Since the early 1960, industrial process control has been applied by electric systems. In the mid 1970’s, the term SCADA emerged, describing the automated control and data acquisition. Since most industrial and automation networks were physically isolated, security was not an issue. This changed, when in the early 2000’s industrial networks were opened to the public internet. The reasons were manifold. Increased interconnectivity led to more productivity, simplicity and ease of use. It decreased the configuration overhead and downtimes for system adjustments. However, it also led to an abundance of new attack vectors. In recent time, there has been a remarkable amount of attacks on industrial companies and infrastructures. In this paper, known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources. The different types of attacks and their points of entry are reviewed in this paper. Trends in exploitation as well as targeted attack campaigns against industrial enterprises are introduced.
Two Decades of SCADA Exploitation: A Brief History
- OT Security Certifications (GICSP, GRID, GCIP)
- ATT&CK® for Industrial Control Systems (ICS)
- Convergence of IT and SCADA: Associated Security Threats and Vulnerabilities
- Adversarial Attacks on Machine Learning Cybersecurity Defences in ICS
- Cybersecurity for Industrial Control Systems: A Survey
- Architecture and Security of SCADA Systems: A Review
- Assessing Cyber-Physical Security in Industrial Control Systems
- Anomaly Detection for Industrial Control Networks using Machine Learning
- An IT-Security Fuzzing Framework for Proprietary ICS Protocols
- Securing Big Data from Eavesdropping Attacks in SCADA/ICS Network Data Streams