This chapter explores challenges in securing industrial control systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems using Future Internet technologies. These technologies include cloud computing, fog computing, Industrial internet of things (IIoT), etc. The need to design specific security solutions for ICS/SCADA networks is explained. A brief overview of cyber vulnerabilities and threats in industrial control networks, cloud, and IoT environments is presented. The security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud, challenges in securing such systems, and migration toward fog computing. Challenges in securing IIoT are addressed, including security risks and operational issues, key principles for securing IIoT, the functional security architecture, and the role of fog computing. Authors point out current standardization activities and trends in the area, and emphasize conclusions and future research directions.
TopIntroduction
Over the past thirty years information and communication technologies (ICT) have been introduced in the Industrial Control Systems (ICSs) and particularly Supervisory Control and Data Acquisition (SCADA) networks. This implied adoption of open communication standards like Ethernet, Transmission Control Protocol/Internet Protocol (TCP/IP) suite and a variety of wireless standards. Consequently, the problem of increased susceptibility to different forms of cyber security threats appeared, which was verified by a number of successful attacks on worldwide ICS/SCADA systems (Stouffer, Pillitteri, Lightman, Abrams, & Hahn, 2015; Ogie, 2017; Schwab & Poujol, 2018). The need for specific security solutions, tailored to the requirements of industrial control networks, has been recognized as a critical issue from the very beginning.
Nowadays, we are facing with proliferation of the Future Internet technologies, including cloud computing, fog computing, Internet of Things (IoT), mobile computing, big data processing and analytics. The IoT concept is rapidly evolving in different directions. Thus, the Industrial Internet of Things (IIoT) encompasses interconnected sensors, actuators, and other devices networked together with computers' industrial applications, and it represents an essential building block of the Industry 4.0 model (H. Xu, Yu, Griffith, & Golmie, 2018). Energy Internet, also known as the Internet of Energy (IoE) represents a wide area network (WAN), which integrates different types of energy resources, storage and loads, and enables peer-to-peer energy delivery on a large scale (Cao et al., 2018; Bostjancic Rakas, 2020). Heterogeneous IoT (HetIoT) extends the IoT concept to support a variety of heterogeneous wireless technologies and many different applications in daily life and industry (Qiu, Chen, Li, Atiquzzaman, & Zhao, 2018).
Although these technologies bring substantial benefits for the industry regarding information and economic efficiency, cyber security remains a crucial risk factor, which is even more distinct than when using traditional Internet technologies.
Apart from industry efforts (Howard, 2015; Nugent, 2017; Byers, 2018; Aleksandrova, 2019), only a few academic research papers systematically surveyed security issues in ICS/SCADA systems using Future Internet environments (Sadeghi, Wachsmann, & Waidner, 2015; Sajid, Abbas, & Saleem, 2016; Stojanovic, Bostjancic Rakas, & Markovic-Petrovic, 2019).
There are many open issues regarding cyber security of industrial control systems in the Future Internet environments, from the system’s level (network security architectures, risk management, security policy implementation), through specific solutions (intrusion detection and prevention systems, encryption, authentication mechanisms), development of dedicated test environments, to definition of security policies that are applied during operational lifecycle. The main objective of this chapter is to emphasize challenges in securing ICS/SCADA systems in such new environments, particularly cloud computing, fog computing and/or IIoT.
The rest of the chapter is structured as follows. The background section explains the reasons for designing specific security solutions for ICS/SCADA networks and presents a brief overview of cyber vulnerabilities and threats in industrial control networks, cloud and IoT environments. In the following section, security of cloud-based SCADA systems is considered, including benefits and risks of SCADA migration to the cloud environment, challenges in securing such systems and migration toward fog computing environment. Further, challenges in securing IIoT are analyzed, including a brief comparison of IoT and IIoT requirements, security risks and operational issues, key principles for securing IIoT, the functional IIoT security architecture and the role of fog computing. The next section addresses standardization efforts in the area. The chapter ends with emphasizing the future research directions and concluding remarks.