See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/341384501

A SECURITY ANALYSIS AND SECURE MANAGEMENT MODEL FOR SCADA

SYSTEMS

Chapter · April 2019

CITATIONS READS

0 704

2 authors:

Cagri Dogu Tuncay Ercan

1 PUBLICATION   0 CITATIONS   
Yasar University
103 PUBLICATIONS   821 CITATIONS   
SEE PROFILE
SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Endüstriyel Sistemler Akıllı Yönetim ve Güvenlik Platformu View project

Cloud Computing View project

All content following this page was uploaded by Tuncay Ercan on 14 May 2020.

The user has requested enhancement of the downloaded file.

 Industry 4.0 From The Management Information Systems Perspectives

SECURE MANAGEMENT MODEL FOR SCADA SYSTEMS

Çağrı DOĞU1,2, Tuncay ERCAN2
1
Energy Holding A.S., Kavacik Meydani, Energy Plaza Kat:8, 34805, Beykoz,
Istanbul, Turkey
2
Yasar University, Dep. of Comp. Eng., Izmir, TURKEY
1
cdogu@enerjeo.com, 2tuncay.ercan@yasar.edu.tr
1. Introduction
It is a well-known fact that the use of the networking technologies increases
communication, sharing of information and mutual interaction among the different
systems. The Internet of Things (IoT) is a new technological concept that the
intelligent devices (different sensors, application outputs, production data in
factories) somehow communicate with each other and form an intelligent and
autonomous network based on end-to-end digitalization concept. Together with the
developments in technology, many sensor devices can be integrated into the internet
environment through WSN (Wireless Sensor Networks) systems (Akyıldız et al.
2002). Real-time continuous stream of data coming from the sensing devices that
are used in the environment and from the data terminals in the production systems
of a factory are transformed to be used by Information Systems (Storage, database,
application services) provided by Service Providers (like Cloud Computing
services) on the internet. This kind of Industrial IoT (IIoT) information flow will
result in changes that can positively affect our daily life, business life and industrial
production systems (Lojka, Bundzel, and Zolotová, 2016).
The technological advances based on scientific discoveries in different fields, called
the Industrial Revolution, back from the 18th century up to today had three
important stages with remarkable features according to the industrial systems used
in different periods. Starting with the mechanical production systems using steam
power, the process has left the serial production with the help of the electric power
since the beginning of the 20th century, and the production has become fully
automatic with the digital revolution, electronic systems and information
technologies started in the 1970's. Rapidly growing industrial automation, coupled
with internet technology, is moving towards the era of intelligent production, which
is called the Industry 4.0 or 4th Revolution (Brettel, Friederichsen, Keller &
Rosenberg, 2014).
The integrated implementation of IoT and industrial automation systems is called
IIoT (Lin et al., 2015). Intelligent production machines with IoT capability
automatically communicate with each other over the network to control production
and minimize operator contribution in the areas such that;

1
Section Title

• Mechanical and electrical failures can be anticipated to reduce downtime

due to failure,
• Rapid detection of raw material deficiency,
• Factory managers can receive production and malfunction information
from any part of the world in real time,
• Every detail in Supply Chain Data Management can be shared with
distribution channels and customers.
SCADA is an abbreviation for "Supervisory Control and Data Acquisition". It is the
general name of a system including computers, communication equipment, sensors
or other devices. In a SCADA system, continuous operational data coming from
Programmable Logic Controller (PLC) systems in factories, distributed control
systems and sensors within the production systems are being stored and evaluated
real-time and transferred to end-users as reports or immediate warning for any
negative event in the overall system. Information is displayed in a central Human
Machine Interface (HMI) with graphics and can also be remotely accessed and
monitored by Remote Terminal Unit (RTU). SCADA can be classified Energy
(Electric, Natural Gas, Thermal Water, Water, Oil, etc.) or Process control systems
(Industrial processes in a factory automation).
Although SCADA is generally a system used for industrial control purposes, this
control process is executed by means of the tools like RTU, PLC and software
planning systems like ERP (Enterprise Resource Planning). In this regard, it is not
only a matter of computer engineering, but also an interdisciplinary area that
includes different engineering fields such as electrical-electronics, machinery,
computer, software, industry, and mechatronics. Although cloud computing is
recently becoming a new environment for SCADA applications, its on-demand
network access to a shared pool of configurable computing resources including
networks, servers, storage, applications, and services can be rapidly provisioned by
service provider interactions. New cloud services like scalable data management
and big data analytics allow new decision-making processes in SCADA systems
(Church et al., 2015).
In this work, we mainly focus on SCADA systems by giving necessary architectural
information and explaining the features of a working SCADA system in thermal
energy power generation. The remaining part of the work is organized as follows.
The next section explains the methodology followed in the conceptual framework
of industrial SCADA systems. It explains the general SCADA architecture and
ORC SCADA architecture we experienced. Then we present our management
methodology and security perspectives in this system. We will explain our findings
as advantages and disadvantages by comparing generic system features. We will
conclude in the last section.

