Question

Supervisory Control and Data Acquisition (SCADA) systems are used to monitor and control industrial processes. In 2007, it was demonstrated that hackers with access to the SCADA system in a power generation plant could cause an industrial turbine to begin "spinning wildly out of control until it becomes a smoking hulk and power shuts down." (Schneier) Suppose such an attack was launched against a power plant. Which security goal (CIA) does the attack violate? Explain your answer.

Answer 1

Supervisory control and Data Aqusition which is nothing but it is called as SCADA. These systems are used to monitor and control industrial processes.

SCADA systems are highly distributed systems. SCADA systems are used to control geographically dispersed assets, often scattered over thousands of square kilometers. These are centralized data acquisition and control are critical to system operation. These systems are used in distribution systems such as water distribution and wastewater collection systems, oil and gas pipelines, electrical power grids, and railway transportation systems.

A SCADA systems are contains the control center performs centralized monitoring and control for field sites over long-distance communications networks, which includes monitoring alarms and processing status data. Based on information received from remote stations, automated or operator-driven supervisory commands can be pushed to remote station control devices, these are often referred to as field devices. Field devices control local operations such as opening and closing valves and breakers, collecting data from sensor systems, and monitoring the local environment for alarm conditions.

SCADA systems, these are used to control dispersed assets, these are used to control the aquisition.
These systems are used to distribution of systems such as power distribution and water distribution water collection systems, oil and gas pipelines.
There are many other systems like electrical utility transmission and distribution systems.
SCADA systems integrate with the data aqusition systems.These data aqusition systems integrate with the data transimission systems. And the software included in that HMI software.
These SCADA systems are designed to collect field information, transfer it to a central computer facility, and display the information to the operator graphically or textually, thereby allowing the operator to monitor or control an entire system from a central location in real time. Based on the sophistication and setup of the individual system, control of any individual system, operation, or task can be automatic, or it can be performed by operator commands.
The SCADA systems include and consists of both software and hardware.
Typical hardware includes an MTU which was placed in a control center. It contains the graphically distritibuted fields sites consisting of either an RTU or a PLc, which controls actuators and many different typses of sensors.
SCADA systems consists of control center which is used to control the systems present in the SCADA software.
SCADA systems are usually designed to be fault-tolerant systems with significant redundancy built into the system architecture.

Information security is needed to the power generation. To provide the security goal to violate the attack towards the power generation we need some security is to be provided.

Organizations rely heavily on the use of information technology (IT) products and services to run their day-to-day activities. Ensuring the security of these products and services is of the utmost importance for the success of the organization. This publication introduces the information security principles that organizations may leverage to understand the information security needs of their respective systems.

The security goals are of three types. they are:

>confidentiality

>Integrity

>Availability

These three goals are very important for the need of security to be provided.

CIA has nothing to do with a certain well-recognized US intelligence agency. These three letters stand for confidentiality, integrity, and availability, otherwise known as the CIA Triad.

Data alos have been protected by these three factors.

Confidentiality denotes only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.

The other factor Integrity denotes ensuring that data has not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable.

The last factor denotes the networks, systems, and applications are up and running. It ensures that authorized users have timely, reliable access to resources when they are needed.

These are the three main factors which are used to provide the isecurity to the information.

Confidentiality is the main security goal which is used to violate the attack to the information which is need to be provided the security.