IoT- Based SCADA system Security in the core of cyber-warfare ITEC810 Final Report Student’s Name

IoT- Based SCADA system Security in the core of cyber-warfare

ITEC810 Final Report

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Student’s Name: Manar Alanazi
#44162839
Supervisor’s Name: Rajan shankaran

11 May 2018

2 | P a g e

Table of Contents
SUMMARY ………………………………………………………………………………………………………………… 5
1.INTRODUCTION ………………………………………………………………………………………………………. 6
2.OVERVIEW ……………………………………………………………………………………………………………… 6
2.1 BACKGROUND ………………………………………………………………………………………………………. 7
2.2 SIGNIFICANCE …………………………………………………………………………………………………………………………….. 8
3. RESEARCH FOCUS…………………………………………………………………………………………………………………………. 9
3.1 RESEARCH PROBLEM…….……………………………………………….……………………….……………………….………….…..…… 9
3.2 RESEARCH QUESTION ………………………………………………………………………………………………………………….. 9
3.3 RESEARCH AIM …………………………………………………………………………………………………………………………… 9
4. RESEARCH METHODOLOGY …………………………………………………………………………………………………………. 10
4.1 QUALITIVE RESEARCH………..……………………………………………………………………………….………………………….…….10
4.2 QUANTITIVE RESEARCH………………………………………………………………………………….………………………………….…10
4.3 DATA COLLECTION………….……………………………..……………………………………………..………………………………..……10
5. MERIT OF THE RESEARCH AND PROPOSED CONTRIBUTION TO ICS ………………………………………………… 11
6. LITERATURE REVIEW …………………………………………………………………………………………………………………… 11
6.1 SCADA SECURITY REQUIREMENT ………………………………………………………………………………………………… 11
6.2 RISK ASSESSMENT MODELS ……………………………………………………………………………………………………….. 13
6.3 SECURING SCADA SYSTEM IN GENERAL ……………………………………………………………………………………….. 17
6.4 SECURING IoT-SCADA SYSTEM CLOUD BASED ………………………………………………………………………………. 19
6.5 CRITICAL ANALYSIS AND SUMMARY ……………………………………………………………………………………………. 21
7. RESEARCH PLAN …………………………………………………………………………………………………………………………. 22
8. RESULT AND FINDINGS ………………………………………………………………………………………………………………. 23
8.1 IoT-SCADA CLOUD BASED SECURITY FRAMEWORK ……………………………………………………………………….. 24
8.2 THE BRIGHT SIDE OF USING IoT-SCADA CLOUD BASED……………………………………………………..…………….……29
9. CONCLUSION ……………………………………………………………………………………………………………………………… 29
10. REFERENCES …………………………………………………………………………………………………………………………….. 30

3 | P a g e

List of figures

Figure 1: IoT-SCADA Cloud based topology 7
Figure 2: Expected increase in IoT devices in 20204 8
Figure 3: Symbols from CORA risk assessment tool 16
Figure 4: CORA Risk assessment tool 19
Figure 5: project grant chart 22
Figure 6: Project process 22
Figure 7: IoT-SCADA framework 24
Figure 8: SCADA forensics 28

4 | P a g e

List of acronyms and abbreviations

SCADA Supervisory Control and Data Acquisition
HMI Human Machine Interface
CI Critical infrastructure
ICS Industrial control system
CPSs Cyber Physical Systems
RTU Remote Terminal Unit
PLC Programmable Logical Controller

5 | P a g e

SUMMARY
SCADA (Supervisory Control And Data Acquisition) is an industrial control system which acts as an open eye
for monitoring several critical infrastructures including electricity, nuclear systems, water supply system,
smart grid and transports. This significant as any cyber-attacks expose these critical infrastructures will
threaten human lives in extreme case. The goal of this project is to conduct depth investigation of the best
existed security practices to secure and protect ICSs, including SCADA system in general and IoT-SCADA cloud-
based, as well as outline the security requirements to achieve better security practices. This is an impartial
literature review of previous investigations in the field of SCADA security to evaluate the potential
approaches which could attenuate the security vulnerability of SCADA systems. This study will focus on a
comprehensive analysis between different risk assessments models and methodologies to abstract and
identify the security requirements which then will be used to establish a security policy framework. The first
part of this paper will illustrate the project background and justifications, as well as benefits, aims and the
expected outcomes. The second part will illustrate the methodology and plan that would be followed to
extract the security policy frame work. Thus, the expected outcome of this project is creating a security
framework which can at least mitigate the cyber-attacks on critical infrastructure resulting from the security
vulnerabilities of the new evolution of SCADA systems.

6 | P a g e

1. INTRODUCTION
Supervisory Control And Data Acquisition (SCADA) are vitally important as it serves as the backbone of critical
infrastructure and manufacture. SCADA systems connected to Industrial Control Systems to offer operatives
with the capacity to control the Cyber Physical Systems, such as pumps and valves. These cyber physical
systems are now integrated with the internet of thing environment. AS SCADA systems have undergone
a significant evolution through four different generations from monolithic generation to IoT-cloud
based generation, the stake level of security for each generation has changed as well. Hence, wired
communication and typical protocols were used when SCADA systems early initiated and were
merely objected to controlling and monitoring these systems. There are multiple advantages can be
gained to ICSs from the combination of IoT-cloud environment such as cost reduction, embedded
security and an increase in flexibility. Nonetheless, SCADA systems became more vulnerable to
cyber-threats and attacks when these systems were subjected to the IoT-cloud domain within
complicated network architecture. This is significant since the previous generations of SCADA
systems already have inadequate security standards, nonetheless, the security concerns of SCADA
systems are growing up with the integration of CPSs and IoT. Thus, the aim of this project is to
investigate previous and existing best practices to secure the industrial control systems in order to
be able to create a security policy framework which could at least mitigate the security
vulnerabilities of SCADA system. The first section of this paper will give an overview about the
project process and its organization. The second section will describe the research focus followed
by the methodology that used to organize this research project. After that, the risk assessments
models and methodologies will be evaluated in the literature review section to identify the security
risks of IoT-SCADA Cloud based. The best mitigation techniques to secure SCADA System in general
and IoT-SCADA cloud will be identified based upon the security requirements. The security policy
framework will be then abstracted to at least mitigate the security vulnerability of SCADA systems.
2. OVERVIEW
This project will focus on the evaluation of risk assessment models and methodologies which can be
used to identify the security risk of IoT-SCADA in cloud environment. Therefore, diverse arrays of
risk assessment tools were selected, and in-detail examined the context of industrial control system
including SCADA. Next, typical applied security mechanisms to relatively achieve a secure SCADA
system in general will be investigated and then evaluated with IoT-cloud based. Finally, the result
of analysis will cover the security policy frame work which can help to at least mitigate the security
vulnerability in the field of IoT-SCADA cloud based.

