Empirically Based Analysis of Supervisory Control and Data Acquisition (SCADA) Systems and Critical Infrastructures

Computerized detection and control systems provide both opportunities and risks for the protection and management of critical infrastructures. Recent large-scale accidents exemplify the substantial effect these computerized systems can have on infrastructure, and potential implications of these failures for security. Supervisory Control and Data Acquisition (SCADA) systems are a type of computerized information technology. This research analyzes (1) trends in attacks on oil and gas infrastructures internationally using statistical analyses of event databases as a context for investigating SCADA vulnerability; (2) interdependencies between oil and gas and infrastructures such as water and electricity; and (3) through case analysis, the use and vulnerability of SCADA directly in oil and gas industries and its interdependent infrastructures. Oil and gas is a key research focus, since it has been a particular target of terrorist attacks internationally. This empirical case-based and event-focused approach complements and provides inputs to modeling approaches for risk management of these systems. Users of this work include designers, managers, and operators of SCADA and infrastructure in the private sector; government regulators; professional communities; and researchers in academic, industry, and government sectors.

