One of the most significant current discussions in cyber security is cyber attack on supervisory control and data acquisition (SCADA). Stuxnet such as cyber-attacks on SCADA has become more precise and unique. In this paper, we describe the SCADA System and characteristics of cyber-attacks targeting on SCADA system. We also explain vulnerabilities of SCADA quantitatively. To this end, we proposed concept and methodology for reducing vulnerabilities of SCADA system by optimizing security functions.