Premium Membership ♕

Save 50% on all EEP Academy courses with Enterprise Membership Plan and study specialized LV/MV/HV technical articles & guides.

Home / Technical Articles / SCADA communication vulnerabilities

SCADA communication vulnerabilitiesCyber security engineering is expensive. However, the presence of vulnerabilities requires it. In this section we list vulnerabilities we typically see in SCADA systems. The order in the list of vulnerabilities does not reflect a priority in terms of likelihood of occurrence or severity of impact. Typical vulnerabilities in SCADA systems are listed below. The vulnerabilities are grouped in the categories, policy/procedure/configuration management,  system,  network, and platform to assist in determining how to provide the best mitigation strategy.

Typical vulnerabilities in SCADA systems

Policy/Procedure/Configuration Management

  • The SCADA system has no specific documented security policy or security plan.
  • There is no formal configuration management and no official documented procedures.
    Hence, there are neither formal requirements, nor a consistent approach of configuration management.
  • There is neither formal security training nor official documented security procedures.


  • Sensitivity levels for SCADA data are not established, making it impractical to identify which communication links to secure, databases requiring protection, etc.
  • No security perimeter has been defined for the existing system that defines access points to the system that should be secured.
  • Physical security alarms reside on the SCADA system; hence, a failure in the SCADA system affects the integrity of the physical security.
  • Critical monitoring and control paths are not identified, in order to determine necessary redundancy or contingency plans.


  • Dial-up access exists on individual workstations within the SCADA network.
  • The dial-up access into the SCADA network utilizes shared passwords and shared accounts.
  • Administrative and SCADA networks utilize the same IP subnet. (This removes the possibility to implement extranets, data diodes, filtering, etc.)
  • Inadequate data protection exists as the SCADA data traverse other networks, both as data is transferred to other SCADA segments and as the data is sent to servers on the administrative network. The data is used for a variety of purposes, including public display and engineering efforts.
  • Wireless bridging used without strong mutual authentication and/or data integrity protection on supported data flows.
  • Wireless LAN technology used in the SCADA network without strong authentication and/or data protection between clients and access points.
  • There is inadequate physical protection of network equipment.
  • There is no security monitoring on the SCADA network.


  • Default OS configurations are utilized, which enables insecure and unnecessary services.
  • There is no regular virus checking.
  • A PC is allowed connection to both the SCADA network and the Internet.
  • There are no time limit, character length, or character type requirements for the passwords.
  • OS security patches are not maintained as part of a formal procedure of process.

This security policy also guides the integration of technology and the development of security procedures. Again we iterate all the SCADA vulnerabilities discussed in this document are attributable to the lack of a well-developed and meticulously practiced security policy.

As pointed out in the beginning of the paper, we are focused on system level vulnerabilities, not point security problems, such as physical security or a particular protocol like WEP or SNMP. A well-developed security policy balances operational performance and security requirements, and is necessary for sustained security. This security policy also guides the integration of technology and the development of security procedures.

Again we iterate all the SCADA vulnerabilities discussed in this article are attributable to the lack of a well-developed and meticulously practiced security policy.


Premium Membership

Get access to premium HV/MV/LV technical articles, electrical engineering guides, research studies and much more! It helps you to shape up your technical skills in your everyday life as an electrical engineer.
More Information

Edvard Csanyi

Electrical engineer, programmer and founder of EEP. Highly specialized for design of LV/MV switchgears and LV high power busbar trunking (<6300A) in power substations, commercial buildings and industry facilities. Professional in AutoCAD programming.

Leave a Comment

Tell us what you're thinking. We care about your opinion! Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let's have a professional and meaningful conversation instead. Thanks for dropping by!

21  ⁄    =  three

Learn How to Design Power Systems

Learn to design LV/MV/HV power systems through professional video courses. Lifetime access. Enjoy learning!

Subscribe to Weekly Newsletter

Subscribe to our Weekly Digest newsletter and receive free updates on new technical articles, video courses and guides (PDF).
EEP Academy Courses - A hand crafted cutting-edge electrical engineering knowledge