Attacking SCADA systems: a practical perspective



As Supervisory Control and Data Acquisition (SCADA) and Industrial and Automation Control System (IACS) architectures became more open and interconnected, some of their remotely controlled processes also became more exposed to cyber threats. Aspects such as the use of mature technologies and legacy equipment or even the unforeseen consequences of bridging IACS with external networks have contributed to this situation. This situation prompted the involvement of governmental, industrial and research organizations, as well as standardization entities, in order to create and promote a series of recommendations and standards for IACS cyber-security. Despite those efforts, which are mostly focused on prevention and mitigation, existing literature still lacks attack descriptions that can be reused to reproduce and further research specific use cases and scenarios of security incidents, useful for improving and developing new security detection strategies. In this paper we describe the implementation of a set of attacks targeting a SCADA hybrid testbed that reproduces an electrical grid for energy distribution (medium and high voltage). This environment makes use of real SCADA equipment in order to faithfully reproduce a real operational deployment, providing a better insight into less evident SCADA- and device- specificities.


Industrial Control Systems, SCADA, Security


CIP Security

Related Project

H2020 ATENA (Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures)


IFIP/IEEE International Symposium on Integrated Network Management 2017, May 2017

PDF File


Cited by

Year 2018 : 1 citations

 Teixeira, Marcio & Salman, Tara & Zolanvari, Maede & Jain, Raj. (2018). SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach. Future Internet. 10. DOI: 10.3390/fi10080076