7 | P a g e

2.1 BACKGROUND AND MOTIVATION
Securing four generations of SCADA systems are identified in diverse research papers and it is gaining
more significance by many researchers in the field of SCADA security. The technological revolution is
reflected a new idea for conventional SCADA systems which have been operated since 1950. Due to
the overlaying use of both technologies IoT and cloud computing, the security level of SCADA systems
is decreasing. Hence, SCADA systems is becoming more vulnerable due to the integration of ICSs with
IoT environment. SCADA systems in IoT-cloud topology consists of a Human Machine Interface (HMI),
Programmable Logic Control (PLC), Remote Terminal Units (RTUs), actuators and sensors as
presented in figure1.

Figure 1:IoT-SCADA Cloud based topology

At the supervision stage, the most important accountability of SCADA systems is to monitor the
processes of the system and employ the appropriate controls accordingly. SCADA systems are Cyber
Physical Systems used in industries and manufactures. These systems involve a vast range of
application sectors including transport, electricity, energy and water, and currently several
Researches are investigated in this field (Fortino,2012). Web-SCADA, which has a supplementary
feature which is anywhere and anytime accessibility to the system via a secure web browser
connection. Web-SCADA is a scalable and flexible system as it can easily participate with new project
features, simple maintenance, and is able to be customized in other industrial applications such as
electricity, water supply, transportation, monitoring (Webscada,2017).

8 | P a g e

2.2 SIGNIFICANCE
Since SCADA systems serve as the heart of several manufacturing and critical infrastructures, it is
very essential to mitigate the security risks for SCADA systems. More importantly, with the invention
of cloud computing and IoT, any device can be a part of the network. As a result, the revolutionized
SCADA system which is bas on an IoT-Based cloud environment has exposed SCADA system to several
security issues and threats to safety and human life in such extreme case. Thus, IoT- SCADA systems
are vulnerable to cyber-attacks. It is estimated that there will be more than 50 billion IoT devices will
be connecting to the internet in 2020 according to Cisco statistics demonstrated in Figure 2, which
means the connectivity of IoT-SCADA will experience a critical challenge based on the theory of
“more devices, more security challenges”. As there are many devices can be hacked, hackers or who
are also known as cyber criminals will accomplish more since they can take a remote control on IoT
devices.

Figure 2: Expected increase in IoT devices in 202041
This is a significant issue, without the right intervention could result in more catastrophic effects in
several critical infrastructures and manufactures. Industrial control system should be secure enough
to limit the level of the harmful impacts resulting from cyber-attacks on these systems.
1 Evance,D.,2011. The Internet of Things How the Next Evolution of the Internet Is Changing Everything. Whitepaper.
Retrieved from:
https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

9 | P a g e

3. RESEARCH FOCUS
The focus of this research is on the analysis of different risk assessment models and methodologies
used for SCADA research such as the Quantitative Threat-Risk Index Model (QTRIM), the Fault Tree Analysis
(FTA), Attack trees, Cost of Risk Analysis System (CORAS) and Risk Watch for Critical Infrastructure (Nuclear
Power compliant). This analysis would help to identify the appropriate risk assessment tool which can
be then used in the ICSs including IoT-SCADA cloud based. SCADA system security mechanisms in
general will be also investigated and then evaluated with the revolutionized generation of SCADA
which is integrated with IoT and cloud environment. However, this research will deeply focus on IoT-
SCADA cloud based.
3.1 RESEARCH PROBLEM
There are several researches into the field of SCADA security which performs a significant challenge
in the modern era. High profile SCADA security threats are increasing due to the evolution of the
SCADA system which has been revealed to an IoT environment. Despite the advantages that can be
gained from the IoT-Based SCADA system, such as cost reduction for heavy equipment, SCADA
systems are becoming more vulnerable to cyber-attacks compared with the traditional SCADA
systems.
3.2 RESEARCH QUESTION
The essential questions that need to be investigated in detail to complete this project are listed as
following: What are the security requirements to secure SCADA systems, how can we identify the
security requirements? How can we achieve best security standards in SCADA system? How can we
accomplish effective security measures for IoT-SCADA systems cloud based? How effective and
efficient establishing or developing a security framework?
3.3 RESEARCH AIM
The aim of this project is to investigate previous and existing best practices to secure the industrial
control systems in order to be able to create a security framework based upon SCADA security
requirements to at least mitigate the security vulnerabilities of SCADA systems. The expected
benefits of this project are predicted to be addressing the security risks of ICSs such as SCADA
systems. Furthermore, it aims to reduce the level of threats that expose critical infrastructures and
manufactures. Finally, describing future research directions to secure these critical Cyber Physical
systems CPSs and assist the research community in identifying the research gaps in this regard.

10 | P a g e

4. RESEARCH METHODOLOGY
This is research would be a pragmatic approach which involves mixed method approaches that employs data
collection and analysis techniques associated with both quantitative and qualitative data. The process or
techniques method will be applied in the latter part of the project after the analysis of risk
assessment tools and decided what an appropriate tool will be further used in the formulation of the
security framework. Whereas the qualitative model is the establishment of the security framework
structure for IoT-SCADA system cloud based which will explore of the best mitigation techniques to
achieve a secure SCADA system in general, as well as deeply focus on the current state of SCADA.
4.1 QUALITIVE RESEARCH
All sources should be allocated for the research, including study cases and journals from various
databases such as IEEE. Various number of academic sources will be also investigated. The key words
use for finding information about the security mechanisms in SCADA systems, particularly in IoT-
Cloud based SCADA system. The analysis would be then conducted by abstracting the security of the
SCADA system in general and IoT-cloud based SCADA security and evaluating the best mitigation
techniques of IoT-SCADA system in cloud environment to achieving best security approach.
4.2 QUANTITIVE RESEARCH
The quantitative research captures the review of academic literature of various risk assessment
tools in industrial control systems including SCADA systems via different scholarly websites in SCADA
research. The current state of SCADA systems papers or journals abstracted using keywords such as
risk assessment, security service, security mechanism, security framework and ICSs security. Each
allocated article in this research will give intuition on what are the commonly used risk assessment
tools in the field of ICS research. The influence of data in the result will then be confirmed in the
final phase which is establishing a security framework based on the security requirement that
identified by using the appropriate risk assessment model.
4.3 DATA COLLECTION
The data collected in this literature consists of a collection of recent papers in the field of SCADA
system research and the risk assessment tools utilized to identify the security risks. Also, this
literature review is based on analysing and comparing the area of study. Major findings related to
SCADA security in general and IoT SCADA System in cloud environment.

