[1] A. Sajid, H. Abbas and K. Saleem, “Cloud-Assisted IoT-Based SCADA Systems Security: A Review of the State of the Art and Future Challenges”, IEEE Access, vol. 4, pp. 1375-1384, 2016.
In this journal article, Author Sajid explains the use and challenges of SCADA system for controlling the critical infrastructure of an industrial unit. SCADA systems are used for monitoring and controlling cyber physical system (CPS) using cloud services over Internet of Things. Classical SCADA systems do not have appropriate security measures and with integration of new architecture in IOT environment, security challenges increase further. As this research aims to explore how security is managed in industrial systems controlled using SCADA in IOT environment, this research work formed a foundation as it covered the usage and challenges of using traditional and modern SCADA systems. The paper helped the researcher discover security vulnerabilities of SCADA operated critical infrastructure systems in industries. With thee vulnerabilities disclosed, the research could also understand if they were properly managed by the organizations or needed to be worked upon. The research paper built a foundation for the current research as it included discussions on evolution of SCADA systems, cyber physical system model, security considerations in SCADA systems such as policy management, data integrity, and communication weaknesses. It also identified ways companies manage security in SCADA systems such as data logging, authentication, embedded device protection, and risk management.
[2] C. Johnson, “Securing Safety-Critical SCADA in the Internet of Things,” University of Glasgow, Glasgow, 2016
In this paper, Johnson explains the evolution of industrial control systems that were initiated operated with specialist protocols like Modbus that were very different from modern systems that make use of TCP/IP. The new connections allow exchange of information between devices connected through internet of things and the information is derived from sensors. The paper identifies some security concerns that are raised because of such connections as well as introduces certain solutions. With the objective of exploring security risks and identifying their solution in the current research, the research by Johnson holds a good relevance. It explains security vulnerabilities and challenges using certain case studies which gives a bit of practical experience of the threats. Certain case studies have been covered in the document such as mart city initiatives, and so on. The paper also identifies security best practice applicable to SCADA systems such as device certification and code signing which helped researcher identify right solutions to reduce security issues in industrial infrastructure systems. The integration that an industrial control system running on SCADA has also been explained through identification of layers including business processes, applications, network continuity, and physical devices. This helped researcher understand the security problems in SCADA systems as well as identify solutions
[3] H. Ning and H. Liu, “Cyber-Physical-Social Based Security Architecture for Future Internet of Things”, Advances in Internet of Things, vol. 02, no. 01, pp. 1-7, 2012.
In this journal paper, the authors Ning and Liu explores the Unit IoT architecture model and defines a cyber-physical-social based security architecture (IPM) to take care of physical, management, and information security of the Unit IoT model. The security model maps the unit model with the security layers and the research explains how additional intelligence can be added to the infrastructure for IPM. The researchers have proposed the IPM model to provide better protection to IoT systems in terms of cyber security and physical safety. Using the fundamentals covered in this research, the researcher was able to understand how security requirements can be managed at different network levels including sensor layer, network, application, and social layer. The researcher reveals that while the traditional IoT network could be secured using protective algorithms, the UIoT infrastructure would need additional security provisions such as intelligent, access control mechanism, social attribution, traceability, and dynamic session freshness. This helped research explore various methods that can be used for enhancing security of modern IoT based critical infrastructure systems such as SCADA controlled units. The researcher can explore and test these methods for their effectiveness in management of security systems used for the SCADA operated industrial units.
[4] I. Ahmed, V. Roussev, W. Johnson, S. Senthivel and S. Sudhakaran, “A SCADA System Testbed for Cybersecurity and Forensic Research and Pedagogy,” in Annual Industrial Control System Security Workshop, Los Angeles, CA, USA , 2016.
In this research paper, a SCADA test bed that was launched by the University of New Orleans has been explained which consisted of gas pipeline, power distribution system an a waste water treatment. A SCADA system was installed at a small scale in the university using real world equipments including transformers, aerators, and programmable logical controllers for the testing the SCADA model. A Human-Machin interface (HMI) software was utilized for the monitoring of processes. This testbed was found useful in cybersecurity research for SCADA systems as it demonstrated the instances of cyberattacks. As this research included insights obtained from a real small scale SCADA model, it could reveal the real security challenges that could be faced even in a large scale SCADA systems used in industries. Although, it would not reveal the level of complexities involved in real SCADA systems, it could to a great extent give the research an idea of how SCADA systems worked and how cyber threats affected them resulting into security challenges that are needed to be resolved. This helped researcher understand how SCADA systems worked and what real scenario of security threats can be faced by them so that the same can be explored and possible solutions could be identified through the research.
