Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector

Hanzele BULUT, (İstanbul Üniversitesi-Cerrahpaşa, Elektrik ve Elektronik Mühendisliği Bölümü, İstanbul, Türkiye)
Fırat KAÇAR (İstanbul Üniversitesi-Cerrahpaşa, Elektrik ve Elektronik Mühendisliği Bölümü, İstanbul, Türkiye)
Electrica
5 1
Yıl: 2022 Cilt: 22 Sayı: 2 Sayfa Aralığı: 132 - 142 Metin Dili: İngilizce DOI: 10.54614/electrica.2022.22004 İndeks Tarihi: 03-07-2022

Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector

Öz:
Supervisory control and data acquisition (SCADA) systems appear as smart technology products that are easy to control, provide fast communication, transmit data to relevant institutions, observed, informed and provide storage. These are the systems that inform the relevant unit of all activations that may occur in cases of sudden intervention, from industry to energy and from communication to banking systems. Supervisory control and data acquisition systems store thousands of data on monetary systems. In this article, the prevention of cyberattacks on SCADA systems used in the financial field is discussed. In the introduction part of the article, studies on cyber security are included and the importance of establishing information security policies and putting them into practice is mentioned. In the Materials and Methods section, a simulation of a possible attack on SCADA systems used in the financial field has been created and system vulnerabilities have been identified for this scenario and the results obtained as a result of exploiting the relevant vulnerabilities are given. In the Evaluation and Suggestions section, the results and evaluations of the findings obtained through vulnerability scans and attack analyzes within the scope of the relevant scenario are given and the measures to be taken are included. In addition, in the light of the information obtained in the literature research, what needs to be done to increase the security of SCADA networks has been specified. In the last section, the importance of cyber attacks, depending on the developments in the future, is mentioned by giving the access requirements, necessary times and flow chart for the attacks carried out within the scope of the scenario.
Anahtar Kelime:

