Abstract
This chapter explores challenges in securing industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems using Future Internet technologies. These technologies include cloud computing, fog computing, Industrial internet of things (IIoT), etc. The need to design specific security solutions for ICS/SCADA networks is explained. A brief overview of cyber vulnerabilities and threats in industrial control networks, cloud, and IoT environments is presented. The security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud, challenges in securing such systems, and migration toward fog computing. Challenges in securing IIoT are addressed, including security risks and operational issues, key principles for securing IIoT, the functional security architecture, and the role of fog computing. Authors point out current standardization activities and trends in the area, and emphasize conclusions and future research directions.
TopIntroduction
Over the past thirty years information and communication technologies (ICT) have been introduced in the Industrial Control Systems (ICSs) and particularly Supervisory Control and Data Acquisition (SCADA) networks. This implied adoption of open communication standards like Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP) suite and a variety of wireless standards. Consequently, the problem of increased susceptibility to different forms of cyber security threats appeared, which was verified by a number of successful attacks on worldwide ICS/SCADA systems (Stouffer, Pillitteri, Lightman, Abrams, & Hahn, 2015; Ogie, 2017; Schwab & Poujol, 2018). The need for specific security solutions, tailored to the requirements of industrial control networks, has been recognized as a critical issue from the very beginning.
Nowadays, we are facing with proliferation of the Future Internet technologies, including cloud computing, fog computing, Internet of Things (IoT), mobile computing, big data processing and analytics. The IoT concept is rapidly evolving in different directions. Thus, the Industrial Internet of Things (IIoT) encompasses interconnected sensors, actuators, and other devices networked together with computers' industrial applications, and it represents an essential building block of the Industry 4.0 model (H. Xu, Yu, Griffith, & Golmie, 2018). Energy Internet, also known as the Internet of Energy (IoE) represents a wide area network (WAN), which integrates different types of energy resources, storage and loads, and enables peer-to-peer energy delivery on a large scale (Cao et al., 2018; Bostjancic Rakas, 2020). Heterogeneous IoT (HetIoT) extends the IoT concept to support a variety of heterogeneous wireless technologies and many different applications in daily life and industry (Qiu, Chen, Li, Atiquzzaman, & Zhao, 2018).
Although these technologies bring substantial benefits for the industry regarding information and economic efficiency, cyber security remains a crucial risk factor, which is even more distinct than when using traditional Internet technologies.
Apart from industry efforts (Howard, 2015; Nugent, 2017; Byers, 2018; Aleksandrova, 2019), only a few academic research papers systematically surveyed security issues in ICS/SCADA systems using Future Internet environments (Sadeghi, Wachsmann, & Waidner, 2015; Sajid, Abbas, & Saleem, 2016; Stojanovic, Bostjancic Rakas, & Markovic-Petrovic, 2019).
There are many open issues regarding cyber security of industrial control systems in the Future Internet environments, from the system’s level (network security architectures, risk management, security policy implementation), through specific solutions (intrusion detection and prevention systems, encryption, authentication mechanisms), development of dedicated test environments, to definition of security policies that are applied during operational lifecycle. The main objective of this chapter is to emphasize challenges in securing ICS/SCADA systems in such new environments, particularly cloud computing, fog computing and/or IIoT.
Key Terms in this Chapter
Cloud Service Provider (CSP): A third-party company that offers cloud services (software as a service, platform as a service, infrastructure as a service, etc.) to business and/or residential customers.
Industrial Internet of Things (IIoT): A system of interconnected sensors, actuators, and other devices networked together with computers' industrial applications.
Cloud Computing: A method of using remote servers hosted on the Internet to store, manage, and process data.
Endpoint: In the context of Industrial Internet of Things, a component that has computational capabilities and network connectivity.
Cyber Security Risk: Exposure to harm or loss resulting from data breaches or attacks on information and communication systems.
Fog Computing: A n architecture that uses edge devices to perform a large amount of computation, storage and communication, locally and routed over the Internet.
Gateway: In the context of Industrial Internet of Things, a device that bridges the edge of an IIoT system to the cloud.
Service Level Agreement (SLA): A contract between the service provider and the customer, which defines provider’s responsibilities in the sense of quality of service guarantees, performance metrics, measurement methods, tariffs and billing principles, as well as penalties for both the user and the provider in the case of contract violation.