This thesis is relevant to the information security of Supervisory Control and Data Acquisition Networks. Our aim is to provide support for vulnerability assessments to identify componentlevel vulnerabilities in SCADA networks remotely. We have developed a novel process to assess the vulnerability of SCADA devices. The process identifies the device in the network and its configuration, searches for its specifications using an online database, looks up vulnerabilities online and finds patches if

more »

... any exist. Our process was validated by three case studies that provide proof of concept demonstrations. Industrial Control Systems (ICSs) such as electrical transmission, nuclear and chemical plants are called Critical Infrastructures (CIs). Supervisory Control and Data Acquisition (SCADA) is the communications network component of such systems. IP-Based SCADA Networks are a subset of ICSs, which use current Internet technology in order to operate industrial processes. The convergence of SCADA and ICT means ICSs are open to cyber-attack. SCADA networks are vulnerable to cyber-attack due to internal factors (such as people, policies, devices) and external factors (like poorly made firewall rules, easy access to the system) of the SCADA network. Cyber-attacks can be the result of poorly-maintained or incorrectly-configured communication devices, and this is the focus of our research. Security in SCADA networks does not only refer to protecting systems and data but also to enhancing the reliability, safety and security of critical infrastructure and human life. To find bugs or weaknesses in these network entities, and so identify whether they are secure or not, we need to conduct a vulnerability assessment. Vulnerability assessment is a proactive mechanism to secure existing critical infrastructures. There are numerous tools and technologies to analyse vulnerabilities in generic computer networks, but very few for Critical Infrastructure and even those have limited capabilities and functionalities. These vulnerability tools and techniques are not fully automated, nor do they meet critical infrastructure protection requirements that help to secure CIs from cyber-attacks. The process and the prototype tool developed in our research assists SCADA Network vulnerability assessments by finding devices on the network, identifying current and potential security vulnerabilities based on the device type and the corresponding protocols used, and also confirms the presence of such vulnerabilities by probing the device's configuration. It iv could be used by a security auditor to remotely access the security of devices in the network, avoiding the need to physically inspect each device. v Copyright in relation to this thesis Statement of original authorship I hereby declare that the work and effort described in this thesis has not been submitted before to meet requirements for an award of Master of Information Technology (Research) at Queensland University of Technology. To the best of my understanding, the thesis contains no such intellectual property (book, paper, article, thesis, journal) previously published or written by other people except where due references are made. Signed: Vikal Acharya Date: 03-07-2017 vi vii In memory of my father, Dol Nath Acharya, with love and eternal appreciation. viii Supervisory team Professor Colin Fidge is a well-known researcher. His discipline areas are computational theory and mathematics, and computer software. Prof. Fidge carries out research in complex system modelling and analysis, high integrity software engineering, safety critical and security critical infrastructures. Dr. Ernest Foo is a very proactive researcher in the field of information and network security. Dr. Foo has been responsible for the design and expansion of the QUT SCADA security research laboratory. Recently, Dr. Foo has been carrying out research in the field of Industrial Control Systems and security of these systems. ix