11 | P a g e

5. MERIT OF THE RESEARCH AND PROPOSED CONTRIBUTION TO SCADA SYSTEM
The combination of CPSs and IoT has brought several benefits to ICSs and manufactures, including the cost
reduction of heavy equipment, real time control, redundancy and flexibility. Nevertheless, the stake of the
security level has been significantly dropped when these CIs were exposed to the complex network
architecture, combing both IoT and clod environment. Consequently, these CIs have been affected by
diverse arrays of cyber threat and attacks. These threat and attack are being investigated in many
researches in the field of SCADA systems. However, not many researches are being conducted in
the particular field of revolutionised SCADA system which is based on IoT and cloud environment.
Therefore, the information in this paper can be used by future researchers who will be interested in
IoT-SCADA Cloud based and will simplify the essential background for future research.
6. LITERATURE REVIEW
A literature review based on analysing the vital risk assessment models and tools in order to be able
to establish the causes of the vulnerabilities in the critical infrastructures which in turn can assist to
identify IoT-SCADA security requirements. Specially within IoT and cloud environments, they are far
more subjected to vulnerabilities. Once the security requirement has been identified, the key areas
of SCADA security in general will be evaluated with the current state of SCADA which integrated
with both IoT and cloud environment. As a result of this evaluation, we can create an efficient
security framework to limit the security vulnerability and cyber-attacks on IoT-SCADA cloud-based,
as well as enhance the level of security to ICSs including SCADA
6.1 IDENTIFING THE SECURITY REQUIREMENTS
The major difference between IT and ICS systems is that the former manages data whereas the latter control
the physical world including critical infrastructures, industries and manufactures. Also, industrial control
system including SCADA have its key features which is totally different from conventional IT systems. This
difference is centred on potential risks and priorities. In fact, significant risks and threats expose the industrial
control system will result in a physical damage to the natural environment and also threaten human lives in
extreme case, as well as negatively affect the nation’s economy as it can cause loss of productions (Stouffer
et all,2011). When it comes to ICS security such as SCADA, the following measures should be considered to
achieve secure SCADA system.
6.1.1 PERFORMANCE
Industrial control system controls the physical world in real-time. For SCADA systems, automatic
response time or system response to human interaction is very important. Also, jitter and latency

12 | P a g e

are not acceptable in SCADA systems as any late response to, for example, send notification
messages in case of conducted attacks to the human machine interface (HMI) will result in a
catastrophic impact on critical infrastructure and manufacture that control (Igure et all,2006),
(Hentea,2008).
6.1.2 AVAILABILITY AND RELIAIBILITY
The availability requirement of SCADA system can be considered as one of the most significant
issues since an unavailable SCADA system leads to unexpected physical damage which also threaten
human life(Jiang,2015). Hence, comprehensive pre-implementing tests are very important to assure
high availability for SCADA systems. Also, most control systems cannot be easily worn-out and
started without causing negative impacts on production. In many cases, the products or equipment
being utilized is more significant than the information being transmitted (Stouffer et all,2011). Hence,
providing redundant components is essential to ensure continuity in case of the main components
are not available.
6.1.3 RISK ASSESSMENT AND MANAGEMENT
National critical infrastructures, such as electricity, transports, water supply systems and nuclear
systems which under control of industrial control system including SCADA, are highly susceptible
and vulnerable to cyber-attacks and threats. Conducting regular risk assessment can improve SCADA
systems security management and clarify security plans and their implementations (Sajid et all,2016). Hence,
risk management can be built based upon the risk assessment, and both approaches can assist to achieve
best security practices industrial control systems including SCADA(Cherdantseva,2016).
6.1.4 OPERATING SYSTEM SECURITY
Operating system security should be inclusively taken into account as the cyber physical devices in
the new generation of SCADA system has been integrated with IoT environment. This integration
has negatively affected the level of security in SCADA systems. Default factory settings result in
configuration errors in the IoT device operating systems. Input validation is utilised at any system to
ensure that there is no escalation privilege or unauthorized actions are allowed to access the context
provided to any application (Hossain et all,2015). The well-known vulnerability of input validation is
buffer overflow which can be resulted in software errors.
6.1.5 PLATFORM SECURITY
The Programmable Logic Control PLC and Remote Terminal Unit RTU have been designed for real-
time use in rugged environment, also consist of logic and programming to communicate with the
centralized SCADA system (Macaualay,2016). Historically, PLCs have limited processing capabilities,

13 | P a g e

whereas they have been recently adopted with multi-processor environment. So, PLCs are essential
part in control system networks as they are managed with the highest priority. Thus, it is significant
to apply intrusion detection system and high-level security mechanisms to accomplish and satisfy
the platform security requirements for IoT-SCDA cloud-based.
6.1.6 RECOURCE LIMITATION
SCADA systems and its real time Operating Systems often have limited resources. Legacy systems
also have inadequate resources compared to revolutionized IT systems. There may not be
computing resources available on SCADA components, in particular, IoT-SCADA cloud-based to
retrofitting these systems with current security capabilities (Stuoffer,2016). Thus, a logical access to
SCADA systems should be limited to reduce privilege escalation which has become a significant issue
due to the integration of SCADA systems with IoT environment. (Ejesh et all,2017) has proposed using
a demilitarized zone (DMZ) network architecture with direct connection to firewalls to restrict
network traffic access from a direct transmission between the corporate and SCADA networks, and
gaining separate authentication mechanisms and credentials for the organization and SCADA
networks users. The ICS including SCADA should also use a network topology that has multiple
layers, with the most critical communications occurring in the most secure and reliable layer
(Stuffer,2016).
6.1.7 COMMUNICATION SECURITY
Information exchange between different networks should be conducted via a separate network
segment (DMZ) (Ejesh,2017). The primary idea of secure communication is to establish a secure
channel over an unsecure network. This guarantees protection from passive attacks such as
eavesdroppers and man-in-the-middle attacks by using suitable cipher suites and trusted digital
certificates (Vittor et all,2017).
6.2 RISK ASSESSMENTS MODELS AND METHODOLOGIES
Critical analysis of several Risk Assessment Models will be conducted in this section which also
involves identifying the strength and weakness of the risk assessment methodologies such as the
Quantitative Threat-Risk Index Model (QTRIM), the Fault Tree Analysis (FTA), Attack trees, Cost of
Risk Analysis System (CORAS) and Risk Watch for Critical Infrastructure (Nuclear Power compliant).
This analysis would help to identify the appropriate risk assessment tool which can be then used in
the ICSs including IoT-SCADA cloud based.

