SCADA stands for Supervisory Control and Data Acquisition.

A high level scan of the literature (Table 1) and brief conversations with cyber security specialists shows there appears to be a good understanding of the layers of risk in SCADA systems by professionals (Figure 1). This understanding, however, may not extend to Directors and Senior Executives – the ultimate owners of these risks and their implications.

Figure 1: Some high level cyber security issues raised by the move from private serial networks to IP based networks 

1.     A subtle gap appears to be the area of convergence between cyber, operational and physical risks driven by the move from private serial networks to IP networks. This move is a double edged sword increasing productivity alongside vulnerabilities.

2.     The further gap is a holistic expression of the cyber security threat to SCADA and its implications in a language Boards and C-level executives understand. Efforts at filling this gap would support key IT influencers and decision makers in their internal recommendations process to this stakeholder group.

Non-exhaustive, SCADA security related areas and references are tabulated below. 


SCADA security-related areas Some reference URLs
Scenarios and Cases ·;;·
Threat and vulnerability statistics ·;·;·



Cyber-Physical-Operational considerations ·
Risk assessment ·;·
Patching and testing ·
Good practice guides ·;·
Standards, documentation, regulatory and compliance, training ·;·
Differences between SCADA and traditional IT security; and compensating controls, including vendor and contract management ··
Future tech implications and ‘Internet of Things’ ·


Table 1: Light touch examples of existing news articles and grey literature.

Leave a Reply

Your email address will not be published. Required fields are marked *