Affiliation:
1. Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia
Abstract
Supervisory control and data acquisition (SCADA) systems enable industrial organizations to control and monitor real-time data and industrial processes. Migrating SCADA systems to cloud environments can enhance the performance of traditional systems by improving storage capacity, reliability, and availability while reducing technical and industrial costs. However, the increasing frequency of cloud cyberattacks poses a significant challenge to such systems. In addition, current research on cloud-based SCADA systems often focuses on a limited range of attack types, with findings scattered across various studies. This research comprehensively surveys the most common cybersecurity vulnerabilities and attacks facing cloud-based SCADA systems. It identifies four primary vulnerability factors: connectivity with cloud services, shared infrastructure, malicious insiders, and the security of SCADA protocols. This study categorizes cyberattacks targeting these systems into five main groups: hardware, software, communication and protocol-specific, control process, and insider attacks. In addition, this study proposes security solutions to mitigate the impact of cyberattacks on these control systems.
Reference49 articles.
1. Morsey, C. (2017). Supervisory Control and Data Acquisition (SCADA) Systems and Cyber-Security: Best Practices to Secure Critical Infrastructure, Robert Morris University.
2. Architecture and security of SCADA systems: A review;Yadav;Int. J. Crit. Infrastruct. Prot.,2021
3. Cai, N., Wang, J., and Yu, X. (2008, January 13–16). SCADA system security: Complexity, history and new developments. Proceedings of the 2008 6th IEEE International Conference on Industrial Informatics, Daejeon, Republic of Korea.
4. SCADA systems in the cloud and fog environments: Migration scenarios and security issues;Facta Univ.-Ser. Electron. Energetics,2019
5. Buyya, R., Yeo, C.S., and Venugopal, S. (2008, January 25–27). Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. Proceedings of the 2008 10th IEEE International Conference on High Performance Computing and Communications, Dalian, China.