2
 Industry 4.0 From The Management Information Systems Perspectives

2. Methods
We all know that computer systems and networking technologies pass through rapid
changes and this makes Information and Communication Technologies (ICT) one
of the most developing sectors. There is no doubt that ICT is highly related with
critical information systems in different industrial sectors. Therefore, SCADA
became more important for many application areas (particularly in the energy
sector) and is required to be used by the National Organizations of Energy Market
Regulatory. SCADA has a subgroup of Industrial Control System (ICS) and another
subgroup for Distributed Control System (DCS) in geographically distributed
locations. ICSs can be used in different industries (electric, water, oil, gas etc.).
DCSs are supervisory and regulatory control systems and generally used to control
production systems within a factory.
2.1. General SCADA Architecture
SCADA concept was first introduced in the mid-20th century and based on several
production floors, industrial facilities and personnel to manually control and
monitor remote sites for pushing alert buttons and making urgent analogue calls
with the people in charge. The term "SCADA" emerged in the early 1970s, and for
decades the rise of microprocessors and PLCs has increased the ability to monitor
and control the automation processes of enterprises more than ever. The latest
developments in technology have enabled automated SCADA systems according to
the company with maximum efficiency at low cost. SCADA has some auditing and
data collection systems running behind the scenes in almost every plant or in any
workplace setting up a network (Hayden, 2014).
Advancements in Intelligent Instrumentation and Remote Terminal Units
(RTUs)/PLCs have made the process-control solutions to be easily managed and
operated by a SCADA system. SCADA is an industrial computer-based control
system employed to gather and analyze the real-time data to keep track, monitor
and control industrial equipment in different types of industries. PLC is an
automation device used in the control of processes such as control of machines or
production departments in factories. Unlike normal computers, the PLC has many
inputs and outputs (I/O). PLC plays a big role in the foreground of factors such as
producing more and better-quality products in a short time, producing with very low
error rates. General architecture of SCADA system is given in Figure 1.

3
Section Title

Figure 1: General Architecture of SCADA (Retrieved from dentrodelasala.com)

SCADA systems are basically software that can be used to monitor a wide area of
facilities from a single center with devices such as computers, mobile phones or
tablets. It can be used from a single device and can be controlled and monitored
with multiple computers and portable devices via network connections. Together
with the communication standards like RS-232, RS-422 and RS-485, SCADA uses
the real-time encapsulated PROFINET protocol with TCP/IP. After all industrial
devices communicate with PROFINET, industrial networks can be easily deployed
and controlled in every network layer. Each command executed by operators is
traceable with packet-by-packet. A Physical Industrial LAN Schematic is given in
Figure 2 (PI, 2015).

Figure 2: A Physical Industrial LAN Schematic

Main PLC, auxiliary PLCs, electronic protection and locking systems, motor
control units are the main control units. The main part keeps the entire system under
control and has the following characteristics:
4
 Industry 4.0 From The Management Information Systems Perspectives

• Multiple master stations should be able to talk at the same time through
separate communication channels.
• RS-232, RS-485 physical communication layer, copper and fiber optic
physical environment, should be able to communicate with multiple
protocols.
• Must have the ability to be easily expanded, configured and maintained.
• It should be able to carry out its own tests, the faults that occur should have
a structure that stimulates both itself and the SCADA center.
• Redundancy is most important aspect of continuing the production. When
replacing a faulty module, there must be a hardware structure that does not
require cutting of the energy.
2.2. ORC SCADA Architecture in Use
Organic Ranking Cycle (ORC) is currently used in geothermal energy utilities in
order to generate electrical power (Ozden & Paul, 2011). Operators control the
energy generation in ORC using HMIs. In ORC utilities, there are more than 1000
sensors in a typical site. These sensors collect data from all production & re-
injection wells, brine transfer pumps, pentane levels, volume tank, turbines,
generator and much more things which working in a utility. Operators manage all
of things with HMIs in SCADA UI. ORC system is given in Figure 3 (Singh, 2009).

