Questions tagged [scada]

SCADA stands for Supervisory Control and Data Acquisition System. Generally, if refers to a broad class of computing systems that interact with physical processes associated with chemical, manufacturing, electricity production, gas delivery, etc.

SCADA stands for Supervisory Control and Data Acquisition System, and generally refers to industrial control systems: computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind farms, civil defense siren systems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption.

From http://en.wikipedia.org/wiki/SCADA

12 questions

votes

4 answers

Security papers or material focusing on the industrial control systems (SCADA)

Anyone know a good site or a list of resource to start to know issue related to the security of SCADA system ?

asked Dec 21 '10 at 13:55

boos

1,066
2
10
21

votes

3 answers

SCADA Operating System & Security Exploits

So I have a basic question on the SCADA operating system, which the manufacturers do not disclose. From my experience I can see VxWorks running in some of them, and Windows or Linux in some of them. Is there any classification for a specific…

operating-systems known-vulnerabilities scada

asked Jul 06 '11 at 15:36

Legolas

votes

1 answer

SCADA, ICS Specfic Testing Tools and Methodologies

I have been contracted to perform a security risk assessment that relates specifically to ICS and SCADA systems. I have performed many IT security risk assessments, however, I am new to assessing these types of environments specifically. I am…

audit risk-analysis scada

asked Jan 30 '14 at 04:57

eficker

votes

4 answers

Does TCP/IP expose critical infrastructure to added risk?

Background: I just attended a talk on the security of critical infrastructure. The speaker spoke a bit on how adding the TCP/IP protocol to functions usually taken care of by dedicated protocols open up some security holes. The example he gave was…

network protocols scada

asked Aug 24 '12 at 11:17

user10211

votes

4 answers

Problems during Pen-testing of SCADA systems

Is there a way to monitor the way the SCADA systems behave 'during pen-testing or security audit', and find out the implications of just port scans and/or monitor the state of activity while sending a payload ? Is it possible for a device to get…

penetration-test vulnerability-scanners audit scada

asked Apr 28 '11 at 17:53

Legolas

votes

2 answers

Can you only communicate to a PLC using associated software?

Apologies if this isn't the right forum, but I'm trying to understand SCADA network architecture, and specifically how the Stuxnet virus was able to change the control logic on PLCs. I think that it used the STEP 7 software running on a computers…

man-in-the-middle scada

asked Oct 27 '16 at 10:53

Stuxnewt

votes

0 answers

BlackEnergy2 vs. BlackEnergy3: Which one targeted HMIs?

Various reports have been published that analyze BlackEnergy2 and BlackEnergy3 in-depth. However, there seems to be discrepancies regarding the malware delivery phase, i.e., initial exploitation. The CrashOverride report published by Dragos…

malware exploit scada

asked Dec 27 '18 at 17:34

John Doe

votes

1 answer

What kind of attacks are mitigated by 2FA/MFA in Industry sector?

I would like to understand the real role of 2-Factor Authentication in Industry Control Systems like SCADA/SmartGrid with Windows AD infrastructure. In particular I am interested in an operational use cases: when operators/engineers accessing…

authentication multi-factor active-directory scada

asked Apr 21 '18 at 10:09

AleSil

votes

1 answer

Nmap scan for Operational Technology devices

I want to scan a range of network with nmap to discover hosts but I know that depending on the scan, it can affect the integrity of OT (Operational Technology) devices, industrial devices like PLCs (Programmable Logic Controllers). For this, I use…

nmap integrity availability scada

asked Mar 13 '18 at 15:28

Iratzar Carrasson Bores

votes

2 answers

Was the Stuxnet S7-417 payload a firmware update?

I'm a bit confused about the Stuxnet S7-417 attack. I believe Stuxnet performed a man-in-the-middle attack on the PLC, closing various valves in the background while it spoofed the values in the input image of the PLC, left the original logic…

man-in-the-middle scada

asked Apr 27 '17 at 10:52

Stuxnewt

vote

2 answers

Real-time Operation systems and attacks

I'm interested on kind of attacks which can be used on 'Industry Control Systems'. I only have found that following malwares: switching-off/disablement the systems stole the information What else consequences can be occurred?

attacks scada

asked Mar 20 '11 at 16:19

davs

vote

1 answer

scada honeypot guide help

With the recent vpn filter attacks, and talks about the hackers wanting to attack our SCADA systems in the U.S. I want to setup a honeypot to monitor the attackers and learn more about how they operate. I found this link but think it may be outdated…

honeypot scada

asked May 29 '18 at 06:04

Nerf D