Prototyping a Portable SCADA Platform for Vulnerability Analysis in OT Networks
DOI:
https://doi.org/10.59471/raia2025221Keywords:
Critical Infrastructure, Cybersecurity, OT Networks, Ransomware, Portable SCADA SystemAbstract
Operational technology (OT according to their acronym) is hardware and software that directly monitors physical devices and processes in industrial environments. OT systems seek to maintain the continuity, security, and reliability of operations. They are responsible for the automation of industrial processes. However, due to their robustness, they are used in critical national infrastructure. New requirements for efficient production management suggest the integration of production networks with corporate or IT (Information Technology) networks. With completely different philosophies, the integration between the two technologies opens security gaps. Cybersecurity in OT networks is a growing challenge due to the priority of maintaining physical processes in continuous operation versus the limited application of protection mechanisms. In this context, SCADA systems play a central role by concentrating the monitoring and control of industrial operations, while programmable logic controllers (PLCs according to their acronym) represent the layer of direct interaction with the physical infrastructure. To facilitate the study of these technologies and their vulnerabilities, a portable SCADA system allows for the recreation of network scenarios, enabling deployable cyber defense analysis and the collection of data on attacks targeting PLCs in a controlled environment. This approach enables practical experimentation without compromising critical infrastructure and contributes to strengthening security in strategic industrial environments.
Downloads
References
Craigen, D., Diakun-Thibault, N. y Purse, R., “Defining Cybersecurity”. Technology Innovation Management Review, Octubre 2014. https://timreview.ca/article/835. Recuperado online en junio de 2025.
Chai, K. Y., y Zolkipli, M. F., “Review on confidentiality, integrity and availability in information security”. Journal of ICT in Education, 8(2), 34-42. 13-07-2021.
https://ejournal.upsi.edu.my/index.php/JICTIE/article/view/5203. Recuperado online en junio de 2025.
Centeno, F. J. U., “Ciberataques, la mayor amenaza actual”. Pre-bie3, 2015, no 1, p. 42, enero 2015. https://dialnet.unirioja.es/descarga/articulo/7684551.pdf. Recuperado online en junio de 2025.
Gamboa Suarez, J. L., “Importancia de la seguridad informática y ciberseguridad en el mundo actual”. (Trabajo de Grado), Universidad Piloto de Colombia, agosto 2020. https://repository.unipiloto.edu.co/handle/20.500.12277/8668. Recuperado online en junio de 2025.
Salman, H. A. y Alsajri, A., “The evolution of cybersecurity threats and strategies for effective protection. A review”. (Artículo en revista científica), SHIFRA vol. 2023, p. 73-85, agosto 2023. https://peninsula-press.ae/Journals/index.php/SHIFRA/article/view/36
Recuperado online en junio de 2025.
Candelario, E. H., y González, J. M. E., “Ciberseguridad en Sistemas de Control Industrial”. (Trabajo de Grado), Universidad de Sevilla, junio 2024. https://idus.us.es/items/4acbe8c1-a2eb-464e-b788-c641700b6fd2. Recuperado online en agosto 2025.
Cortés-Llanganate, L., y Quevedo-Sacoto, A., “Soluciones de monitoreo de ciberseguridad en redes industriales basadas en Inteligencia Artificial. Revisión de literatura”. (Artículo en revista científica), 593 Digital Publisher CEIT, 9(6), 5-17, noviembre 2024. https://dspace.ucacue.edu.ec/handle/ucacue/18741. Recuperado online en agosto 2025.
García Núñez, N., “Análisis, explotación y refuerzo de vulnerabilidades en entornos de convergencia IT/OT.” (Trabajo de grado), Universidad de Valladolid. Escuela de Ingeniería Informática de Valladolid, 2024. https://uvadoc.uva.es/handle/10324/71360. Recuperado online en agosto 2025.
Makrakis, G. M., Kolias, C., Kambourakis, G., Rieger, C., y Benjamin, J. “Vulnerabilities and attacks against industrial control systems and critical infrastructures.” (Preprint académico), arXiv:2109.03945 [cs.CR], 2021. https://arxiv.org/abs/2109.03945. Recuperado en agosto 2025.
Tramontina, J. F. C., Neil, C., Kamlofsky, J., & Hecht, P. (2023). Criptografía aplicada en entornos industriales: un mapeo sistemático de la literatura. JAIIO, Jornadas Argentinas de Informática, 9(8), 58-73.
Yadav, G., y Paul, K., "Architecture and Security of SCADA Systems: A Review." (Preprint académico), arXiv:2001.02925 [cs.CR], 2020. https://arxiv.org/abs/2001.02925. Recuperado online en agosto 2025.
Smurthwaite, M., & Bhattacharya, M., "Convergence of IT and SCADA: Associated Security Threats and Vulnerabilities." (Preprint académico), arXiv:2005.04047 [cs.CR], 2020. https://arxiv.org/abs/2005.04047. Recuperado online en agosto 2025.
Simon Daniel Duque Anton, & Daniel Fraunholz. “The Global State of Security in Industrial Control Systems: An Empirical Analysis of Vulnerabilities around the World”. (Preprint académico), arXiv:2111.13862 [cs.CR]. https://arxiv.org/abs/2111.13862. Recuperado online en agosto 2025.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
