Harnessing Large Language Models for Passive SCADA Security Risk Assessment: A Case Study

Outlet Title

The 8th International Balkan Conference on Communications and Networking (Balkancom 2025)

Authors

Basheer Al-Duwairi, Jordan University of Science and Technology
Ahmed Shatnawi, Jordan University of Science and Technology
Ahmad T. Al-Hammouri, Dakota State UniversityFollow

Document Type

Conference Proceeding

Publication Date

6-2025

Abstract

Supervisory Control and Data Acquisition (SCADA) systems play a vital role in critical infrastructure, but outdated protocols and delicate operational requirements undermine their cybersecurity. Active scanning poses a risk of disruption, which drives the need for passive methods. This paper investigates using three large language models (LLMs) to assess SCADA risks by analyzing Wireshark captures of network traffic without interfering with system operations. Tested on a Siemens S7 -1500 PLC scenario, the proposed framework processes traffic data and produces risk reports non-intrusively. The framework effectively identifies vulnerabilities, assesses protocol-specific risks, and generates structured risk reports as an alternative to active vulnerability scanning. Per IEC 62443 standards, this method strengthens SCADA security while maintaining operational continuity.

Recommended Citation

Basheer N. Al-Duwairi, Ahmed Shatnawi, and Ahmad T. Al-Hammouri. Harnessing Large Language Models for Passive SCADA Security Risk Assessment: A Case Study. In The 8th International Balkan Conference on Communications and Networking (Balkancom 2025), Piraeus, GREECE, June 2025.