Securing SCADA-based Critical Infrastructures: Challenges and Open Issues

Available online at www.sciencedirect.com Available online at www.sciencedirect.com

Available online at www.sciencedirect.com

ScienceDirect

Procedia Computer Science 00 (2018) 000–000 Procedia Computer Science (2018) 000–000 Procedia Computer Science 15500 (2019) 612–617

www.elsevier.com/locate/procedia www.elsevier.com/locate/procedia

The 5th International Workshop on Cyber Security and Digital Investigation (CSDI 2019) The 5th International Workshop Cyber2019, Security and Digital Auguston19-21, Halifax, CanadaInvestigation (CSDI 2019) August 19-21, 2019, Halifax, Canada

Securing Securing SCADA-based SCADA-based Critical Critical Infrastructures: Infrastructures: Challenges Challenges and and Open Issues Open Issues Noshina Tariqaa , Muhammad Asimaa , Farrukh Aslam Khanb,∗ Noshina Tariq , Muhammad Asim , Farrukh Aslam Khanb,∗

a National a National b

University of Computer and Emerging Sciences, A. K. Brohi Road, H-11/4, Islamabad 44000, Pakistan University of Computer and Emerging K. Brohi H-11/4, Islamabad Pakistan Center of Excellence in Information AssuranceSciences, (CoEIA),A. King Saud Road, University, Riyadh 11653,44000, Saudi Arabia b Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh 11653, Saudi Arabia

Abstract Abstract Conventionally, the security of critical infrastructures was mainly focused on environmental threats. Cyber attacks, nevertheless, Conventionally, the security of critical infrastructures was mainly environmental threats. Cyber attacks, nevertheless, have shifted the attention to various other threats and damages. Thefocused attackersontry to exploit vulnerabilities in networks and Internet have shifted the attention to various other threats and damages. The attackers try to exploit vulnerabilities in networks and Internet of Things (IoT) technologies, since these technologies are the integral part of the critical systems. Therefore, the vulnerability of of Things (IoT) technologies, since cyber these technologies arethe theneed integral part ofmodern the critical systems. Therefore, the vulnerability of Critical Infrastructure (CI) against threats has led to devise security measures. Unavailability or failure Critical Infrastructure (CI) against cyber threats has ledtothe to devise modern Unavailability or failure of one CI can cause enormous devastation and damage theneed society, economy and security stability measures. by provoking cascading failures to of oneother CI can causeinfrastructures. enormous devastation andsecurity damage measures to the society, economy stability by provoking cascading failures to many related Traditional attempt to caterand well-known emerging threats; however, strong many other related Traditional security measures to cater well-known emerging threats;a however, and adaptive securityinfrastructures. measures/techniques are inevitable to defend attempt against innovative attacks. This paper presents survey onstrong cyber and adaptive securitymeasures measures/techniques are necessity inevitablefor to defend against innovativecritical attacks.infrastructures This paper presents a surveyanoninsight cyber threats and defense to highlight the securing SCADA-based and provides threats and defense measures to highlight the necessity for securing SCADA-based critical infrastructures and provides an insight into the security challenges and open issues in this regard. into the security challenges and open issues in this regard. c 2019  2018 The The Authors. Authors. Published Published by by Elsevier Elsevier B.V. B.V. © c 2018  The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) (http://creativecommons.org/licenses/by-nc-nd/4.0/) This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility responsibilityof ofthe theConference ConferenceProgram Program Chairs. Chairs. Peer-review under responsibility of the Conference Program Chairs. Keywords: SCADA-based systems; Critical Infrastructure; Cyber security Keywords: SCADA-based systems; Critical Infrastructure; Cyber security

