Security Analysis of MITM Attack on SCADA Network

Abstract

Cybersecurity is one of the major concerns in the Supervisory Control and Data Acquisition Technique (SCADA) systems. The main goal of this paper is to check how secure the power SCADA System is? In SCADA systems, attackers either disable the system or attempt to damage the SCADA network by pushing out improper data or commands for disrupting communications. SCADA systems are most vulnerable to malicious attackers due to their interconnectivity in smart grids and usage of standard plain text protocols. In SCADA systems due to legacy communication infrastructure and protocols, they have cybersecurity vulnerabilities because systems were initially designed with less cyber threat consideration. This paper analyses the possibility of conducting Man-in-the-middle (MITM) attacks on SCADA communication, which uses an International Electrotechnical Commission (IEC 60870-5-104) SCADA communication protocol standard. The Packet Inspection method on SCADA systems is used for detection of MITM attacks conducted based on ARP Poisoning method. SCADA communication networks are used to control various infrastructures and play vital roles for utility companies and the process industries including the power sector, gas, oil, water, etc. This paper is used to analyze security threats in Remote Terminal Unit (RTU)-control center communication using packet sniffing on IEC-60870-5-104 standard compliance SCADA communications and by conducting MITM attacks on it.