A Survey of Security in SCADA Networks: Current Issues and Future Challenges

Supervisory Control and Data Acquisition (SCADA) systems are used for monitoring industrial devices. However, their security faces the threat of being compromised due to the increasing use of open access networks. The primary objective of this survey paper is to provide a comparative study of the on-going security research in SCADA systems. The paper provides a classification of attacks based on security requirements and network protocol layers. To secure the communication between nodes of SCADA networks, various security standards have been developed by different organizations. We conduct a study of the security standards developed for SCADA networks along with their vulnerabilities. Researchers have proposed various security schemes to overcome the weaknesses of SCADA standards. The paper organizes security schemes based on current standards, detection, and prevention of attacks. It also addresses the future challenges that SCADA networks may face, in particular, from quantum attacks. Furthermore, it outlines directions for further research in the field.


I. INTRODUCTION
SCADA systems are used as control systems for monitoring industrial, infrastructural, and facility processes such as oil mining, electric grids, traffic system control, water treatment systems, and space station systems.Modern SCADA systems have been exposed to a range of attacks since they use open access networks to leverage efficiency.Failure to secure SCADA systems can be catastrophic [1].For example, a malicious user can take control of the power supply to a city, shut down the water supply system, or cause malfunction of a nuclear reactor.
Modern SCADA systems have a number of added features which increase the system complexities and are thus difficult to maintain.Some of the added features include control logic, communication protocols, user interfaces, and security.For example, many organizations do not tolerate data delay or data loss.Added features like firewall function and anti-virus software processes can lead to delayed delivery of data [2].The systems must operate continuously and in tight timing [3].Moreover, the communications are vulnerable to various threats.In the past few years, the number of cyber-attacks, in general, is rising and has been affecting the power station, water, gas, and plants control systems.The pattern of cyber attacks has also evolved beyond the simple attacks such as Denial of Service or Manin-the-Middle [3].
The paper has two major contributions as follows.
• It provides a study of the impact of possible attacks on SCADA systems.
• The paper addresses the future challenges that SCADA networks may face from quantum attack.

II. TRADITIONAL ATTACKS ON SCADA NETWORKS
In December 2015, due to a successful cyber-attack on SCADA, 230,000 people were left without power for hours in Ukraine.After a year, another similar attack hit the country.This attack was launched by using spear phishing emails and is still in practice against industrial organizations.According to the U.S. Department of Justice, there was an attack on a small dam in Rye Brook, New York in 2013.The hackers gained access to the core commandand-control system by using a cellular modem.Although the breach occurred in 2013, it remained unreported until 2016.Furthermore, according to FBI and Homeland Security last year's joint report [4], there have been cyberattacks on nuclear power plants throughout the U.S. The main motive and severity of the attacks are not known, but the method used for the attack was spear phishing.The hackers targeted the control systems of the plant.
SCADA networks also comprise of resourceconstrained devices such as Remote Terminal Units or Programming Logic Units which requires lightweight ciphers.Traditional intrusion detection systems (IDSs) such as firewalls are now unable to protect from the new threats [5].Robust security schemes involving machine learning to detect intrusions and encryption algorithms are essential to ensure a secure encrypted communication between nodes in SCADA networks.These threats and attacks have motivated researchers and organizations to develop different robust and immune system for SCADA networks.
Although there are several survey papers on the security threats, key management schemes, and intrusion detection systems in SCADA networks [6][7] [8], the reviews do not specify a contrast of the various schemes.Furthermore, Sajid et al. [9] have provided an excellent survey on the security and challenges of the SCADA systems.However, the papers do not address the future challenges of the SCADA networks.

A. Quantum Computer
Traditional computers are the digital electronic computers which encode information in bits.Each bit can be 0 or 1.They execute algorithms on bits using simple digital logic operations such as AND, XOR, OR, and NOT [11].
Instead, quantum computers encode information in qubits which are generated using atoms as digital bits [12].The value of qubits is based on the rules of modern physics: superposition and entanglement principle.According to the superposition principle, each qubit can represent 0 or 1 or both at the same time.Entanglement occurs when two superposed qubits are allied with each other [13] [12].Therefore, the number of qubits is directly proportional to the number of states held by the set of qubits [12] [14].These two principles make quantum computing way faster than traditional computing.
A quantum algorithm was proposed to solve a binary maze problem [15].Each line has one input and two outputs.The quantum algorithm attempted all the paths at the same time, and therefore, it solved the problem at extreme speed.Whereas, solving the maze problem was hard for a traditional computer since the size of the problem was doubling each time.For example, a 1000 step binary maze may have 2 1000 outcomes, and this took more time in the case of traditional approach [15].D-wave, a quantum computing company, launched its first commercial quantum computer named D-Wave One in 2011, which is being used by National Aeronautics and Space Administration (NASA) of the U.S. for in-depth space By 2013, they increased the number of qubits and published D-Wave Two system.Google is also planning to use a quantum computer for big data mining [13].

B. Brute Force Attack by using a Quantum Computer
The capacity and speed of quantum computer solving mathematical problems make them a threat to traditional security scheme.All the encryption schemes are derived from mathematical logic.Cracking these schemes may be possible for quantum computers [16] [17].One such problem is Elliptic curve cryptography (ECC or ECDSA).Using Shor's algorithm, a quantum computer can launch a brute force attack and crack ECC in a brief time [17].
Shor's algorithm is a quantum algorithm for factorizing a number [18].It implies that any public key cryptography can be easily cracked.The algorithm has two sections as follows [19].
• The classical computer can compute section 1.It reduces the factoring problem to Order Finding Problem using the Euclidean algorithm.The Euclidean algorithm is a fast scheme to calculate the greatest common divisor (gcd) of two integers [20].• Section 2 is the quantum part which used Order Finding algorithm.It finds the period of the function using the Quantum Fourier Transform (QFT).The Table 1 shows the steps in each section [19].Step 4: , since p is even.

If
, then return to step 1. Else, go to step 5.
Step 5 Calculate using the Euclidean algorithm.
In step 2, to calculate the period of the function based on the series, Quantum Fourier Transform (QFT) is used.Using QFT, it increases the speed of the algorithm by evaluating the function at all points simultaneously [19].The QFT is a linear operator when applied to any state of qubit transforms it into another state.In other words, it is applied to the vector of amplitudes of a quantum state [21].For example, if QFT operates on a quantum state X, then it transforms it into a quantum state Y.

X: Y:
The QFT refers to (1). (1) Where, and is a primitive N th root of unity, N is the length of vectors such that [21].

IV. CONCLUSION
The existing security standards and schemes are based on traditional cryptography: Advanced Encryption System (AES), Elliptic-curve cryptography (ECC), and traditional hashing algorithm: Secure Hash Algorithm (SHA).So, they are vulnerable to quantum computer attacks.The transformation of quantum computing from theory to practice in the recent past has not only brought with its potential advantages but also increasing threats.The current cryptography schemes may remain at stake unless they are modified [16][17].As a future direction, the article provides Table 2 that will provide a course for further research and assist an organization to decide on a suitable standard and scheme.

Table 1 :
Steps in Shor's Algorithm