1. Introduction 1. Introduction Last two decades are known for pivotal advancements in computing and communication technologies with a Last two decades known for pivotal advancements in computing and communication technologies with plethora of new smartare objects known as Internet of Things (IoT). These “things” range from wearable devices likea plethora of new smart objects known as Internet of Things (IoT). These “things” range from wearable devices smart watches to large-scale infrastructures, such as water, energy, information, health services, transport, andlike fismart to They large-scale infrastructures, such as towater, energy, information, health services, transport, and financialwatches services. are connected to one another provide services through Internet-connected control system nancial services. are can connected one another to provide servicesbecome throughthreats Internet-connected control management. AnyThey system becometocritical when the vulnerabilities to cause various kindssystem of demanagement. Any system can become critical when the vulnerabilities become threats to cause various kinds of destructive impacts to social systems, energy, security, health and other parts of the society. Failure of an infrastructure structive impacts of to the social systems, security, health and other of the Failure of an infrastructure or unavailability services canenergy, cause enormous devastation andparts damage to society. the society, economy and stability. or unavailability of the services can cause enormous devastation and damage to the society, economy and stability. ∗ ∗

Farrukh Aslam Khan. Tel.: +966-11-4697341 ; fax: +966-11-469523. Farrukh Aslam Khan. Tel.: +966-11-4697341 ; fax: +966-11-469523. E-mail address: [email protected] E-mail address: [email protected] c 2018 The Authors. Published by Elsevier B.V. 1877-0509  c 2018 1877-0509  Thearticle Authors. Published by Elsevier B.V. This is an open access under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) 1877-0509 © 2019 Thearticle Authors. Published by Elsevier B.V. This is an open access under the Conference CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Program Chairs. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the Conference Program Chairs. Peer-review under responsibility of the Conference Program Chairs. 10.1016/j.procs.2019.08.086

2

Noshina Tariq et al. / Procedia Computer Science 155 (2019) 612–617 Noshina et al. / Procedia Computer Science 00 (2018) 000–000

613

This failure may spread to other parts causing cascading failures to many other related infrastructures with terrible consequences [1]. Therefore, security against cyber attacks is a primary concern, as the attack may degrade and disrupt various services and cause environmental and economic deterioration. To observe, monitor and control the whole cycle of business processes and data, most of the current industrial critical infrastructures (CIs) are based on Supervisory Control And Data Acquisition (SCADA) systems. Researchers expect that the usage of SCADA systems by 2020 is expected to increase up to 300 million Euros [2], requiring more sophisticated monitoring and control to counter unplanned and uncertain situations. To support the complex monitoring of interlinked and composed systems, it is inevitable to develop high-end SCADA systems, keeping in view the requirements of the upcoming generation of architectures. For instance, the project of European Architecture for Service Oriented Process-Monitoring and Control (AESOP) opened a path to integrate the SCADA systems and cloud based web services, which resulted in providing a system with extremely complex and largely distributed monitoring platform. Ethernet and Transmission Control Protocol/Internet Protocol (TCP/IP) are commonly used to connect and provide communication between web-based services in traditional SCADA systems. However, reliance on these protocols may enhance a potential risk of cyber attacks and other malicious activities by external intruders [2]. Advance SCADAbased CI systems are considered to be highly complex and sophisticated systems. These modern, real-time and smart SCADA systems are the main focus of many cyber threats and attacks, due to inter-connectivity and standard communication methods. They require security systems beyond firewalls and intrusion detection systems, such as trusted systems, demilitarized zones, efficient authentication systems, and fortified systems and protocols [3]. This paper presents a comprehensive review of different cyber attacks made on SCADA-based CIs and highlights the challenges, threats, and open issues for securing such systems. In addition, some state-of-the-art defense measures and mechanisms are also discussed in this paper. The remainder of the paper is organized as follows: Critical infrastructure evolution and inter-dependencies are given in section 2. Section 3 highlights the cyber attacks on SCADA-based CI. The CI Security challenges and open issues are discussed in section 4. Different defense measures for SCADA-based CI are discussed in Section 5. Finally, section 6 concludes the paper.

2. Critical Infrastructure When a system carries out critical procedures and functions, it is referred to as a critical infrastructure, due to its influence on other interdependent devices, processes and sub-systems [4]. CI comprises many heterogeneous subsystems, which interact with each other through a network. For example, in power grid systems, there are centralized high voltage transmission systems to which substations of transformation are linked and the transformers are linked to the consumers through distribution channels.

