Two Decades of SCADA Exploitation: A Brief History

Simon Duque Antón, Daniel Fraunholz, Christoph Lipps, Frederic Pohl, Marc Ruffing, Hans Dieter Schotten

In: IEEE Conference on Applications, Information and Network Security (AINS). IEEE Conference on Applications, Information and Network Security (AINS-2017) November 13-14 Miri, Sarawak Malaysia IEEE 2017.


Since the early 1960, industrial process control has been applied by electric systems. In the mid 1970's, the term SCADA emerged, describing the automated control and data acquisition. Since most industrial and automation networks were physically isolated, security was not an issue. This changed, when in the early 2000's industrial networks were opened to the public internet. The reasons were manifold. Increased interconnectivity led to more productivity, simplicity and ease of use. It decreased the configuration overhead and downtimes for system adjustments. However, it also led to an abundance of new attack vectors. In recent time, there has been a remarkable amount of attacks on industrial companies and infrastructures. In this paper, known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources. The different types of attacks and their points of entry are reviewed in this paper. Trends in exploitation as well as targeted attack campaigns against industrial enterprises are introduced.


German Research Center for Artificial Intelligence
Deutsches Forschungszentrum für Künstliche Intelligenz