Abstract

SCADA (Supervisory Control and Data Acquisition) systems play a pivotal role in managing critical industrial processes, extending from energy production to manufacturing. However, their widespread adoption and increased interconnectivity has exposed them to evolving cyber threats, demanding a thorough vulnerability assessment and effective defense mechanisms. This research focuses on revealing novel internal threats within SCADA systems capable of eluding conventional monitoring nodes. To simulate real-world scenarios, we've developed a virtualized SCADA testbed faithfully replicating Industrial Control Systems (ICS) complexities. Within this virtualized environment, we've introduced two groundbreaking covert attack scenarios. The SCADA Hijacking Attack illustrates an intruder manipulating process parameters deceptively to hijack the system without detection. Simultaneously, the SCADA Blackout discreetly halts the entire process. To fortify SCADA systems against these stealthier attacks, we propose a defense mechanism leveraging machine learning-based Network Intrusion Detection Systems (NIDS). These NIDS utilize meticulously crafted network features, discerning patterns indicative of covert infiltrations, surpassing traditional IDS approaches. Our research not only reveals potential threats within SCADA environments but also establishes the groundwork for enhancing the resilience of these critical systems against stealth and hijacking attacks.