Fig. 1. SCADA system evolution: (a) Monolithic SCADA systems with remote terminal units: First generation, (b) Distributed SCADA systems: Second generation, (c) Networked SCADA System: Third generation, (d) IOT-Cloud based SCADA System: Fourth Generation.

614

Noshina Tariq et al. / Procedia Computer Science 155 (2019) 612–617 Noshina et al. / Procedia Computer Science 00 (2018) 000–000

3

According to many authors, 1960s was the establishment era of the SCADA system. Alexandru [5] classified SCADA systems evolution into technological and architectural transformations. The architecture evolution can further be divided into four major generations as per their functional capabilities, as shown in Fig. 1. The evolution started with monolithic SCADA systems with Remote Terminal Units (RTUs) as the first generation and with the advent of distributed systems, the second generation came into being where RTUs were connected to communication servers using WAN. The emergence of new equipment vendors in the market, industrial growth, and increase in automated processes triggered the need of the next generation of SCADA systems, referred to as networked SCADA systems or third generation SCADA systems. In fourth generation, IoT and cloud play a vital role. The IoT concept refers to different devices or sensors that collect data from remote locations and are connected to SCADA master using wireless LANs; the collected data is sent to cloud for further processing. These systems are not only easy to maintain and integrate, but they also provide faster data availability, scalability, efficiency and cost reduction. For enhanced performance, CIs work interdependently on other infrastructures. For example, incidents like 9/11 terrorist attack, Hurricane Katrina in 2005, Tohoku earthquake and Tsunami in 2011 [6] showed that critical infrastructure inter-dependencies caused cascading and accelerating catastrophic failures. Therefore, it is crucial to understand the dependencies and inter-dependencies of CIs [7]. Inter-dependencies cause many aggravating challenges. Table 1 shows different types of infrastructure inter-dependencies. Table 1. Types of infrastructure inter-dependencies. Types of inter-dependencies

Description

Physical inter-dependency

The output of one infrastructure is the input to another. Failure or disturbance in one infrastructure will cause cascading failing effect on the other. Based on networking and advanced computer technologies. Failure or disturbance of one infrastructure may (or may not) affect the functionality of the other infrastructure. Infrastructures are in physical proximity to one another. Failure or disturbance of one infrastructure may (or may not) affect the functionality of the other infrastructure. Infrastructures are logically linked, depending upon actions, decisions, policies or regulations made by humans.

Cyber inter-dependency Geographic inter-dependency Logical inter-dependency

3. Cyber attacks on SCADA-based CI Nowadays, cyber threats are considered as the major concern in both the government and non-government organizations. Many of the attacks are carried out with ‘Trojan horses’ [8] that are distributed through email links and attachments. They are very difficult to detect as they appear to be real. The ‘STUXNET’ worm infection [9] exploited the control critical infrastructure inadequacy of the regulatory systems. Another obtrusive strategy for SCADA-based CI paralysis is to flood and overwhelm the carrier bandwidth. For example, in 2003, the ‘SLAMMER’ worm affected a nuclear power plant and two utilities in the United States [10]. In 2012, a malware attack ‘Flame‘ captured data, taped audio on Voice over Internet Protocol (VoIP) and made attacks on network traffic [11]. Another malware attack, ‘Dragonfly‘ hit the energy sector by using spam emails [12]. Besides cyber attacks on SCADA-based CI, social engineering and insider attacks are also hazardous to its security. Through social engineering, the attacker infiltrates into a system for malicious activities. Another threat is the presence of attackers from inside the organization. These type of attacks are considered as the most damaging as the attacker knows the internal structure of the system and can easily bypass the security barriers [13]. For example, an attack on sewage control system in Queensland, Australia caused the sewage flood. The attack was launched through a flash drive [14]. Phishing is also another type of cyber attack that is used for stealing the confidential information to gain monetary benefits. These attacks are carried out through many ways, such as contacting through a fake website for stealing banking details of a user [15]. Another form of cyber attack is the Distributed Denial of Service (DDoS) attack, where a large volume of data and traffic are sent to the nodes/servers for consuming their resources. These types of attacks make it difficult to distinguish between the real ones and the counterfeits. Another sophisticated form of the cyber attack is Man-In-The-Middle (MITM) attack [16]. It works by interrupting the communication between the devices

