SCADA communication vulnerabilitiesCyber security engineering is expensive. However, the presence of vulnerabilities requires it. In this section we list vulnerabilities we typically see in SCADA systems. The order in the list of vulnerabilities does not reflect a priority in terms of likelihood of occurrence or severity of impact. Typical vulnerabilities in SCADA systems are listed below. The vulnerabilities are grouped in the categories, policy/procedure/configuration management,  system,  network, and platform to assist in determining how to provide the best mitigation strategy.

Typical vulnerabilities in SCADA systems

Policy/Procedure/Configuration Management

  • The SCADA system has no specific documented security policy or security plan.
  • There is no formal configuration management and no official documented procedures.
    Hence, there are neither formal requirements, nor a consistent approach of configuration management.
  • There is neither formal security training nor official documented security procedures.


  • Sensitivity levels for SCADA data are not established, making it impractical to identify which communication links to secure, databases requiring protection, etc.
  • No security perimeter has been defined for the existing system that defines access points to the system that should be secured.
  • Physical security alarms reside on the SCADA system; hence, a failure in the SCADA system affects the integrity of the physical security.
  • Critical monitoring and control paths are not identified, in order to determine necessary redundancy or contingency plans.


  • Dial-up access exists on individual workstations within the SCADA network.
  • The dial-up access into the SCADA network utilizes shared passwords and shared accounts.
  • Administrative and SCADA networks utilize the same IP subnet. (This removes the possibility to implement extranets, data diodes, filtering, etc.)
  • Inadequate data protection exists as the SCADA data traverse other networks, both as data is transferred to other SCADA segments and as the data is sent to servers on the administrative network. The data is used for a variety of purposes, including public display and engineering efforts.
  • Wireless bridging used without strong mutual authentication and/or data integrity protection on supported data flows.
  • Wireless LAN technology used in the SCADA network without strong authentication and/or data protection between clients and access points.
  • There is inadequate physical protection of network equipment.
  • There is no security monitoring on the SCADA network.


  • Default OS configurations are utilized, which enables insecure and unnecessary services.
  • There is no regular virus checking.
  • A PC is allowed connection to both the SCADA network and the Internet.
  • There are no time limit, character length, or character type requirements for the passwords.
  • OS security patches are not maintained as part of a formal procedure of process.

This security policy also guides the integration of technology and the development of security procedures. Again we iterate all the SCADA vulnerabilities discussed in this document are attributable to the lack of a well-developed and meticulously practiced security policy.

As pointed out in the beginning of the paper, we are focused on system level vulnerabilities, not point security problems, such as physical security or a particular protocol like WEP or SNMP. A well-developed security policy balances operational performance and security requirements, and is necessary for sustained security. This security policy also guides the integration of technology and the development of security procedures.

Again we iterate all the SCADA vulnerabilities discussed in this article are attributable to the lack of a well-developed and meticulously practiced security policy.


About Author //


Edvard Csanyi

Edvard - Electrical engineer, programmer and founder of EEP. Highly specialized for design of LV high power busbar trunking (<6300A) in power substations, buildings and industry fascilities. Designing of LV/MV switchgears.Professional in AutoCAD programming and web-design.Present on


  1. […] In general, SCADA system equipment should be located inside secured areas having the same degree of security deemed appropriate for the supported systems. However, the electronic nature of these systems […]

  2. […] and process automation.PROFIBUS is suitable for both fast, time-critical applications and complex communication tasks. PROFIBUS communication is anchored in the international standards IEC 61158 and IEC 61784. […]

  3. […] it can be very difficult to detect that the software has been modified.For example, if the goal of the intrusion was to gain unauthorized access to utility data, the fact that another party is reading […]

  4. […] to Develop Secure Digital Substation Automation Solution However, due to the high frequency of SCADA communications, the low cost of substation communications equipment, and the fact that the substations are distant […]

  5. […] of a distribution SCADA host are:Host servers (redundant servers with backup/failover capability).Communication front-end nodes (network based).Full graphics user interfaces.Relational database server (for archival of […]

  6. […] by Siemens SIMATIC WinCC and PCS 7 control systems. The worm used both known and previously unknown vulnerabilities to install, infect and propagate, and was powerful enough to evade state-of-the-practice security […]

Leave a Comment

Tell us what you're thinking... we care about your opinion!