign traffic or normal behaviour, or on specific rules that describe a specific attack, an
IDS can differentiate between normal and malicious actions. This describes how the large company
uses ML algorithms to detect cyberattacks in real time and uses SCADA systems in the context of
interconnected smart grids in the region to examine the user's viability. SCADA was constructed
using real-world industrial machinery. In order to gain a better understanding of attacks and their
effects in SCADA and smart grid environments, advanced attacks were carried out.

2.2 Data management Plan

The SCADA system is a powerful tool for managing and protecting organizational data. The system
should be configured to meet the specific needs of the organization and must include measures to
protect the data from unauthorized “access, alteration, or destruction”. The following steps outline a
comprehensive plan for cyber security through the SCADA system:
● Establish a secure network infrastructure: Establish a secure network infrastructure by using
firewalls, virtual private networks (VPNs), and other measures to protect the system from
unauthorized access.
● Monitor network traffic: Use network monitoring tools to track and analyse network traffic,
identify suspicious activity, and take corrective action when necessary.
● Monitor system logs: Monitor system logs for any suspicious activity and take corrective
action when necessary.
● Implement data encryption: Use data encryption to ensure that confidential information is
secure and inaccessible to unauthorized users (Dalaklis et al, 2021).

7
 ● Perform regular vulnerability scans: Regularly scan the system for vulnerabilities and take
appropriate measures to ensure the integrity of the system.
● Implement user authentication: To ensure that only authorized personnel have access to the
system, implement user authentication.

Cyber Security

Data management
Plan

secure Monitor regular

Monitor data
network network vulnerability data backup
system logs encryption
infrastructure traffic scans
Figure 3: Data management plan
(Source: Self-created in MS-word)

● Implement access control: “Implement access control” measures to restrict access to certain
areas of the system.
● Implement two-factor authentication: Implement two-factor authentication to ensure that only
authenticated users can access the system.
● Implement data backup: Implement automated data backup to ensure that the system is
recoverable in case of a disaster.
● Monitor system performance: Monitor system performance to ensure that the system is
running optimally. [Referred to Appendix 2]
Organizations can ensure that their data is protected from unauthorized “access, alteration, or
destruction” by following these steps.
The effectiveness of techniques and technology for cyber security by SCADA systems is significant.
SCADA systems are used to control and monitor industrial processes, so it is essential that they
remain secure and reliable. To achieve this, there are several techniques and technologies that can be
used.

8
First, SCADA security systems should employ encryption technologies to protect data and
communications (Falco et al, 2019). Encryption can help protect data from unauthorized users and
also allow for secure remote access to SCADA systems.
Second, SCADA systems should also use authentication technologies to ensure that only authorized
users can access them. This can include using strong passwords, two-factor authentication, biometrics,
and digital certificates.
Third, SCADA systems should also employ access control and segmentation technologies to limit
what users can do. This can include using firewalls, intrusion detection systems, and other network
security tools.
Finally, systems should also use monitoring and logging technologies to track user activity and detect
any suspicious behaviour (Perez et al, 2019). This can include using network monitoring tools,
application logging, and system logging.
Overall, the effectiveness of techniques and technology for cyber security by SCADA systems is
significant. By utilizing “encryption, authentication, access control, segmentation, monitoring, and
logging technologies”, SCADA systems can remain secure and reliable. This can help protect them
from unauthorized users and also allow for secure remote access.

2.3 Security risk assessment and analysis

Usable security is an approach to secure computing that focuses on making security easy and user-
friendly. It is an important concept to consider when protecting organizational information with the
SCADA system. SCADA systems are highly complex and vulnerable to physical and cyber-attacks
and therefore require “secure, reliable, and easy-to-use security” solutions. This means developing
solutions that can be easily understood by users and require minimal effort to use. A good usable
security solution could involve user authentication that requires minimal input from the user, such as a
“single authentication code”, rather than multiple complex passwords. Similarly, it could involve
designing user interfaces that are easy to navigate. Usable security also requires designing solutions
that are secure but still allow users to do their work quickly and easily. To achieve this, it should be
designed to be “robust, reliable, and efficient” (Polat et al, 2022). It should also provide appropriate
levels of access control and audit logging. Finally, usable security solutions should also be easy to
manage, configure, and maintain. This involves considering the needs of administrators, who need to
be able to quickly and easily manage the security system.
The SCADA system protects organizational information, identifies such kinds of security control
factors and mechanisms against cyber risk as,
Security Controls:
1. Access control: A secure access control system should be implemented to limit access to the
SCADA system to only authorized personnel. Access control systems should include