Figure 3: An ORC Schematic

These types of industrial equipment come with PLCs in the SCADA system with
an RTU capability. PLCs go to a network environment and communicate with HMI
through special protocols. Moving all these devices to a network environment
requires a series of safety precautions, although facilitating our work for more
automation. Automation firms are not so sensitive for scheduled updates in control
devices and even in the current operating system (Knapp, 2011).

5
Section Title

2.3. Management of SCADA

Main management issues in the facilities operated by the SCADA System are
maintenance activities, efficient management of workforce planning and ensuring
security measures. They can be listed as follows:
• Physical check for cleanup at scheduled periods,
• Electronically check for input voltages and communication in monitors.
• Software updates published by vendors,
• Backing up Industrial PC’s and PLC files in scheduled times to encrypted
storage device.

2.4. Security of SCADA

Nowadays, cyber security threats like APTs (Stuxnet, Night Dragon, etc.) are a new
phenomenon. As a result, there are many old systems that may be vulnerable to
cyber-attacks, because cyber security was not a simple idea at the time of initial
design and installation. Complete solutions are given in Figure 4.

Figure 4: Complete Industrial Cyber Security Solutions (Honeywell)

Power generation facilities, metropolitan traffic control systems, water treatment
systems, and factories are all at risk. Exploits freely available on the Internet make
the ICS of leading vendors’ easy targets for attackers. They require a rugged and
reliable security gateway solution to detect threats and control access to critical
components in industrial network. The security gateway must detect industrial
packets (MODBUS, BACnet, CIP, DNP3, IEC-60870-5-104, ICCP, MMS, OPC,
PROFINET, Step7, etc.) and learn commands of SCADA. Then, it can define
thresholds for industrial components of separated operator PCs. If infected PC sends
a wrong command, the firewall can stop the communication of PLC from industrial
6
 Industry 4.0 From The Management Information Systems Perspectives

network. It must install NGAV (next generation anti-virus) and zero-day malicious
detector software to industrial PCs (HMIs) for protect the any infection risk. OS
updates are also mandatory to fix the vulnerabilities in OS. These systems must
warn operators and IT admins with e-mails or intranet messaging by warning and
error information messages (Kobara, 2016).
Since every IoT device has an internet connectivity like 6LowPAN going to a direct
server, this will not be an efficient choice for security (Hui, Culler, Chakrabarti,
2009). In our case, we applied SaaS Cloud Computing service that automatically
provides load balancing, Dynamic DNS, VPN, Hash mechanism features. These
settings will enable both an instant data stream and an anonymous connection to
IoT devices. Cloud server provider may take over the automatic IP distribution by
a PPPoE (Point-to-Point over Ethernet) server on the cloud and a VPN connection
with the cloud can be established. While PPPoE allocates the IPs by authentication,
VPN additionally enforces multi-factor authentication and confidentiality when
communicating with IoT devices (Condry et. al 2016).
In many cases, the first step in a cyber-attack is a target discovery that remotely
monitors the profiles and configurations of destinations, as well as internal
information such as operators and operational roles. Ports and security vulnerability
scanners have been popular to search for open ports, services, and security
vulnerabilities from the Internet, but other approaches using dedicated search
engines such as (SHODAN, 2017) have become serious, because they can easily
list weaker and more vulnerable targets. IP addresses and port numbers can be
searched if the targets do not have publicly disclosed vulnerabilities, more security
vulnerabilities are examined.
Some modern ICS devices or services provide Web interfaces that can be vulnerable
to SQL / OS command injections or cross-site exploits like cross-site scripting and
cross-situational fraud. It can also provide inappropriate remote access control
mechanisms like default IDs, passwords for authentication and access control
schemes. Additional jumping mechanisms that can be written manually cope with
the loss of passwords. Another security measure for Internet discovery is to put
devices and servers behind a firewall. ICS / SCADA honeypots are useful for
understanding their discovery activities. They imitate the behavior of common
industrial control protocols and monitor activities related to them. These honey pots
can be created using CONPOT. Telescoping devices have IoTPOT, which is
common in some IoT devices (Pa et al. 2015; Kobara, 2016).
Risk factors of any infrastructure should be identified under the name of the risk
management framework of the organizations and short, medium and long-term
security measures are planned. These measures can be examined by analyzing
universal rules, cyber resources, preliminary risk analysis, threat and preparation
levels, and cyber threat tools (Stouffer, Pillitteri, Abrams and Hahn, 2015).

