10.2298/FUEE1903345S

345

358

This paper addresses scenarios and security issues when migrating SCADA systems to cloud and fog environments. Migration strategies to the cloud refer to different cloud infrastructures (public, private or hybrid) as well as selection of cloud service. Benefits of cloud-based SCADA systems mainly refer to improving economic efficiency. We further address migration risks, with regards to quality of service and cyber security. Challenges in security provisioning encompass security solutions, risk management and test environment. Finally, we address emerging evolution of SCADA toward fog computing, including the three-tier system’s architecture and security issues.

Cloud computing, cyber security, fog computing, quality of service, SCADA

M. Stojanović, S. Boštjančič Rakas and J. Marković-Petrović, "Cloud-based SCADA Systems: Cyber Security Considerations and Future Challenges", In Proceedings of the 4th Virtual International Conference on Science, Technology and Management in Energy – eNergetics 2018. Niš, Serbia: Research and Development Center "ALFATEC", and Complex System Research Center, 2018, pp. 253–260.

E. Nugent, "How Cloud and Fog Computing will Advance SCADA Systems", Manufacturing Automation, pp. 22–24, November/December 2017.

L. Combs, "Cloud Computing for SCADA", InduSoft, 2011. http://www.indusoft.com/Documentation/ White-Papers/ArtMID/1198/ArticleID/430/Cloud-Computing-for-SCADA (accessed February 05, 2019).

P. D. Howard, "A Security Checklist for SCADA Systems in the Cloud", GCN, 2015. https://gcn.com/articles/2015/06/29/scada-cloud.aspx (accessed February 05, 2019).

C. Byers, "Fog Computing for Industrial Automation", Control Eng., 2018. https://www.controleng.com/ articles/fog-computing-for-industrial-automation/ (accessed February 05, 2019).

I. Ahmed, S. Obermeier, M. Naedele and G. G. Richard III, "SCADA Systems: Challenges for Forensic Investigators", Computer, vol. 45, no. 12, pp. 44–51, December 2012.

J. Marković-Petrović and M. Stojanović, "An Improved Risk Assessment Method for SCADA Information Security", Elektron. Elektrotech., vol. 20, no. 7, pp. 69–72, September 2014.

S. Nazir, S. Patel and D. Patel, "Assessing and Augmenting SCADA Cyber Security: A Survey of Techniques", Comput. Secur., vol. 70, pp. 436–454, September 2017.

B. Galloway and G. P. Hancke, "Introduction to Industrial Control Networks", IEEE Commun. Surv. Tut., vol. 15, no. 2, pp. 860–880, Second Quarter 2013.

J. Gao, J. Liu, B. Rajan, R. Nori, et al., "SCADA Communication and Security Issues", Secur. Commun. Netw., vol. 7, no. 1, pp. 175–194, January 2014.

P. Mell and T. Grance, The NIST Definition of Cloud Computing. NIST Special Publication 800-145, 2011.

A. Bashar, "Modeling and Simulation Frameworks for Cloud Computing Environment: A Critical Evaluation", In Proceedings of the International Conference on Cloud Computing and Services Science – ICCCSS 2014. World Academy of Science, Engineering and Technology, 2014, pp. 1–6.

B. Hari Krishna, S. Kiran, G. Murali and R. Pradeep Kumar Reddy, "Security Issues in Service Model of Cloud Computing Environment", Procedia Comput. Sci., vol. 87, pp. 246–251, 2016.

P. Chavan, P. Patil, G. Kulkarni, R. Sutar et al, "IaaS Cloud Security", In Proceedings of the 2013 International Conference on Machine Intelligence and Research Advancement. IEEE, 2013, pp. 549–553.

M. T. Sandikkaya and A. E. Harmanci, "Security Problems of Platform-as-a-Service (PaaS) Clouds and Practical Solutions to the Problems", In Proceedings of the IEEE 31st Symposium on Reliable Distributed Systems. IEEE, 2012, pp. 463–468.

S. Soufiane and B. Halima, "SaaS Cloud Security: Attacks and Proposed Solutions", Trans. on Machine Learning and Artificial Intelligence, vol. 5, no. 4, pp. 291–301, August 2017.