14 | P a g e

6.2.1 QUANTITIVE THREAT-Risk INDEX MODEL (QTRIM)
(Beitel,2004) proposed using the Quantitative Threat-Risk Index Model (QTRIM) is efficient risk
assessment tool to predict the possibility of terrorist attacks against a national infrastructure. It is
developed and tested at the Idaho National Engineering and Environmental Laboratory (INEEL) and
analyse the risk probability using terrorist specific constraints, objectives, value systems, logistics,
and opportunities on a balance scorecard framework. The limitation of this model is that these
measures should be adapted with each subject terrorist group require a particular research into
group motivations, philosophies, and political schemas. Furthermore, a standard to account for
intelligence information should be involved in case if it is accurately suggesting cause and effect.
6.2.2 FAULT TREE ANALYSIS (FTA)
One of the primary object of using FTA is to calculate the probability of an undesired event. This
calculation can be achieved by using the Boolean representation of the system(Cetinkaya,2001).
Nonetheless, the calculation is consuming a long time. This model is basically representing the
triggering event at the leaf node, whereas the root node represents an undesired event, or failure,
and the various events which leads to the top event are modelled as branches of nodes.
6.2.3 ATTACK TREE
This model provides a formal way of conducting security analysis of the system protocols such as
MODBUS/TCP based devices, by using the FTA model and replacing the fault as the attack goal and
event probabilities for failure rates. The major benefit of applying attack trees is the representation
of well comprehensive attack sequences. A sample of using attack tree to assess the security
vulnerabilities in SCADA system has been proposed by (Eric,2004). This defence modelling was
based on the attacker’s goals against a MODBUS-based SCADA system including eight significant
goals. First of all, gain access to SCADA System and then Identify MODBUS Device. After that, disrupt
Master-Slave communications, disable Slave, Read Data from Slave, write Data to Slave, Program
Slave and finally compromise slave. It started with the goal of gaining an unauthorised physical
access to the building using “OR” operator as following below to clarify that it is only one goal is
required, as well as “AND” operator to identify that all goals are required (Eric,2004). The result of
this experiment has been summarized in table 1 which illustrates various attacks conducted via
remote field stations, the SCADA transmission infrastructure, trusted third parties or wireless
control network connections.

15 | P a g e

Table 1: The result of attack tree analysis2

6.2.4 RISK WATCH FOR CRITICAL INFRASTRUCTURE
A profitable mechanism which provides risk assessments for critical infrastructure, in particular the
nuclear power. It is based upon the new Nuclear Energy Institute guidelines covered in the NEI 04-
04 Revision 1: “Cyber Security Program for Nuclear Power Reactors”. Both the Nuclear Regulatory
Commission and the Nuclear Energy Institute contributed in the evolution of this software, which
was funded by the U.S. Department of Defence through the Technical Support Working Group
(Francia,2012).

2 BYRES, Eric J.; FRANZ, Matthew; MILLER, Darrin. The use of attack trees in assessing vulnerabilities in SCADA
systems. In: Proceedings of the international infrastructure survivability workshop. 2004.

16 | P a g e

6.2.5 COST OF RISK ANALYSIS SYSTEM (CORAS)
CORAS tool is a high-tech risk assessment tool which is developed to provide documentation,
maintenance and reporting the target of analysis resulting from the CORAS risk assessment. CORA
also uses special diagrams inspired by UML for reporting and analysing the results. The significant
features over previous attack tree analysis methods is that CORAS can deal with more complex
gates, temporal dependencies between attack steps, shared subtrees, and realistic, multi-
parametric cost structures. Furthermore, due to its compositionality, our approach is flexible and
easy to extend (Kumar,2015). A sample of CORAS risk modelling is conducted by (Francia,2012), is
shown in the figure 3 below.

Figure 3: Symbols from CORA risk assessment tool3
In that experiment, assets (e.g. the corporate reputation) have been identified and classified to
different level of importance, went from the least to the significant importance. These identified
assets then associated with potential threats scenarios to determine the level of impacts on these
assets. Figure 4 illustrates the sample of CORA modelling. It is assumed that an IT technician was
under training in a corporate utilised SCADA system, and this technician misconfigured the system.
As a result, an eavesdropper or a hacker could gain an advantage from the vulnerability resulting
from the misconfiguration of the system. Another vulnerability related to this scenario is that an
unrestricted access control was given to the technician so that the hacker used social engineering
attack to reveal critical information and compromise the confidentiality, as well as discover the
rogue access point to access the network which clearly will lead to system disruption.
3 Kumar, R., Ruijters, E., & Stoelinga, M. (2015, September). Quantitative attack tree analysis via priced timed
automata. In International Conference on Formal Modeling and Analysis of Timed Systems (pp. 156-171). Springer,
Cham.

17 | P a g e

Figure 4:CORA Risk assessment4

6.3 SCADA SYSTEM SECURITY IN GENERAL
This section investigates the possible security approaches for securing SCADA systems in General,
including Policy management, data integrity and Communication protocol. Systematic analysis
which focus on the security area of SCADA system in general will facilitate identifying the security
area of the revolutionised SCADA that already integrated with cloud and IoT environment.
6.3.1 POLICY MANAGEMENT
(Watts,2003) proposed using attack tree to assist the security risks of SCADA and he argued that applying
better password policies limits the unauthorised access to SCADA system, at the same time helps to
strengthen the system access point. However, penetration sequence of the attack does not appear at the
leaf node when using attacks tree as a defence modelling. Hence, strong access point can be achieved using
appropriate rules for authentication and authorization.