7
Section Title

3. Findings
The occurrence of any breakdown in the power generation plant should be
intervened quickly. The SCADA system we experienced in the plant uses SaaS in
Cloud Computing. Security and management information can be displayed in
accordance with the user's requests. Thousands of sensors connected to the ICS and
DCS infrastructure ensure real-time data simulations within the system. Many data
can also be collected from RTUs. In the selection of SCADA systems for energy
sector, including more than one plant, the management capability includes several
operating zones together with maintenance, cost and separate installation criteria.
That SCADA applications should also be compatible with external applications in
the company and support Turkish language as well is an important criterion in
system administration. Thus, hidden additional costs that will arise after installation
are reduced in advance (Moness, 2016).
Current technologies will have security weaknesses unless being constantly
updated. To protect against these security weaknesses, it is necessary to educate
employees. In some production sites, unfortunately SCADA has not been produced
and no automation has been considered (U.S. General Accounting Office, 2011).
Industrial control system is an indispensable capability in the management of plants.
Turkish Electricity Transmission Company (TEIAS) continuously communicates
with the RTU to read the instant 154KV output values in the plant and measure
power quality. In order to read the output quality, TUBITAK (Scientific and
Technological Research Council of Turkey) also receives all data from its servers
via the NTP protocol discussed by (Alcaraz and Zeadally, 2013).
This remote access through the internet connection should be symmetric. The DoS
prevention system on the Internet service provider should be activated with
certainty. Thus, the speed of symmetrical internet will always be constant. The 7th
OSI layer firewall should be installed to read SCADA packets between HMI and
sensors. All VLANs should be separated from each other and careful switching rules
should be defined on the firewall. Hazardous packages should be blocked by
opening IPS / IDS. All user devices must be easily identified with the help of the
Active Directory server to be installed inside. It may be necessary to make Group
Policy settings to restrict the people who will use SCADA. Using an MFA will be
a good security measure if it is going to be accessed from outside using VPN. It is
not necessary to forget the human factor in SCADA systems. Operators may have
inappropriate security clearances or abuse the system. For this reason, training and
supervision is very important.
Authors state that the faults in the system should be examined in two main
categories, internal and external. These faults cause a definite stance in production
systems. Therefore, the system must have a redundant structure (Alcaraz and
Zeadally, 2013).
8
 Industry 4.0 From The Management Information Systems Perspectives

4. Discussion and Conclusions

SCADA is a very important business tool to produce efficient and better-quality
products at minimum cost to reduce dependency on human power, to provide life
and property security and to use resources efficiently. The SCADA systems should
be planned, installed and managed in critical industrial systems. Together with
many application areas, energy sector is one of the compulsory areas that need to
be SCADA system required by the National Organizations of Energy Market
Regulatory. This organization collects energy production data in all energy utilities
and manage market control, purchase and sale prices in the energy sector.
The system also checks interruption records in the energy plants and updates daily
pricing in the energy market. If necessary, the whole system is managed from the
TEAIS center to remotely monitor possible energy interruptions, open cutters and
maneuver for continuity of supply remote monitoring system (Official Gazette of
Turkey, 2012; Gungor V. C. and Lambert F. C., 2006).
Every IP-enabled device from the Internet is actually connected to each other.
Therefore, it is necessary to maintain and develop the credibility of a critical
infrastructure in the country. With industry 4.0, it is inevitable to protect these
networks in the country and provide a continuous working scheme.
5. References
Akyıldız, L.F., Sankarasubramaniam, Y., Su, W., Cayırcı, E., (2002). Wireless Sensor
Networks: A Survey. Journal of Computer Networks, 38, 393-422.
Alcaraz C., Zeadally S., (2013). Critical control system protection in the 21st century. IEEE
Comput. 46 (4) 74–83.
Brettel, M., Friederichsen, N., Keller, M., Rosenberg, M. (2014). How virtualization,
decentralization, and network building change the manufacturing landscape: An industry 4.0
perspective. Journal of Mechanical, Aeorospace, Industrial, Mechatronic and Manufacturing
Engineering, 8, 37-44.
Church, P., Mueller, H., Ryan, C., Gogouvitis, S. V., Goscinski, A., Haitof, H., Tari, Z.
(2015). Moving SCADA Systems to IaaS Clouds. 2015 IEEE International Conference on
Smart City/Socialcom/Sustaincom together with DATACOM 2015 and SC2 2015 Chengdu,
China.
Condry M.W., Nelson B.C., (May 2016). Using Smart Edge IoT Devices for Safer, Rapid
Response with Industry IoT Control Operations. Proceedings of the IEEE, Vol. 104, No. 5:
1-9.
Gungor V. C., Lambert F. C., (2006). A Survey on Communication Networks for Electric
System Automation, Elsevier Publications.
Hayden E. (2014). An Abbreviated History of Automation & Industrial Controls Systems and
Cybersecurity, A Sans Analyst Whitepaper.