4

Noshina Tariq et al. / Procedia Computer Science 155 (2019) 612–617 Noshina et al. / Procedia Computer Science 00 (2018) 000–000

615

and sending malicious codes to compromise a system. Table 2 presents some of the adverse cyber attacks made on CIs. 4. CI Security challenges and open issues The CIA triad1 is broadly used for defining and implementing security in information systems [13]. While considering the CIA triad for SCADA systems, the integrity and availability are more important factors than confidentiality. The security goals are always followed by safety, reliability, robustness and maintainability of the system (the supreme goal for critical systems). According to Park and Lee [25], the new standards should combine CIA triad with critical safety requirement for CIs. Furthermore, SCADA systems have more security issues due to the legacy problems, for example, using the out-dated software and operating systems, which are not supported by a large number of vendors. Another issue with the SCADA systems is that they have not been redesigned for a long time due to their continuous working. Existing systems employ different and conflicting security mechanisms for their safety. Therefore, there is no single security mechanism to combine all the existing mechanisms, which opens the door for more research. Table 2. Different types of cyber attacks on CI. Attack Ransomware attacks on SCADA systems [17] Attacks on industrial robots [18] FDI Attacks on real-time market model and state estimation systems [19] Remote attacks on IoT-enabled traffic control systems [20] Remote attacks on mission-critical systems on a ship [34] Attack on e-health infrastructure [34]

Consequence Locked PLCs, spread of a ransomware Auto-execution of malicious node, altered robot firmware Fabricated data, profit gain from selling and purchasing of virtual power Eavesdropping, remotely controlled traffic lights Mission-critical systems on acquired ship, compromised navigation system Compromised hospital medical devices

Phishing attacks on a container port systems and devices [21]

Compromised devices

Spear-phishing attack on smart grid [22]

Credential stealth, control over SCADA system Self-replication, exploited access privileges Modified device functionality, pump shut down

Worm attack on SCADA systems [23] Attacks on SCADA honeypots [24]

Instigation Vulnerable PLCs, weak authentication, weak integrity control Vulnerable OS and web interface, weak authentication Vulnerable AMI and sensor network

Attack type External

Impact Financial loss

Severity High

External

Sabotaged throughput, safety threat, financial loss Disrupted smart grid operations, profit loss

High

No encryption and authentication mechanisms Weak authentication, weak web interfaces, no network segmentation Vulnerable PMDs and web interface, weak authentication Outdated OS, vulnerable network protocols, no network isolation, weak authentication mechanism Vulnerable OS, weak authentication, no network isolation No network isolation

Internal

High

External

DoS attack causing road accidents, loss of credibility Human injuries, financial loss

External

Loss of credibility, threat to human lives

High

External

Loss of credibility, threat to human lives

High

External

High

Weak security policies, vulnerable servers

External

Power outage, disrupted services, loss of credibility Compromised infrastructure, decreased efficiency Loss of functionality, disrupted production, device damage, loss of credibility