4 Francia III, G. A., Thornton, D., & Dawson, J. (2012, January). Security best practices and risk assessment of SCADA
and industrial control systems. In Proceedings of the International Conference on Security and Management (SAM) (p.
1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied
Computing (WorldComp).

18 | P a g e

6.3.2 DATA INTEGRITY
(Davis et al,2006) presented a test-bed using Real-time Immersive Network Simulation Environment
(RINSE), which evaluates vulnerabilities in operation systems. three scenarios are accomplished. The
system accomplishes perfectly as there are no attacks in the first attack, whereas, the DoS attack is
initiated in the second scenario. The third scenario employs filters to measure the impact of a DoS
attack. A disadvantage of this approach is that the focus only is not the software, the hardware is
not considered.
(Cárdenas et al,2008) presented a methodology which helps to detect attacks by monitoring and
analysing the physical system under observation. As recommended by Cárdenas, attack-resilient
algorithms are beneficial to make the systems able to combat intentional attacks such as Stuxnet.
(Gonzalez et all,2016) suggested that using Power Finger Print (PFP) is an innovative method to
detect malicious activities in the control system. PFP is able to monitor the control system directly
to detect cyber-attacks in ICSs. Nevertheless, PFP does not attempt to prevent Side-channel attack
such as stealing the secret key as it has only the capability of monitoring ICSs and characterizing the
normal behaviour of Side-channel attacks. (Suo et all, 2012) suggested a well-known and widely trusted
suite of cryptographic algorithms applied to internet security protocols such as table 2.

Table 2: A SUITE OF CRYPTOGRAPHIC ALGORITHMS5
While the symmetric encryption algorithm typically performs data encryption for confidentiality
such as the advanced encryption standard (AES) block cipher, the asymmetric algorithm performs
digital signatures and key exchange. Also, the rivest shamir adelman (RSA), the diffie-hellman (DH)
asymmetric key agreement algorithm performs key agreement. Finally, SHA-1 and SHA-256 secure
hash algorithms are applying for data integrity. A further fundamental asymmetric algorithm is
5 Suo, H., Wan, J., Zou, C., & Liu, J. (2012, March). Security in the internet of things: a review. In Computer Science and
Electronics Engineering (ICCSEE), 2012 international conference on (Vol. 3, pp. 648-651). IEEE

19 | P a g e

named as elliptic curve cryptography (ECC) which can provide the same functionality of RSA,
however short key exchange, the implementation of ECC has been slowed and maybe be
encouraged recently (Suo et all,2012).
6.3.3 COMMUNICATION SECURITY
There are some solutions are being established to overcome the security risks resulting from
insecure communication between two end points, these solutions can provide integrity,
authenticity, and confidentiality for communication. For instance: TLS/SSL or IPSec. TLS/SSL is
invented to encrypt the link in the transport layer, and IPSec is designed to protect security of the
network layer. So, they can offer integrity, authenticity, and confidentiality at each layer (Orazio et
all,2018). Intrusion detection or prevention mechanisms should be employed to track network
communications from lower trust networks, such as the corporate network and remote access
networks.
6.4 IoT-SCADA SECURITY IN THE CLOUD ENVIRONMENT
This section would cover depth investigation of possible security approaches to enhance the security
of IoT- SCADA cloud based.
6.4.1 DATA ENTEGRITY AND PRIVACY
(Antonini et al,2014) explored security challenges to SCADA systems, and (Baker et al,2015)
illustrated a security platform for Service Oriented Architecture (SOA) based SCADA systems. The
purpose of SOA is to present an advanced solution to combine cloud platforms into SOA SCADA
systems. Also, it looked forward enhancing security and integrity problems for these systems. The
authors try to pay readers’ attention for building a secure cloud platform which supports the use of
SOA SCADA systems. Advanced Persistent Threats which are an unauthorized user with a hidden
identity attempts to enter a network steals data or information from the system. (Bere et all,2015)
investigated these sorts of threats, as well as suggested that APTs use zero-day attacks to steal data
from systems.
6.4.2 DATA LOGS
Data logs is a considerable security issue in IoT-Cloud SCADA system due to the presence of the
cloud and result in accountability, monitoring and audit. The centralized logs can be achieved easily,
whereas it is challenging to track system logs in IoT-Cloud SCADA because the theory of distributed
control is applied in this generation of SCADA system. Industrial control system protocols give a
permission to other ICSs hosts to read and write on other files without any logs (Nelson et all,2011).
So, these systems lack the control feature.

20 | P a g e

6.4.3 PRIVILEGE ESCALATION
(Mekind,2018) proposed a light-weight Public-Key Infrastructure which allows device servers to authenticate
and authorize user controls without sacrificing the overall SCADA performance. He suggested that a secure
layer could be smoothly added to the current ICS. A Public-Key Infrastructure is a set of algorithms, protocols,
software which assist to use asymmetric encryption and signature in distributed control system. So, this
mechanism can be used for secure communication. He argued that the simple PKI architecture in which each
device must verify a signed token, yet it can be replayed. Furthermore, The nonced PKI architecture in which
each must verify a unique signed token by an initialization nonce, however can be replayed by an
eavesdropper on that device. Moreover, Mekind et all pointed out that nonced PKI with digest architecture
in which nonced tokens are no longer systematically transmitted for authorization. However, similar to the
previous model, it is exposed to user identity spoofing. Finally, advanced PKI architecture in which every
message being transmitted during a session is authenticated by a different cryptographic hash to prevent
digest replay attacks by the incrementation of the nonce in each message.
6.4.4 Risk management
(Wood et all,2017) proposed a security architectural pattern to address the security risks on SCADA system
and critical infrastructure. His architectural pattern was based upon two layers of – conceptual and contextual
layers – the Sherwood Applied Business Security Architecture (SABSA), which has been extensively used to
design business security frameworks. A briefed overview of this architecture’s components is demonstrated
in Table 2 below.