C. Mouradian, D. Naboulsi, S. Yangui, R. H. Glitho, et al, "A Comprehensive Survey on Fog Computing: State-of-the-Art and Research Challenges", IEEE Commun. Surv. Tut., vol. 20, no. 1, pp. 416–464, First Quarter 2018.

P. Hu, S. Dhelima, H. Ning and T. Qiu, "Survey on Fog Computing: Architecture, Key Technologies, Applications and Open Issues", J. Netw. Comput. Appl., vol. 98, pp. 27–42, November 2017.

I. Stojmenovic and S. Wen, "The Fog Computing Paradigm: Scenarios and Security Issues", In Proceedings of the 2014 Federated Conference on Computer Science and Information Systems. IEEE, 2014, pp. 1–8.

S. Khan, S. Parkinson and Y. Qin, "Fog Computing Security: A Review of Current Applications and Security Solutions", J. Cloud Comput., vol. 6, no. 10, pp. 1–22, August 2017.

P. Church, H. Mueller, C. Ryan, S. V. Gogouvitis, et al., "Migration of a SCADA System to IaaS Clouds – A Case Study", J. Cloud Comput. Adv. Syst. Appl., vol. 6, no. 11, pp. 1–12, June 2017.

Y. Chen, J. Chen and J. Gan, "Experimental Study on Cloud Computing Based Electric Power SCADA System", ZTE Communications, vol. 13, no. 3, pp. 33–41, September 2015.

Integrated Service Networks for Utilities. CIGRÉ Technical Brochure TB 249, WGD2.07, 2004.

B. Zhu, A. Joseph and A. Sastry, "A Taxonomy of Cyber Attacks on SCADA Systems", In Proceedings of the International Conference on Internet of Things and the 4th International Conference on Cyber, Physical, and Social Computing. IEEE, 2011, pp. 380–388.

Z. El Mrabet, N. Kaabouch, Has. El Ghazi and Ham. El Ghazi, "Cyber-Security in Smart Grid: Survey and Challenges", Comput. Electr. Eng., vol. 67, pp. 469–482, April 2018.

W. Gao, T. Morris, B. Reaves and D. Richey, "On SCADA Control System Command and Response Injection and Intrusion Detection", In Proceedings of the 2010 eCrime Researchers Summit. IEEE, 2010, pp. 1–9.

A. Sajid, H. Abbas and K. Saleem, "Cloud-Assisted IoT-Based SCADA Systems Security: A Review of the State of the Art and Future Challenges", IEEE Access, vol. 4, pp. 1375–1384, April 2016.

B. A. Akyol, "Cyber Security Challenges in Using Cloud Computing in the Electric Utility Industry", Technical Report PNNL 21724, Pacific Northwest National Laboratory, 2012. https://www.pnnl.gov/ main/publications/external/technical_reports/PNNL-21724.pdf (accessed February 05, 2019).

M. Stojanović, V. Aćimović-Raspopović and S. Boštjančič Rakas, "Security Management Issues for Open Source ERP in the NGN Environment", In Enterprise Resource Planning: Concepts, Methodologies, Tools, and Applications, vol. II, M. Khosrow-Pour, Ed. New York: IGI Global, 2013, pp. 789–804.

K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800-82 Rev. 2, 2015.

Y. Cherdantseva, P. Burnap, A. Blyth, P. Eden, et. al, "A Review of Cyber Security Risk Assessment Methods for SCADA Systems", Comput. Secur., vol. 56, pp. 1–27, February 2016.

N. Hossain, A. Hossain, T. Das and T. Islam, "Measuring the Cyber Security Risk Assessment Methods for SCADA System", Glob. J. Eng. Sci. Res. Manag., vol. 4, no. 7, pp. 1–12, July 2017.

A. Ahmed and A. S. Sabyasachi, "Cloud Computing Simulators: A Detailed Survey and Future Direction", In Proceedings of the 2014 IEEE International Advance Computing Conference (IACC). IEEE, 2014, pp. 866–872.

M. Kamal, ICS Layered Threat Modeling, SANS Institute – Information Security Reading Room, March 2019. https://www.sans.org/reading-room/whitepapers/ICS/ics-layered-threat-modeling-38770 (accessed April 02, 2019).

Y. Gui, A. S. Siddiqui and F. Saqib, "Hardware Based Root of Trust for Electronic Control Units", In Proceedings of the SoutheastCon 2018. IEEE, 2018, pp. 1–7.