Publication
Two Decades of SCADA Exploitation: A Brief History
Simon Duque Antón; Daniel Fraunholz; Christoph Lipps; Frederic Pohl; Marc Ruffing; Hans Dieter Schotten
In: IEEE Conference on Applications, Information and Network Security (AINS). IEEE Conference on Applications, Information and Network Security (AINS-2017), November 13-14, Miri, Sarawak, Malaysia, IEEE, 2017.
Abstract
Since the early 1960, industrial process control has been applied by electric systems. In the mid 1970's, the term SCADA emerged, describing the automated control and data acquisition. Since most industrial and automation networks were physically isolated, security was not an issue. This changed, when in the early 2000's industrial networks were opened to the public internet. The reasons were manifold. Increased interconnectivity led to more productivity, simplicity and ease of use. It decreased the configuration overhead and downtimes for system adjustments. However, it also led to an abundance of new attack vectors. In recent time, there has been a remarkable amount of attacks on industrial companies and infrastructures. In this paper, known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources. The different types of attacks and their points of entry are reviewed in this paper. Trends in exploitation as well as targeted attack campaigns against industrial enterprises are introduced.