Analysis of security challenges in SCADA systems, a technical review on automated real-time systems

Abstract

Cybersecurity is a rapidly growing concern in many technological areas of the industrial economy. Supervisory Control and Data Acquisition (SCADA) systems are particularly vulnerable to cyber-attacks and must be equipped with the appropriate tools and techniques to detect attacks, accurately distinguish them from normal traffic, overcome cyberattacks when they are present and to prevent them from disrupting these systems. The three main goals of IT cybersecurity are confidentiality, integrity, and availability (CIA), but these three goals have different levels of importance in the technology industry operational (OT), where availability comes before confidentiality and integrity. Cloud cyberattacks are increasing rapidly, posing a major challenge to such systems. One of the layers of security in both IT and OT are honeypots. Honeypots are used as a security layer to mitigate attacks, known attacker techniques, and network and system vulnerabilities that attackers can exploit. In this paper, we recommend the use of SCADA honeypots for the early detection of possible malicious intrusions within a network of SCADA devices, where an analysis of SCADA honeypots gives us the opportunity to know which protocols are attacked most often, as well as the behaviors, locations and attackers' intentions. We use an ICS/SCADA honeypot called Conpot, which simulates real ICS/SCADA systems with several ICS protocols and ICS/SCADA PLCs.