Table 3:A Security Architectural Pattern for Risk Management of ICS within CNI (Wood,2017)

21 | P a g e

6.4.5 Cyber Physical security
(Wurm et all,2017) suggested sophisticated tamper-sensing mechanisms which can be used to prevent any
sort of physical tampering. Researchers have proposed silicon-level solutions to reduce passive and active
attacks, yet that does not completely remove the threat on other critical elements such as physical sensors
and actuators. Hence, active sensor nets may also be utilised at the device level and with appropriate
extensions at the system level to detect any unauthorized intrusion.
6. 5 CRITICAL ANALYSIS AND SUMMARY
Employing proper defensive-modelling can help to attenuate the security risks to SCDA system. However, the
connectivity has considerably increased with the integration of SCADA with IoT and cloud environment.
Consequently, the level of security to the revolutionised SCADA system has significantly decreased and
become more vulnerable to cyber-attacks. Based on the literature review, the previous generations of SCADA
systems were much more secure than IoT-SCADA cloud based. However, a security framework can be
effective to at least attenuate the security risks to the modern SCADA system. As there are diver arrays of
risk assessment tools were examined in section 6.2, and each of which has its key characteristic, yet only one
can be appropriate for all circumstances. The table below compare between the advantages and
disadvantages of the different risk assessment models that discussed in section 6.2.
QTRIM FTA Attack tree RWCI CORA
Adaption with Large-Scale NETs • • •
Efficient and effective for IoT-SCADA • •
Complex threat assessment • • •
A long-time process consumption •

Table 4: Compsrision between different risk assessment tools
The key feature of using CORA as a defensive model to IoT- SCADA is that provide well-organised
analysis of the security risk, as well as appropriate to large scale networks. In contrast, RWCI is only
used in nuclear system. Therefore, it does not support other sectors of critical infrastructures.
Attacks tree is also as effective as CORA and has a comprehensive sequence result, yet the result of
the security risk analysis will be disordered in large scale network. Finally, measures in QTRIM should
be adapted with each subject terrorist group require a particular research into group motivations,
philosophies, and political schemas. Furthermore, a standard to account for intelligence information
should be involved in case if it is accurately suggesting cause and effect.

22 | P a g e

7. RESEARCH PLAN
This part illustrates the documented process of this project. While the Grant Chart demonstrates the
schedule of activities since the beginning of this project, the project process summarises the flow of activities
till reaching the targeted result.

Figure5: Project Grant chart

Figure6: Project Process

IoT-SCADA in cloud

23 | P a g e

8. RESULT AND FINDINGS
IoT- SCADA systems are vulnerable to cyber-attacks. The variety between IoT- SCADA security and IT security
on general should be logically comprehended as this comprehension could assist to develop more functional
solutions which focus on IoT- SCADA security. Table 5 shows the major differences between IT and ICSs.

Table 5: IT vs ICSs (Source: NIST,2016)6

6 Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special
publication, 800(82), 16-16.

24 | P a g e

8.1 IoT-SCADA cloud-based SECURITY FRAMEWORK
Applying a security framework can assist to enhance the level of security to IoT-SCADA in cloud
environment as it can provide a systematic approach to respond to cyber-attacks. This section will
introduce a proposed security framework to IoT-SCADA cloud based, which is consist of sections and
subsections as shown in Figure 7. Each section covers the area of the revolutionised SCADA system
that is susceptible to malicious attacks, whereas the subsection covers the integrated part of the
primary section that also needs further investigation. This approach can the corporate to
immediately counteract the security risk using an appropriate security mechanism.

Figure7: IoT-SCADA Cloud-based security framework
8.1.1 DATA SECURITY
? Integrity
The generation, transmission, and storage of data within SCADA system should be immune enough from
unauthorized access, including both its content, which might also involve the header for its source,
destination and the payload itself. An authentication and identification service can provide digital signatures
which can determine the sender’s and receiver’s identity information to prevent masquerading activities and

25 | P a g e

other passive attacks like MITM and DDOS. This mechanism should prevent the attacker from accessing,
modifying, replaying and destroying any data being transmitted over SCADA Network.
? Privacy
Embedded devices should be secure enough to achieve acceptable level of privacy and integrity as
well. To defend against privacy and other security risks, cloud server and IoT should be considered
when it comes to privacy concern. The employment of Secure and Minimal Architecture for
(Establishing a Dynamic) Root of Trust (SMART) can protect only one embedded task with Read-only
memory. Memory region in ROM inside the low-end micro-controller units (MCU)( Eldefrawy,2012).
The key can only be accessed from this region. This mechanism is used to overcome the privacy
issue resulted from the security vulnerability of embedded devices that has been integrated with
internet of thing environment.
? Confidentiality
Information related to the particular SCADA system should not be accessed from unauthorised party. The
confidentiality of critical information such as passwords, encryption keys and detailed system layout map,
should rank high when it comes to security issues in industry. Applicable reinforcement such as Advance
Encryption Standards (AES) should be imposed in this aspect.
8.1.2 COMMUNIICATION SECURITY
? Wireless communication
Due to the broadcast characteristic of the wireless medium, special considerations need to be taken
into an account, including the establishment of wireless connection and how this connection can be
configured. Furthermore, the acceptable configurations for wireless connections to the wired
network are specified. (Khan, 2014) suggested using broadcast authentication in wireless sensor
connection can provide a secure communication. So, transmitted data should be encrypted by using RC5
encryption technique to protect integrity and privacy of IoT-SCDA cloud-based.
? Wired communication
To meet security and performance specifications, it is significant to consider the endpoint of each connection.
Point 2-point connections (such as Ethernet, Fiber, and Microwave) typically terminate at a central system
management facility. Cellular systems may provide an Internet connection requiring additional security, and
phone-line systems must be protected against security breaches through the standard land-line, twisted-pair
copper wire network.
? Third party communication
Third-party software is used by IoT-cloud SCADA systems. (Sharma,2014) proposed using third-party
authentication server may support a token-based authentication protocol for implementing single sign on