External

Internal

High

High

Medium High

With the evolution of CI and IoT, the current SCADA systems need to be upgraded for handling massive amount of big data generated by these devices. For instance, large smart grids produce large amount of data that cannot be handled with the current cloud computing techniques. CISCO came up with the observation that current cloud computing infrastructure cannot cope with the generated data volume, variety and velocity [26]. Therefore, the direct uploading of data to the cloud for storage, processing and analysis requires large data transferring capabilities. Therefore, the introduction of fog computing has provided the solution to many problems commonly found with cloud-based SCADA systems. It offers transient data storing and analysis at the edge of the network. It reduces the amount of data transmission and storage to the cloud and provides a better solution for delay-sensitive applications. The major obstacles in merging the CI data with the cloud computing environment involve strict requirements for security, low latency, and integration with high service availability. The most critical issue is the absence of efficient and strong security and user authentication systems in cloud platforms having limited control and screening of data replication in the cloud. Therefore, there is a strict need of data security approaches and mechanisms along with maximum control on authentication and authorization [26]. As fog computing is a nontrivial extension of cloud computing, it has inherited many security and privacy issues from the cloud [27]. Therefore, this inherited difficulty may hamper the integration of fog with SCADA-based CI. The existing nature of SCADA systems already lacks efficient security and privacy mechanisms; hence, cloud computing integration will pose more threats for the overall security of the network. For instance, the addition of a new smart device with inherited security issues will result in a security threat for the whole network. Further, the connection of smart devices with the cloud having reduced security mechanisms may also result in a security breach in the whole network and may easily be attacked. 1

Confidentiality, integrity and availability

616

Noshina Tariq et al. / Procedia Computer Science 155 (2019) 612–617 Noshina et al. / Procedia Computer Science 00 (2018) 000–000

5

5. SCADA-based CI defense measures The failure in CI is observed in four dimensions2 . One solution to strengthen the security of SCADA systems is ‘defense in-depth’. In defense in-depth, several layers of security are implemented through different technologies and intrusion detection systems to prevent security breaches and to avoid single-point-of-failure [10]. Hurst et al. [28] noted that it is the most efficient strategy if all the security layers work independently. For every possible attack, the defense in-depth strategy involves the application of different protection layers for expanding the security shield. However, the application of this strategy on resource-constrained devices is a critical task, such as devices with limited storage and computation capabilities. For countering the security issues in computer networks, many approaches have been proposed for the CI security. Shiri et al. [29] presented the idea of deploying multiple intrusion systems for protection against intrusion attacks. This approach resulted in increased efficiency and security by decreasing the workload on a single mechanism. Some novel solutions for mitigating intrusion detection and DoS attacks are proposed in [19, 30, 31, 32]. Another useful mechanism for mitigating DoS attacks is Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). Different types of CAPTCHAs are available in the literature [33]. Fovino et al. [35] presented the idea for detecting complex cyber attacks in the SCADA systems by combining signature-based intrusion systems with state analysis. In reality, every single day possesses a new threat for the existing vulnerabilities [36]. The application of smart meters in smart electric grid shows this trend [28]. A framework based on the TCP/IP is proposed in [37] for smart meters data communication and secure traffic analysis. Patil et al. [38] proposed a Multi-Player attack detection model for smart meter security in smart grid systems. In [39], a Comprehensive Packet Inspection-based (CPI) firewall model for SCADA security is presented. Baker et al. [2] proposed a security toolbox for integrity, security, and privacy of SCADA-based IoT critical infrastructure at the fog layer. 6. Conclusion Industries always look for solutions to improve their performance and stability of their systems’ flexibility, fault tolerance, security and cost effectiveness. The contemporary society fails to pursue its functionality if its critical infrastructures (CIs) malfunction. Cyber security is an important concern in SCADA-based CIs and these systems are constantly under higher threat levels. Apart from environmental threats, CIs security measures must cope with sophisticated cyber attacks. Sub-optimal security measures may eventuate in cascading failure in SCADA-based CIs as rebuilding from scratch is impracticable. Therefore, it is inevitable to envision and design such security mechanisms that are light-weight and meet the present and evolving security demands of CIs. References [1] Pat´e-Cornell, M-Elisabeth, Marshall Kuypers, Matthew Smith, and Philip Keller. (2018) “Cyber risk management for critical infrastructure: A risk analysis model and three case studies.” Risk Analysis 38 (2): 226–241 [2] Baker, Thar, Michael Mackay, Amjad Shaheed, and Bandar Aldawsari. (2015) “Security-oriented cloud platform for soa-based scada” 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing: 961–970 [3] Knowles, William, Daniel Prince, David Hutchison, Jules Ferdinand Pagna Disso, and Kevin Jones. (2015) “A survey of cyber security management in industrial control systems” International journal of critical infrastructure protection 9: 52–80 [4] Knapp, Eric D., and Joel Thomas Langill. (2014) “Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems” Syngress Publishers [5] Ujvarosi, Alexandru. (2016) “Evolution Of Scada Systems” Bulletin of the Transilvania University of Brasov. Engineering Sciences. Series I 9(1): 63 [6] Pescaroli, Gianluca, and David Alexander. (2016) “Critical infrastructure, panarchies and the vulnerability paths of cascading disasters” Natural Hazards, Springer 82(1): 175–192 [7] Pescaroli, Gianluca, and David Alexander. (2015) “A definition of cascading disasters and cascading effects: Going beyond the aˆ œtoppling dominosˆa metaphor” Planet@ risk 3 (1)

