SCADA stands for Supervisory Control and Data Acquisition.
A high level scan of the literature (Table 1) and brief conversations with cyber security specialists shows there appears to be a good understanding of the layers of risk in SCADA systems by professionals (Figure 1). This understanding, however, may not extend to Directors and Senior Executives – the ultimate owners of these risks and their implications.
Figure 1: Some high level cyber security issues raised by the move from private serial networks to IP based networks
1. A subtle gap appears to be the area of convergence between cyber, operational and physical risks driven by the move from private serial networks to IP networks. This move is a double edged sword increasing productivity alongside vulnerabilities.
2. The further gap is a holistic expression of the cyber security threat to SCADA and its implications in a language Boards and C-level executives understand. Efforts at filling this gap would support key IT influencers and decision makers in their internal recommendations process to this stakeholder group.
Non-exhaustive, SCADA security related areas and references are tabulated below.
Table 1: Light touch examples of existing news articles and grey literature.