9
Section Title

Hui J., Culler D., Chakrabarti S., (January 2009). 6LoWPAN: Incorporating IEEE 802.15.4
into the IP architecture. Internet Protocol for Smart Objects (IPSO) Alliance.
ISACA Journal, Volume 1, (2014), “SCADA Cybersecurity Framework”, Accessed 1 May
2017. Retrieved from http://www.isacajournal-
digital.org/isacajournal/2014_volume_1?pg=20#pg2
Kobara K., (APRIL 2016). Cyber Physical Security for Industrial Control Systems and IoT.
IEICE Trans. Inf. & Sysy., Vol. E99–D, NO.4.
Knapp E., Broad J., (2011) Industrial Network Security (Book). ELSEVIER.
K. Lin et al., Human localization based on inertial sensors and fingerprint in industrial
internet of things, Computer Networks (2015), Accessed 9 May 2017. Retrieved from
http://dx.doi.org/10.1016/j.comnet.2015.11.012
Lojka, T., Bundzel, M., Zolotová, I. (2016). Service-oriented Architecture and Cloud
Manufacturing. ACTA Polytechnica Hungarica Vol. 13, No. 6.
Moness M., Moustafa M., (2016). A Survey of Cyber-Physical Advances and Challenges of
Wind Energy Conversion Systems: Prospects for Internet of Energy. IEEE Internet of Things
Journal, Vol. 3, No. 2.
Ozden H., Paul D., (2011). Organik Rankin Çevrim Teknolojisiyle Düşük Sıcaklıktaki
Kaynaktan Faydalanılarak Elektrik Üretimi. Örnek Çalışma: Sarayköy Jeotermal Santrali.
X. Ulusal Tesisat Muhendisligi Kongresi, 13-16 April 2011 IZMIR.
Pa Y.M.P., Suzuki S., Yoshioka K., and Matsumoto T., IoTPOT: Analysing the Rise of IoT
Compromises. 9TH USENIX Workshop on Offensive Technologies (WOOT 15), August.
2015, WASHINGTON, DC.
PI. (2015). PROFINET – The Solution Platform for Process Automation. PI White Papers.
Singh Sh. A., (2009). Organic Rankine Cycle Power Plant for Renewable Energy Resources,
Maulana Azad National Institute of Technology Bhopal, India, 462051
SHODAN, (2017). Search Engine, Accessed 11 April 2017. Retrieved from
https://www.shodan.io/
Stouffer K., Pillitteri V., Abrams M., Hahn A., (May 2015). Guide to Industrial Control
Systems (ICS) Security. NIST Special Publication, 800-82.
Official Gazette of Turkey, (2012). REGULATION ON SERVICE QUALITY IN
ELECTRICITY DISTRIBUTION AND RETAIL SALE Date and Number: 21/12/2012 – 28504
43th article, Energy Market Regulatory Authority of Turkey.
U.S. Government Accountability Office, (2011). Critical Infrastructure Protection. United
States Government Accountability Office report to Congressional Requesters, GAO-12-92,
WASHINGTON, DC.

10

View publication stats