Thuy Lam

Date of Award

Spring 3-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

First Advisor

Cody Welu

Second Advisor

Yong Wang

Third Advisor

Viki Johnson

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are used to run, monitor, and manage large-scale industrial operations. SCADA systems are frequently the target of attackers for political or financial gain due to their increasing exposure to catastrophic destruction. Historically, the overwhelming majority of SCADA networks were completely self-contained, depending on proprietary protocols and software. This has ceased to be the case. As more industrial control systems become networked, their intrinsic security becomes increasingly susceptible to attack. Despite the importance of SCADA systems and their wide adoption, their security flaws have yet to be addressed. According to SecurityScoreCard, more than three-quarters of manufacturing organizations have unpatched high-severity vulnerabilities in their systems, and nearly forty percent of these organizations, which include metals, machinery, appliances, electrical equipment, and transportation, were infected with malware in 2022 (SecurityScoreCard, 2022). Trellix's 2023 Threat Report also reported that malware attacking manufacturers accounted for 12 percent of ransomware campaigns disclosed publicly in 2022 (Trellix, 2023). SynSaber, a security firm that specializes in industrial asset and network monitoring, conducted an analysis of 926 CVEs that were included in ICS advisories from the US Cybersecurity and Infrastructure Security Agency (CISA) during the second half of 2022 and found that 35% of them had no patch or remediation available from the vendor (SynSaber, 2022). Even though compromising these vital systems could lead to catastrophic injury and operating difficulties, their security is still an open subject. In this study, we proposed a risk management framework for safeguarding SCADA systems that is based on the concept of offensive security as a means of bolstering SCADA system overall security. The research proposes a four-step methodology for managing cyber risk in SCADA systems, including assessing, blocking, capturing, and defending, which corresponds to the four primary tasks of risk management: identifying, preventing, detecting, and responding to risk. The term ABCD framework is derived from the initial letter of each of the four stages proposed by the research as well as the model used to illustrate the framework. The primary emphasis areas of the framework are multi-step attack prediction and security awareness, both of which are accomplished by predicting attack behaviors using recommended algorithms. The model provides an intuitive and adaptable adversarial environment that enables the administrator to predict the security scenario in advance, thereby aiding in the preparation of incident response actions necessary to maintain network connectivity.

Download

Share

COinS