[5] J. Pacheco and S. Hariri, “IoT Security Framework for Smart Cyber Infrastructures”, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W), 2016.
This research explores the application of IoT in infrastructure development. It explores the interconnection between smart buildings, cities, water networks, electrical grids, automobiles, and airplanes. It explores the advanced real time services that are provided over cloud and IoT for large scale data centers and large storage units. The research finds that when IoT is integrated with cloud, the security vulnerabilities increase as the attack surface increases because of anywhere access and the complexity is enhanced. An IoT security framework that is used for managing security aspects for smart homes and buildings is explained in the research paper presented in the IEEE conference. The model helped researcher understand the basics of security protection methodologies that are used for protecting IoT from cyber attacks such as Intrusion detection System and Anomaly Behavior Analysis. These methods could be used for detecting cyber attacks that can happen on sensors. Using this information, the researcher was able to identify the threats that could occur to the IoT sensors used in the SCADA operated industrial systems. The methods could also be suggested for the use on SCADA system for detection of security threats and vulnerabilities for protection which was helpful in coming up with the recommendations for improving security of SCADA systems in IoT environment.
[6] H. Suo, J. Wan, C. Zou and J. Liu, “Security in the Internet of Things: A Review”, 2012 International Conference on Computer Science and Electronics Engineering, 2012.
The objectives of the current research include exploration of the security challenges faced by IoT based SCADA operated industrial systems. This includes concerns of security in IoT applications that have been explored in the research by Suo and Wan. It explores the key issues that IoT applications faced with respect to privacy and security. The paper explores the security architecture, requirements and features of the IoT systems as well as explains various security mechanisms that could be used for IoT protection from security threats such as encryption and cryptography. This helped researcher identify various security challenges that IoT systems can face in the SCADA operated industrial units as well as understand how security architectures work as well as what features are needed to be developed in the security systems for the protection of IoT devices. The architecture explains all layers of the infrastructure of IoT including coding, perception, network, middleware, application and business layers. With these layers explored in depth, the research could identify specific security vulnerabilities existing in the IoT system. The paper also explored specific sensor technologies like RFID, cloud computing, nano technologies, and networking technologies with specific security risks identified. With these insights, the researcher could go deeper into exploring security threats on IoT systems.
[7] A. Sadeghi, C. Wachsmann and M. Waidner, “Security and privacy challenges in industrial internet of things”, Proceedings of the 52nd Annual Design Automation Conference on – DAC ’15, 2015.
Industrial control system is a ubiquitous system that makes the critical infrastructure of an industrial unit. An industrial control system connected with IoT is called Industries 4.0, which provides rich user experiences, and allow development of innovative business models using strong interconnectivity and embedded devices. Through IoT systems, critical infrastructure of an industrial organization gets vulnerable to cyber-attacks. Such systems can be so vulnerable that it can cause major damages and even cause death. This research paper explores the industrial IoT systems and the security challenges as well as introduces a holistic framework as a solution for security issues. With this study, the researcher was able to identify some of concerns relate to security and privacy including authorization, Lack of encryption, Insecure web, Default credentials, Lack of security, and Privacy concerns. The study also suggested some mitigation strategies against security risks such as platform analysis, network traffic verification, fault injection, attack defence verification, security code reviews, and penetration testing. This research helped researcher explore specific security control mechanisms in general. This understanding built a foundation on understanding of security challenges that could further be explored to see if they applied to the case of SCADA systems in industrial control units.
[8] M. Chiang and T. Zhang, “Fog and IoT: An Overview of Research Opportunities”, IEEE Internet of Things Journal, vol. 3, no. 6, pp. 854-864, 2016.
This research paper covered the architecture of computing, storage, networking and control of services that are delivered to users through the cloud. It takes into account the mobile and wireless connection scenarios considering both hardware and software used by an organization. The architecture presented in the paper supports a variety of systems including IoT and Artificial Intelligence. This architecture can be used for understanding how devices are connected in a network and if there are any security vulnerabilities that can get influenced by the security threats and can cause damages to the infrastructure. The paper suggests a new architecture that is needed with new IoT systems to get better understanding of security challenges and their resolution in the case of modern systems. IoT systems come wth certain challenges that are not addressable by cloud computing and hosting models and thus, there is a need for new security architecture to be adopted. This paper identifies these newer challenges and requirements of IoT related to security such as latency requirements, bandwidth constraints, resource constraints in devices, cyber physical system complexities, intermittent connectivity to cloud, and disruptions. The new architecture suggested is called fog which centralizes cloud and distributes storage, computing, control, and networks with the end user devices through backbone networks to enable service continuum. Researcher can explore if fog architecture can be used in industrial units as it has advantages like cognition, efficiency, agility, and latency.
