ABSTRACT
Supervisory control and data acquisition (SCADA) systems and their reliance on proprietary networks and hardware have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. Many of these systems were boasted by various water and power corporations as closed systems. Closed systems to many agencies, companies, and individuals mean that they were not vulnerable to attacks or exploitation. Research indicates this confidence is misplaced. The move to more open standards such as Ethernet, TCP/IP, and Web technologies enables hackers to take advantage of the control industry’s lack of preparedness and sense of security. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. Another clear problem is the lack of a clear incident response protocol to SCADA events (Turk 2005). Most companies prefer not to share cyber attack incident data and their incident response capabilities because of potential financial repercussions. The following discussion does not set out to delineate SCADA threats or controls as many publications delineate. Instead, the discussion will focus on how to respond to SCADA threats after controls have failed or have been circumvented.
