Assessment of SCADA system vulnerabilities & PatchRank
Convert Text to Speech
Paper title- Assessment of SCADA system vulnerabilities
authors names-
Geeta Yadav
Ph.D. Research Scholar,
Khosla School of Information Technology,IIT Delhi, New Delhi, India
Dr. Kolin Paul
Khosla School of Information Technology,IIT Delhi, New Delhi, India
School of Information Technology, TalTech, Tallinn, Estonia
Paper abstract -
SCADA system is an essential component for automated control and monitoring in many of the
Critical Infrastructures (CI). Cyber-attacks like Stuxnet, Aurora, Maroochy on SCADA systems
give us clear insight about the damage a determined adversary can cause to any country’s
security, economy, and health-care systems. An in-depth analysis of these attacks can help in
developing techniques to detect and prevent attacks. In this paper, we focus on the assessment
of SCADA vulnerabilities from the widely used National Vulnerability Database (NVD) until May
2019. We analyzed the vulnerabilities based on severity, frequency, availability, integrity and
confidentiality impact, and Common Weaknesses. The number of reported vulnerabilities are
increasing yearly. Approximately 89% of the attacks are the network exploits severely impacting
availability of these systems. About 19% of the weaknesses are due to buffer errors due to the
use of insecure and legacy operating systems. We focus on finding the answer to four key
questions that are required for developing new technologies for securing SCADA systems. We
believe this is the first study of its kind which looks at correlating SCADA attacks with publicly
available vulnerabilities. Our analysis can provide security researchers with useful insights into
SCADA critical vulnerabilities and vulnerable components, which need attention. We also
propose a domain-specific vulnerability scoring system for SCADA systems considering the
interdependency of the various components
2019-09-06 03:41:12
source
Gloss