[9] R. Mahmoud, T. Yousuf, F. Aloul and I. Zualkernan, “Internet of things (IoT) security: Current status, challenges and prospective measures”, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), 2015.
The current concerns of Internet of Things with respect to security were surveyed and an analysis of the same was presented in this research report. A three-layer architecture of IoT is presented in this research including perception, network and application layers. For each of these layers, security principles have to be applied so that associated security issues can be understood and resolved. A proper framework for security management can only be developed when associated security issues can be identified as well as resolved. For this, it is necessary to understand the underlying principles of security, technological challenges faced, and the available countermeasures for their resolution. This paper covers each of these elements and thus, helped researcher explore the security principles and challenges as well as identify the appropriate countermeasures. Some of the countermeasures that were discovered through a reading of this research paper included authentication, trust establishment, federated architecture, and security awareness. The paper also gives some future directions for research on IoT security such as exploration of architectural standards, identity management, establishment of session layers, and adoption to the 5G protocol. This information can help researcher identify possible strategies for exploration and research to ensure that it deals with the futuristic issues of security.
[10] T. Fatima and S. Nausheen, “Secure Data Analytics for Cloud-Integrated Internet of Things Applications,” International Journal of Computer Engineering and Applications, vol. XI, no. IX, pp. 16-27, 2017.
IoT integrated with cloud is a next generation service platform that enables smart functionalities into the system. This research explores IoT applications such as smart grids, body monitoring, and e-health systems that are large-scale applications and thus, involve a large amount of data that can be affected by the security issues. Thus, this research document was studied to understand how large-scale IoT systems work and what security vulnerabilities are created in them. The paper discusses the vulnerabilities of these system based on which the researcher could identify possible areas that can be affected by security attacks. Fatima and Nausheen, the authors of this research propose security management models for such systems so that high efficiency can be achieved while keeping the data encrypted to ensure security is maintained over the cloud platform.
This could help research identify the vulnerabilities that are caused in the IoT systems and what security measures could be taken. As the objectives of this research include exploration of security challenges in IoT systems and the identification of security measures that can help overcome them, this research was found useful for the current research. The focus of this research is majorly on the vulnerabilities that are faced by the data that is exchanged over the cloud platform.
[11] C. Bekara, “Security Issues and Challenges for the IoT-based Smart Grid”, Procedia Computer Science, vol. 34, pp. 532-537, 2014.
With IoT devices interconnected, communication capabilities can be made seamless in an industrial infrastructure. All devices could be equipped with some computation capabilities working at different levels. Smart grid is one example of such a critical infrastructure that integrates ICT technologies with renewable energy formation sources through the IoT network. This research explores the concept of smart grid and related devices such as smart meters, appliances, sensors, and actuators. It also identifies security issues that is hampering the adoption of smart infrastructure by private or public services or organizations. While dealing with Smart grid security, the security services that are required to be considered are also explored in this research. The paper also covers the examples of the security attacks that have affected some smart grids across the world. This study of real cases helped research make a better sense of the actual impact that can be caused by a security as well as assess different ways attackers can influence IoT systems such as smart grids. This helped research understand the classification of security attacks into components, networks, and systems such that at each of these groups can be explored to understand what kinds of attacks affect them in an industrial setting.
[12] Y. Saleem, N. Crespi, M. H. Rehmani and R. Copeland, “Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions,” COMSATS Institute of Information Technology, Wah Cantt, Pakistan, 2016.
This research explores the security issues and solutions related to smart power grids. Smart grids were formed from traditional owe grids in order to solve the problem of unidirectional flow that caused energy wastage and was unable to fulfil the demand reliability and securely. Smart grids could solve most of these issues that were with the traditional grids by enabling monitoring, analysis and control of the power grid that were employed at the plant or distribution centre. However, smart grids need strong connectivity, automation ability to track activities of smart devices. This can help support the network functions across distribution systems, devise and generations of devices. The paper explored SG systems through a survey conducted on the architectures, applications and IoT prototypes for understanding issues and challenges related to the IoT systems. This helped researcher understand all major security risks that are faced by modern IoT systems, which is one of the objective of the research. It also gave a future direction for the research based on the gaps identified in the research conducted by Salem and Crespi. The gaps found in the survey results could be used for the current research for further exploration.