26 | P a g e

(SSO). Also, information exchange between different networks should be conducted via a separate network
segment (DMZ). This can guarantee prevention from passive attacks which expose data integrity, privacy and
confidentiality.
8.1.3 OS SECURITY
? Log analysis
Most computer software and devices such as operating systems, application and other programable machine
maintain activity logs. These logs are playing a significant role in troubleshooting, compliance checking,
forensic analysis and intrusion detections. Thus, these logs can help to identify and control several intrusions.
Such log analysis is normally supported by host-based IDS (Sajid,2017).
? File system integrity
The integrity of software and operating systems can be validated through File integrity analysis. The
cryptographic checksum is the most commonly utilised verification method. Applying checksum verification
method is effective to identify Harmful files (black lists) and allowed files (white lists). Also, Checksum
methods are supported by host-based IDS.
? Memory dump
Both passive and active malicious activities existed within the memory of the operating system can be
detected by memory dump analysis. Utilising revolutionised technologies, a volatility framework can examine
several sorts of memory dumps. This sort of analysis facilitates the process of detection system calls and
hidden processes, which also assists to detect the complex attacks and intrusions.
8.1.4 EMBEDED SECURITY DEVICES
? RTU security
Important aspects such as virus testing, intrusion detection, access control, and encryption must be
addressed when it comes to RTU security.
? Patching management
Third-party software is used by IoT-cloud SCADA systems, and keeping this software continuously up to date
is a challenge. Unknown errors in such software can trigger the possibility of arbitrary code execution by
attackers. Monitoring the current security news and following the best approaches for updating and patching
this critical infrastructure software is a requirement.
8.1.5 Risk assessment
CORA
CORAS tool is a high-tech risk assessment tool which is developed to provide documentation,
maintenance and reporting the target of analysis resulting from the CORAS risk assessment. CORA
also uses special diagrams inspired by UML for reporting and analysing the results. So, risk
assessment can identify where the system is vulnerable to attack.

27 | P a g e

8.1.6 END USER SECURITY
? User account and password
The particular issue would be credential exposed in network traffic due to the use of the default
user name and password, for example (admin: admin). Therefore, user account and password are
vitally significant when it comes to end-user security in IoT-SCADA systems. Some policies give
minimum requirements regarding to the passwords format, whereas other simply suggests using
the current best practice. A shared password such as admin password need to have specific
protections associated with creation, storage, and change requirements. Any additional password
security requirements such as screen locks and maximum login are required.
8.1.7 SCADA FORENSIC
Digital forensics has become an essential part of cyber security strategies. The key goal for a SCADA
forensic process model is to find the security vulnerabilities and reduce the probability level of
software failure. In the context of this paper, proposed SCADA forensics model by Wu, T. et al (2103)
which combines incidence response and digital forensics investigation. The following phases where
identified and are shown in Figure 4.
collection
Data is processed through several phases in SCADA systems, thus prioritizing and preservation of
volatile data to identify which data has been overwritten or being compromised. Also, data
collection depends on the volatility of the data.
? Acquiring volatile data of the physical Random Accessed Memory (RAM) that would
normally be lost when the device is power off or restarted.
? Collection of Non-volatile evidence: data are forensic collected from non-volatile devices
such as flash drives, SD cards from PLCs, USB sticks. Also, it is required to collect data from all mobile
device such as Human Machine Interface workstations that are linked to the SCADA system.

28 | P a g e

Figure 8:SCADA Incident response forensic process7
Examination
After a thriving collection of evidence, all collected data should be examined to provide all the
answers to questions that were driven before the commencement of the investigation using
different forensic distro such as Caine.
Analysis
The forensic examiner requires to go beyond examination of data collected to a critical analysis to
find any relationship between the recovered forensic artefacts with evidential data to come out
7 Stirland, J., Jones, K., Janicke, H., & Wu, T. (2014). Developing cyber forensics for SCADA industrial control systems. In
The International Conference on Information Security and Cyber Forensics (InfoSec2014) (pp. 98-111). The Society of
Digital Information and Wireless Communication.

29 | P a g e

with a timeline of the incident and reconstruct the events in a test environment to help answer
questions that has emerged during the forensic investigation.
Reporting and Presentation
The result gathered during the examination and analysis phase must be interpreted and a report
written that can be read and understood by various audiences. The report contains answers to
questions about the incident that called for the forensic investigation with conclusions that were
reached during the examination and analysis of data collected. In the report the forensic examiner
has to include his background, detailed description of the forensic tools and methodologies used
and chain of custody documents.
8.2 THE BRIGHT SIDE OF IOT-SCADA CLOUD BASED
There are many advantages can be gained from the revolutionized SCADA systems to various sorts
of critical infrastructure. For instance, WEB-SCADA Medical system which is based on IoT gateway,
as well as mobile and contextual sensors, helps Nurses to keep an eye on patient’s conditions and
then react immediately in case if emergency raised.
9. CONCLUSION
This literature review has explored some of the security techniques of SCADA in IoT-cloud
environments while attempting to take special notes of the risk assessment tools present in IoT-
Cloud based environment. I could simply evaluate the security mechanisms of SCADA system in
General and IoT-Cloud based SCADA system, as well as create a proper framework to attenuate the
security risks of the IoT-SCADA within the cloud.

30 | P a g e

Selected References
1. Stouffer, K., Falco, J., ; Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special
publication, 800(82), 16-16.

2. WebSCADA, Web SCADA, Automation Systems, Process Control, Historian, Event Alarm, SCADA Solution, accessed on Feb. 5, 2016.
Online. Available: http://www.webscada.com/SCADA/SolMedSys.aspx

3. Igure, V. M., Laughter, S. A., ; Williams, R. D. (2006). Security issues in SCADA networks. Computers ; Security,
25(7), 498-506.

4. Cárdenas, A. A., Amin, S., Lin, Z. S., Huang, Y. L., Huang, C. Y., ; Sastry, S. (2011, March). Attacks against process
control systems: risk assessment, detection, and response. In Proceedings of the 6th ACM symposium on information,
computer and communications security (pp. 355-366). ACM.

5. Fredriksen, R., Kristiansen, M., Gran, B. A., Stølen, K., Opperud, T. A., ; Dimitrakos, T. (2002, September). The
CORAS framework for a model-based risk management process. In International Conference on Computer Safety,
Reliability, and Security (pp. 94-105). Springer, Berlin, Heidelberg.

6. Jin, D., Li, Z., Hannon, C., Chen, C., Wang, J., Shahidehpour, M., ; Lee, C. W. (2017). Toward a cyber resilient
and secure microgrid using software-defined networking. IEEE Transactions on Smart Grid, 8(5), 2494-2504.

7. Francia III, G. A., Thornton, D., ; Dawson, J. (2012, January). Security best practices and risk assessment of
SCADA and industrial control systems. In Proceedings of the International Conference on Security and Management
(SAM) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied
Computing (WorldComp).

8. Johnson, C., 2016, October. Securing Safety-Critical SCADA in the Internet of Things. In Conference on
System Safety and Cyber Security (SSCS 2016) (Vol. 11, p. 13).