2

Safety, mission, business and security [10]

6

Noshina Tariq et al. / Procedia Computer Science 155 (2019) 612–617 Noshina et al. / Procedia Computer Science 00 (2018) 000–000

617

[8] Tang, Shugang. (2009) “The detection of Trojan horse based on the data mining” 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery 1: 311–314 [9] McMillan, Robert. (2010) “Siemens: Stuxnet worm hit industrial systems” Computerworld 14 [10] Maglaras, Leandros A., Ki-Hyung Kim, Helge Janicke, Mohamed Amine Ferrag, Stylianos Rallis, Pavlina Fragkou, Athanasios Maglaras, and Tiago J. Cruz. (2018) “Cyber security of critical infrastructures” ICT Express 4 (1): 42–45 [11] Disso, Jules Pagna, Kevin Jones, and Steven Bailey. (2013) “A plausible solution to SCADA security honeypot systems” 2013 Eighth International Conference on Broadband and Wireless Computing, Communication and Applications: 443–448 [12] Constantin, L. (2014) “New Havex malware variants target industrial control system and SCADA users” PC World 4 [13] Tariq, Noshina, Muhammad Asim, Feras Al-Obeidat, Muhammad Zubair Farooqi, Thar Baker, Mohammad Hammoudeh, and Ibrahim Ghafir. (2019) “The Security of Big Data in Fog-Enabled IoT Applications Including Blockchain: A Survey” Sensors 19(8): 1788 [14] Nazir, Sajid, Shushma Patel, and Dilip Patel. (2017) “Assessing and augmenting SCADA cyber security: A survey of techniques” Computers & Security 70: 436–454 [15] Weider, D. Y., Shruti Nargundkar, and Nagapriya Tiruthani. (2008) “A phishing vulnerability analysis of web based systems” 2008 IEEE Symposium on Computers and Communications: 326–331 [16] Wang, Yong, Huadeng Wang, Zhaohong Li, and Jinxiang Huang. (2009) “Man-in-the-Middle Attack on BB84 Protocol and its Defence” 2009 2nd IEEE International Conference on Computer Science and Information Technology: 438–439 [17] Formby, David, Srikar Durbha, and Raheem Beyah. (2017) “Out of control: Ransomware for industrial control systems” RSA Conference [18] Quarta, Davide, Marcello Pogliani, Mario Polino, Federicod Maggi, Andrea Maria Zanchettin, and Stefano Zanero. (2017) “An experimental security analysis of an industrial robot controller” 2017 IEEE Symposium on Security and Privacy (SP): 268–286 [19] Tajer, Ali. (2017) “False data injection attacks in electricity markets by limited adversaries: stochastic robustness” IEEE Transactions on Smart Grid [20] Ghena, Branden, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman. (2014) “Green lights forever: Analyzing the security of traffic infrastructure” 8th {USENIX} Workshop on Offensive Technologies ({WOOT} 14 [21] Beaumont, Peter, and S. Wolthusen. (2017) “Cyber-risks in maritime container ports: An analysis of threats and simulation of impacts” ISG MSc Information Security thesis series 2017 [22] Lee, Robert M., Michael J. Assante, and Tim Conway. (2016) “Analysis of the cyber attack on the Ukrainian power grid” Defense Use Case, Electricity Information Sharing and Analysis Center (E-ISAC) [23] Kushner, David. (2013) “The real story of stuxnet” ieee Spectrum 3 (50): 48–53 [24] Wilhoit, Kyle. (2013) “The scada that didnt cry wolf” Trend Micro Inc., White Paper [25] Park, Sanghyun, and Kyungho