A Security Assessment Model for Electrical Power Grid SCADA System
Qais Qassim1, Norziana Jamil2, Maslina Daud3, Norhamadi Ja’affar4, Hafizah Che Hasan5, Mohamad Afendee Mohamed6
1Qais Qassim, Institute of Informatics and Computing in Energy, Universiti Tenaga Nasional, Malaysia and Institute of Informatics and Computing in Energy, Universiti Tenaga Nasional, Malaysia.
2Norziana Jamil, Institute of Informatics and Computing in Energy, Universiti Tenaga Nasional, Malaysia.
3Maslina Daud, Cyber Security Malaysia.
4Norhamadi Ja’affar, Cyber Security Malaysia.
5Hafizah Che Hasan, CyberSecurity Malaysia.
6Mohamad Afendee Mohamed, Faculty of Informatics and Computing, Universiti Sultan Zainal Abidin, Terengganu, Malaysia.
Manuscript received on 11 December 2019 | Revised Manuscript received on 23 December 2019 | Manuscript Published on 31 December 2019 | PP: 763-773 | Volume-8 Issue-12S2 October 2019 | Retrieval Number: L113210812S219/2019©BEIESP | DOI: 10.35940/ijitee.L1132.10812S219
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open-access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Due to the wide application of SCADA systems in national critical infrastructure, their cyber security issues and vulnerabilities have been a primary concern; whereas, the impact and consequences of cyber-attacks to these systems have the potential to result in catastrophic consequences in the physical domain. Therefore, estimating possible attack impacts and identifying system vulnerabilities are major concern in SCADA management and operations. However, it is quite difficult to plan, execute and review vulnerability analysis in critical infrastructure systems as well as in industrial control systems (such as SCADA system) due to its complexity, large-scale and heterogeneity. Consequently, a consistent domain-specific conceptual model is required to establish a generic framework for cyber security analysis to examine and investigate security threats on cyber-physical systems, the role of the entities within the system as well as system operations. The main contribution of this work is to present a multi-facets model to support cyber security analysis practices such as penetration testing, vulnerability assessment and risk analysis. The proposed model presents a common insight among different SCADA configurations, implementations and the employed protocols to handle its complexity, heterogeneous and scale. To demonstrate the usability as a proof of concept and applicability of the proposed model, the paper also presents an example illustrating how the proposed model can be employed to carry out security vulnerability assessment.
Keywords: Critical Infrastructure Systems, Cyber-Attack, SCADA, Testbed, Vulnerability Assessment.
Scope of the Article: Grid Networking/ Computing