9
 authentication and authorization procedures, as well as a means of auditing and logging user
activity.
2. Data encryption: All data traffic should be encrypted and sent over secure channels.
Encryption algorithms should be regularly updated to ensure that the latest security protocols
are in place.
3. Network segmentation: The SCADA system should be segmented into different zones with
different levels of security (Jan et al, 2022). This helps to ensure that if one part of the system
is compromised, the rest of the system remains secure.
4. Firewall: A firewall should be implemented to protect the SCADA system from external
threats. Firewalls should be regularly updated to ensure that the latest security protocols are in
place.
5. Intrusion Detection/Prevention System: An intrusion detection and prevention system should
be implemented to detect and prevent unauthorized access to the SCADA system.
This system should be regularly tested and updated to ensure the latest security protocols are in place.
Mechanisms to Identify Cyber Risk:
1. Regular vulnerability scans: Regular vulnerability scans should be conducted to identify any
potential weaknesses in the system.
2. Log analysis: Logs should be regularly analysed to detect any suspicious activity or
unauthorized access attempts.
3. Network traffic analysis: Network traffic should be regularly monitored to detect any
suspicious activity or unauthorized access attempts.
4. Penetration testing: Penetration testing should be conducted to identify any potential
weaknesses in the system.
5. Security audits: Security audits should be conducted to identify any potential weaknesses in
the system (Yadav and Paul 2021).
6. Security awareness training: All personnel should be regularly trained on security best
practices and procedures.
7. Asset inventory: An inventory of all assets connected to the SCADA system should be
maintained and regularly updated.
8. Incident response plan: An incident response plan should be developed to ensure that the
appropriate steps are taken in the event of a security incident.
9. Risk assessment: A risk assessment should be conducted to identify potential risks and
vulnerabilities in the system and develop a plan to address them.
10. Patch management: All software and hardware should be regularly patched to ensure that the
latest security protocols are in place. [Referred to Appendix 1]
Mitigating Factor:

10
● Implement a robust authentication system: A strong authentication system should be
implemented so that only authorized users can access the SCADA system. This could include
two-factor authentication with “one-time passwords, biometric authentication, or other strong
authentication methods”.
● Implement strong access control measures: Access control measures should be implemented
to ensure that only authorized personnel can access the system. This could include user group
access control, role-based access control, or other access control methods.
● Monitor system activity: System activity should be monitored to detect any suspicious
activity. This could include monitoring system events, user access attempts, or any other type
of activity that could indicate a security breach.

Robust
authenti
cation
Perform system
Strong
regular
access
security
control
audits

Mitigating
Implemen
t patch Factor Monitor
system
managem
activity
ent

Impleme Limit
nt policy user
enforce privilege
ment s

Figure 4: Mitigating plan

(Source: Self-created in MS-word)

● Limit user privileges: User privileges should be limited so that only users with the necessary
privileges can access the system (Wang et al, 2019). This could include granting user’s access
to only certain parts of the system or limiting the types of activities they can perform.
● Implement policy enforcement: Policies should be enforced to ensure that users are following
the security protocols that have been established. This could include enforcing password
policies, or monitoring user activities to ensure compliance.
● Implement patch management: Patch management should be implemented to ensure that the
system is up-to-date and secure. This could include patching security vulnerabilities or
installing the latest security patches for the system.

11
 ● Perform regular security audits: Regular security audits should be performed to ensure that
the system is secure and compliant with security protocols (Selvarajan et al, 2020). This could
include penetration testing, vulnerability scanning, or other types of security assessments.

2.4 Recommendation for improvement

For improvement factors against cyber-attacks, the study recommends some methods, Multi-factor
authentication requires users to provide multiple forms of authentication in order to access systems or
resources. This could include a combination of something the user knows “(such as a password)”,
something the user has (such as a physical token or smartphone), or something the user is
(biometrics). MFA is an effective way to reduce the risk of unauthorized access to systems and
resources (Balleste 2022). Password management is a key component of identity management. It
involves the use of strong passwords and the enforcement of a password policy. This includes
regularly changing passwords, using a mix of characters, and avoiding the reuse of passwords across
multiple accounts. Access control is a security measure that restricts access to systems and resources
based on user identity. This can include granting different levels of access to different types of users
and limiting access to systems and resources based on user roles. Access control is an effective way to
ensure that only authorized users have access to sensitive data and systems (Alimi et al, 2021).
“Identify Access Management” is a system that manages and secures user authentication and access to
systems, networks, and resources. IAM is an effective way to ensure that only authorized users can
access the systems and resources they need.

3.0 Conclusion
The implementation of a SCADA system for cyber security is a must for any organization that wants
to protect its critical information. It provides a comprehensive framework for the protection of data,
networks, and systems from external threats. This system for cyber security can provide the necessary
measures to ensure the security and integrity of organizational data, which is essential for the efficient
and effective operation of the organization. By implementing the SCADA system, organizations can
be assured of the security of their data and systems, and this can ultimately lead to improved
productivity and profitability. Organizations must also keep up to date on the latest cybersecurity
measures and technologies to ensure the safety of their data. In conclusion, a SCADA system for
cyber security is a must for any organization that wants to protect its valuable and critical information
from external threats.