Lee. (2014) “Advanced approach to information security management system model for industrial control system” The Scientific World Journal 2014 ´ [26] Baker, Thar, Muhammad Asim, Aine MacDermott, Farkhund Iqbal, Faouzi Kamoun, Babar Shah, Omar Alfandi, and Mohammad Hammoudeh. (2019) “A secure fog-based platform for SCADA-based IoT critical infrastructure” Software: Practice and Experience [27] Abbas, Nadeem, Muhammad Asim, Noshina Tariq, Thar Baker, and Sohail Abbas. (2019) “A Mechanism for Securing IoT-enabled Applications at the Fog Layer” Journal of Sensor and Actuator Networks 8(1): 16 [28] Hurst, William, Madjid Merabti, and Paul Fergus. (2014) “A survey of critical infrastructure security” International Conference on Critical Infrastructure Protection: 127–138 [29] Shiri, Farzaneh Izak, Bharanidharan Shanmugam, and Norbik Bashah Idris. (2011) “A parallel technique for improving the performance of signature-based network intrusion detection system” 2011 IEEE 3rd International Conference on Communication Software and Networks: 692–696 [30] Imran, Muhammad, Muhammad Hanif Durad, Farrukh Aslam Khan, and Abdelouahid Derhab. (2019) “Reducing the effects of DoS attacks in software defined networks using parallel flow installation” Human-centric Computing and Information Sciences 9(1): 16 [31] Imran, Muhammad, Muhammad Hanif Durad, Farrukh Aslam Khan, and Abdelouahid Derhab. (2019) “Toward an optimal solution against Denial of Service attacks in Software Defined Networks” Future Generation Computer Systems 92: 444–453 [32] Khan, Farrukh Aslam, A. Gumaei, A. Derhab, and A. Hussain. (2019) “A Novel Two-Stage Deep Learning Model for Efficient Network Intrusion Detection” IEEE Access 7: 30373-30385 [33] Tariq, Noshina, and Farrukh Aslam Khan. (2018) “Match-the-Sound CAPTCHA” Information Technology-New Generations: 803–808 [34] Stellios, Ioannis, Panayiotis Kotzanikolaou, Mihalis Psarakis, Cristina Alcaraz, and Javier Lopez. (2018) “A survey of iot-enabled cyberattacks: Assessing attack paths to critical infrastructures and services” IEEE Communications Surveys & Tutorials 20(4): 3453–3495 [35] Fovino, Igor Nai, Marcelo Masera, Luca Guidi, and Giorgio Carpi. (2010) “An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants” 3rd International Conference on Human System Interaction: 679–686 [36] Khan, Farrukh Aslam, Muhammad Imran, Haider Abbas, and Muhammad Hanif Durad. (2017) “A detection and prevention system against collaborative attacks in mobile ad hoc networks” Future Generation Computer Systems 68: 416–427 [37] Caropreso, Rodrigo de T., Ricardo A. S. Fernandes, Diana P. M. Osorio, and Ivan N. Silva. (2019) “An Open-Source Framework for Smart Meters: Data Communication and Security Traffic Analysis” IEEE Transactions on Industrial Electronics 66(2): 1638–1647 [38] Patil, Yuvaraj S., and Swati V. Sankpal. (2019) “Multi-Player Attack Detection Model for Smart Meter Security in Smart Grid Systems” International Journal of Applied Engineering Research 14(7): 1488–1492 [39] Li, Dong, Huaqun Guo, Jianying Zhou, Luying Zhou, and Jun Wen Wong. (2019) “SCADAWall: A CPI-enabled firewall model for SCADA security” Computers & Security 80: 134–154