Belge Türü: Makale Makale Türü: Araştırma Makalesi Erişim Türü: Erişime Açık
  • 1. U. S. G. Stratejisi, Ulaştırma Denizcilik ve Haberleşme Bakanlığı (UDHB), 2016–2019.
  • 2. Türkiye’nin Siber Güvenlik Stratejisine Yönelik Değerlendirmeler, Türkiye Bilişim Sanayicileri Derneği (TUBISAD), 2017.
  • 3. Ş. Sağıroğlu, M. Alkan, R. Samet et al., Siber Güvenlik ve Savunma, Siber Güvenlik ve Savunma Farkındalık ve Caydırıcılık, 1st ed., Ankara, TR: Grafiker Yayınları, 2018, pp. 21–45.
  • 4. M. Ünver, and C. Canbay, “Ulusal ve uluslararası Boyutlarıyla Siber güvenlik, ” Elektrik Mühendisliği Derg., vol. 438, pp. 94–103, 2010.
  • 5. J. R. McCumber, “Information systems security: A comprehensive model,” 14th NIST-NCSC. Washington DC, US, 1991, pp. 328–337.
  • 6. H. Janicke, A. Nicholson, S. Webber, and A. Cau, “Run time monitoring for industrial control systems, ” Electronics, vol. 4, no. 4, pp. 995–1017, 2015. [CrossRef]
  • 7. S. Ismail, E. Sitnikova, and J. Slay, “SCADA systems cyber security for critical infrastructures,” IJCWT,” vol. 6, no. 3, pp. 79–95, 2016.
  • 8. B. Van Niekerk, “Economic information war: Classifying cyber attacks on commodity value chains,” 14th ICCWS, Stellenbosch, ZA, 2019, pp. 448–456.
  • 9. E. Troiano, J. Soldatos, A. Polyviou, A. Polyviou, A. Mamelli, ve D. Drakoulis, Big Data Platform for Integrated Cyber and Physical Security of Critical Infrastructures for the Financial Sector: Critical Infrastructures as Cyber-Physical Systems. Limassol, CY: MEDES, 2019, pp. 262–269.
  • 10. R. J. Campbell, Cybersecurity Issues for the Bulk Power System. USA: CRS, 2016.
  • 11. C. Wilson, “Cyber threats to critical information infrastructure,” Cyberterrorism: Understanding, Assessment, and Response. New York, USA: Springer, 2014, pp. 123–136.
  • 12. D.-H. Kang, B.-K. Kim, and J.-C. Na, “Cyber threats and defence approaches in SCADA systems”, 16th ICACT, Pyeongchang, KR, 2014, pp. 324–327.
  • 13. “ATM logic attacks: Scenarios, available,” 2018. Available: https://ww w.ptsecurity.com/ww-en/analytics/atm-vulnerabilities-2018/#id3
  • 14. G. Yadav, and K. Paul, “Architecture and security of scada systems: a review, IJCIP, vol. 34, 2021.
  • 15. Y. Cherdantseva et al., “A review of cyber security risk assessment methods for SCADA systems, ” Comput. Sec., vol. 56, pp. 1–27, Feb, 2016. [CrossRef].
  • 16. D. Upadhyay, and S. Sampalli, “SCADA (supervisory control and data acquisition) systems: Vulnerability assessment and security recommendations,” Comput. Sec., vol. 89, No, p. 101666, Feb, 2020. [CrossRef]
  • 17. “21 Steps to improve cyber security of SCADA networks, available”. Available: https://www.energy.gov/ceser/downloads/21-steps-improve -cyber-security-scada-networks
APA BULUT H, KAÇAR F (2022). Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. , 132 - 142. 10.54614/electrica.2022.22004
Chicago BULUT Hanzele,KAÇAR Fırat Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. (2022): 132 - 142. 10.54614/electrica.2022.22004
MLA BULUT Hanzele,KAÇAR Fırat Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. , 2022, ss.132 - 142. 10.54614/electrica.2022.22004
AMA BULUT H,KAÇAR F Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. . 2022; 132 - 142. 10.54614/electrica.2022.22004
Vancouver BULUT H,KAÇAR F Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. . 2022; 132 - 142. 10.54614/electrica.2022.22004
IEEE BULUT H,KAÇAR F "Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector." , ss.132 - 142, 2022. 10.54614/electrica.2022.22004
ISNAD BULUT, Hanzele - KAÇAR, Fırat. "Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector". (2022), 132-142. https://doi.org/10.54614/electrica.2022.22004
APA BULUT H, KAÇAR F (2022). Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. Electrica, 22(2), 132 - 142. 10.54614/electrica.2022.22004
Chicago BULUT Hanzele,KAÇAR Fırat Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. Electrica 22, no.2 (2022): 132 - 142. 10.54614/electrica.2022.22004
MLA BULUT Hanzele,KAÇAR Fırat Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. Electrica, vol.22, no.2, 2022, ss.132 - 142. 10.54614/electrica.2022.22004
AMA BULUT H,KAÇAR F Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. Electrica. 2022; 22(2): 132 - 142. 10.54614/electrica.2022.22004
Vancouver BULUT H,KAÇAR F Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector. Electrica. 2022; 22(2): 132 - 142. 10.54614/electrica.2022.22004
IEEE BULUT H,KAÇAR F "Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector." Electrica, 22, ss.132 - 142, 2022. 10.54614/electrica.2022.22004
ISNAD BULUT, Hanzele - KAÇAR, Fırat. "Prevention of Cyberattacks on SCADA Systems Used in the Financial Sector". Electrica 22/2 (2022), 132-142. https://doi.org/10.54614/electrica.2022.22004
Sayfa Oluşturulma Tarihi
18-04-2024 1:24

İLETİŞİM

TÜBİTAK ULAKBİM TR Dizin

Yüzüncüyıl, İşçi Blokları Mahallesi

Muhsin Yazıcıoğlu Caddesi No:51/C

06530 Çankaya / ANKARA +90 (312) 298 92 00

trdizin@tubitak.gov.tr

TÜBİTAK ULAKBİM Ulusal Akademik Ağ ve Bilgi Merkezi Cahit Arf Bilgi Merkezi © Tüm Hakları Saklıdır. Gizlilik Politikası Kullanım Şartları