12
13
Reference List

Journals
Abu-Alhaija, M.W.A.F.F.A.Q., 2020. Cyber security: Between challenges and prospects. ICIC
express letters. Part B, Applications: an international journal of research and surveys, 11(11),
pp.1019-1028.
Alimi, O.A., Ouahada, K., Abu-Mahfouz, A.M., Rimer, S. and Alimi, K.O.A., 2021. A review of
research works on supervised learning algorithms for SCADA intrusion detection and
classification. Sustainability, 13(17), p.9597.
Alimi, O.A., Ouahada, K., Abu-Mahfouz, A.M., Rimer, S. and Alimi, K.O.A., 2021. A review of
research works on supervised learning algorithms for SCADA intrusion detection and
classification. Sustainability, 13(17), p.9597.
Balleste, R., 2021. Cyber Conflicts in Outer Space: Lessons from SCADA Cybersecurity. Emory
Corporate Governance and Accountability Review, 8(1), p.1.
Cruz, T. and Simões, P., 2021. Down the rabbit hole: Fostering active learning through guided
exploration of a SCADA cyber range. Applied Sciences, 11(20), p.9509.
Dalaklis, D., Nikitakos, N. and Yaacob, R., 2021. Cyber security sraining strategy: dealing with
maritime SCADA risks.
Falco, G., Eling, M., Jablanski, D., Miller, V., Gordon, L.A., Wang, S.S., Schmit, J., Thomas, R.,
Elvedi, M., Maillart, T. and Donavan, E., 2019, June. A research agenda for cyber risk and cyber
insurance. In Workshop on the Economics of Information Security (WEIS).
Jan, A. and Vaish, A., CYBER SECURITY FOR DIGITAL MANUFACTURING.
Khodabakhsh, A., Yayilgan, S.Y., Abomhara, M., Istad, M. and Hurzuk, N., 2020, August. Cyber-risk
identification for a digital substation. In Proceedings of the 15th international conference on
availability, reliability and security (pp. 1-7).
Nabil, S., Mohamed, B., Bersini, H. and Bourennane, E.B., 2020. Artificial Intelligence and Cyber
Security: Protecting and Maintaining Industry 4.0 Power Networks. In CEUR Workshop
Proceedings (Vol. 2748, pp. 19-31).
Perez, R.L., Adamsky, F., Soua, R. and Engel, T., 2019. Forget the myth of the air gap: Machine
learning for reliable intrusion detection in SCADA systems. EAI Endorsed Transactions on Security
and Safety, 6(19), pp.e3-e3.
Polat, H., Türkoğlu, M., Polat, O. and Şengür, A., 2022. A novel approach for accurate detection of
the DDoS attacks in SDN-based SCADA systems based on deep recurrent neural networks. Expert
Systems with Applications, 197, p.116748.
Rakas, S.V.B., Stojanović, M.D. and Marković-Petrović, J.D., 2020. A review of research work on
network-based scada intrusion detection systems. IEEE Access, 8, pp.93083-93108.

14
Selvarajan, S., Shaik, M., Ameerjohn, S. and Kannan, S., 2020. Mining of intrusion attack in SCADA
network using clustering and genetically seeded flora‐based optimal classification algorithm.  IET
Information Security, 14(1), pp.1-11.
Stojanović, M.D., Boštjančič-Rakas, S.V. and Marković-Petrović, J.D., 2019. SCADA systems in the
cloud and fog environments: Migration scenarios and security issues. Facta universitatis-series:
Electronics and Energetics, 32(3), pp.345-358.
Suaboot, J., Fahad, A., Tari, Z., Grundy, J., Mahmood, A.N., Almalawi, A., Zomaya, A.Y. and Drira,
K., 2020. A taxonomy of supervised learning for idss in scada environments. ACM Computing
Surveys (CSUR), 53(2), pp.1-37.
Wang, Q., Tai, W., Tang, Y. and Ni, M., 2019. Review of the false data injection attack against the
cyber‐physical power system. IET Cyber‐Physical Systems: Theory & Applications, 4(2), pp.101-107.
Yadav, G. and Paul, K., 2021. Architecture and security of SCADA systems: A review. International
Journal of Critical Infrastructure Protection, 34, p.100433.

15
Appendices
Appendix 1: Network traffic analysis

(Source: https://www.researchgate.net)

16
Appendix 2: Virtual private network

(Source: https://www.cyber.gov.au/acsc)

17