Abstract
While security has become increasingly crucial to SCADA systems due to changing threat landscape and increasing connectivity with relatively more open systems, most legacy SCADA systems are susceptible to false command injection by compromised or intruding devices since message authentication is not in-built in their protocols. It is also practically infeasible to patch these systems with cryptographic defence due to resource constraints of the old-generation devices used. Hence, protection of legacy SCADA systems has to be purely add-on, without requiring protocol- or devicelevel modifications. The state-of-the-art of non-intrusive defence strategies for legacy SCADA systems against false command injection is discussed, comparing the strengths and limitations of the bump-in-the-wire, data diode, protocol-compliant authentication and detectand- respond approach while discussing their applicable scenarios, costs of deployment and security assurance. In particular, the design principles of the detect-andrespond approach, namely, false command detection and neutralization, are elaborated with reference to its implementation on two legacy SCADA protocols.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
