Attacking SCADA systems: A practical perspective

As Supervisory Control and Data Acquisition (SCADA) and Industrial and Automation Control System (IACS) architectures became more open and interconnected, some of their remotely controlled processes also became more exposed to cyber threats. Aspects such as the use of mature technologies and legacy equipment or even the unforeseen consequences of bridging IACS with external networks have contributed to this situation. This situation prompted the involvement of governmental, industrial and research organizations, as well as standardization entities, in order to create and promote a series of recommendations and standards for IACS cyber-security. Despite those efforts, which are mostly focused on prevention and mitigation, existing literature still lacks attack descriptions that can be reused to reproduce and further research specific use cases and scenarios of security incidents, useful for improving and developing new security detection strategies. In this paper, we describe the implementation of a set of attacks targeting a SCADA hybrid testbed that reproduces an electrical grid for energy distribution (medium and high voltage). This environment makes use of real SCADA equipment to faithfully reproduce a real operational deployment, providing a better insight into less evident SCADA- and device-specificities.