9. Church, P., Mueller, H., Ryan, C., Gogouvitis, S.V., Goscinski, A., Haitof, H. and Tari, Z., 2017. SCADA
Systems in the Cloud. In Handbook of Big Data Technologies (pp. 691-718). Spring

10. WebSCADA, Web SCADA, Automation Systems, Process Control, Historian, Event Alarm, SCADA Solution,
accessed on Feb. 5, 2016. Online. Available: http://www.webscada.com/SCADA/SolMedSys.aspx

11. Igure, V. M., Laughter, S. A., ; Williams, R. D. (2006). Security issues in SCADA networks. Computers ; Security,
25(7), 498-506.

12. Hentea, M. (2008). Improving security for SCADA control systems. Interdisciplinary Journal of Information,
Knowledge, and Management, 3(1), 73-86.

13. Jiang, R., Lu, R., Luo, J., Lai, C., ; Shen, X. S. (2015). Efficient self?healing group key management with dynamic
revocation and collusion resistance for SCADA in smart grid. Security and Communication Networks, 8(6), 1026-1039.

14. Sajid, A., Abbas, H., ; Saleem, K. (2016). Cloud-assisted iot-based scada systems security: A review of the state
of the art and future challenges. IEEE Access, 4, 1375-1384.

15. Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., ; Stoddart, K. (2016). A review of cyber
security risk assessment methods for SCADA systems. Computers ; security, 56, 1-27.

16. Hossain, M. M., Fotouhi, M., ; Hasan, R. (2015, June). Towards an analysis of security issues, challenges, and
open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.

31 | P a g e

17. Vittor, T. R., Sukumara, T., Sudarsan, S. D., ; Starck, J. (2017, April). Cyber security-security strategy for
distribution management system and security architecture considerations. In Protective Relay Engineers (CPRE), 2017
70th Annual Conference for (pp. 1-6). IEEE.

18. Macaulay, T., ; Singer, B. L. (2016). Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and
SIS. Auerbach Publications.

19. Ejesh, R., ; Zhonglin, Z. (2017, July). Safety of the SCADA Systems in Power Systems by Using Industry Protocols
Data Communication. In Information Science and Control Engineering (ICISCE), 2017 4th International Conference on
(pp. 1705-1708). IEEE.

20. Beitel, G.A., Gertman, D. I., and Plum, M.M. 2004. Balanced Scorecard Method for Predicting the Probability of
a Terrorist Attack. Risk Analysis IV:581-592, WIT Press, Brebbia, C.A., ed..

21. CETINKAYA, E.K., RELIABILITY ANALYSIS OF SCADA SYSTEMS.2001

22. Byres, E. J., Franz, M., ; Miller, D. (2004, December). The use of attack trees in assessing vulnerabilities in
SCADA systems. In Proceedings of the international infrastructure survivability workshop.

23. Risk Watch for NEI. Website: http://www.riskwatch.com/index.php/neicompliance. Last access: March 06,
2012.
24. Kumar, R., Ruijters, E., ; Stoelinga, M. (2015, September). Quantitative attack tree analysis via priced timed
automata. In International Conference on Formal Modeling and Analysis of Timed Systems (pp. 156-171). Springer,
Cham.

25. D. Watts, ”Security ; vulnerability in electric power systems ,” in Proc. 35th North Amer. Power
Symp., Rolla, MO, USA, Oct. 2003, pp. 559–566.

26. A. Giani, G. Karsai, T. Roosta, A. Shah, B. Sinopoli, and J. Wiley,“A testbed for secure and robust SCADA
systems,” in Proc. 14th IEEE Real-Time Embedded Technol. Appl. Symp., 2008, pp. 1-4.

27. C. M. Davis, J. E. Tate, H. Okhravl, C. Grier, T. J. Overbye, and D. Nicol, `SCADA cyber security testbed
development,” in Proc. 38th North Amer. Power Symp., Sep. 2006, pp. 483-488

28. Gonzalez, C.A. and Reed, J., 2016. Cyber Physical Intrusion Detection. In Cyber-security of SCADA and Other
Industrial Control Systems (pp. 239-251). Springer International Publishing.

29. Suo, H., Wan, J., Zou, C., ; Liu, J. (2012, March). Security in the internet of things: a review. In Computer
Science and Electronics Engineering (ICCSEE), 2012 international conference on (Vol. 3, pp. 648-651). IEEE.
30. D’Orazio, C. J., & Choo, K. K. R. (2017). A technique to circumvent SSL/TLS validations on iOS devices. Future
Generation Computer Systems, 74, 366-374.

31. Nelson, T., Chaffin, M., 2011. Common Cybersecurity Vulnerabilities in Industrial Control Systems. Homeland
security

32. Mekinda, L., Xu, C., Danilevski, C., Esenov, S., Santos, H., Bondar, V., … & Klimovskaia, A. (2018). Securing light
source SCADA systems.

33. Wood, A., He, Y., Maglaras, L. A., & Janicke, H. (2017). A security architectural pattern for risk management of
industry control systems within critical national infrastructure. International Journal of Critical Infrastructures, 13(2-3),
113-132.

34. Wurm, J., Jin, Y., Liu, Y., Hu, S., Heffner, K., Rahman, F., & Tehranipoor, M. (2017). Introduction to cyber-
physical system security: A cross-layer perspective. IEEE Transactions on Multi-Scale Computing Systems, 3(3), 215-227.

32 | P a g e

35. Eldefrawy, K., Tsudik, G., Francillon, A., & Perito, D. (2012, February). SMART: Secure and Minimal Architecture
for (Establishing Dynamic) Root of Trust. In NDSS (Vol. 12, pp. 1-15).

36. Khan, F. (2014, October). Secure communication and routing architecture in wireless sensor networks.
In Consumer Electronics (GCCE), 2014 IEEE 3rd Global Conference on (pp. 647-650). IEEE.

37. Sharma, G. K., Hon, L. K. M., Burjoski, J. D., & Schneider, K. C. (2014). U.S. Patent No. 8,918,848. Washington,
DC: U.S. Patent and Trademark Office.

38. Stirland, J., Jones, K., Janicke, H., & Wu, T. (2014). Developing cyber forensics for SCADA industrial control
systems. In The International Conference on Information Security and Cyber Forensics (InfoSec2014) (pp. 98-111). The
Society of Digital Information and Wireless Communication.

39. Evance,D.,2011. The Internet of Things How the Next Evolution of the Internet Is Changing
Everything. Whitepaper. Retrieved from:
https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf