{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:43:02Z","timestamp":1773247382849,"version":"3.50.1"},"reference-count":49,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,4,11]],"date-time":"2024-04-11T00:00:00Z","timestamp":1712793600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"Supervisory control and data acquisition (SCADA) systems enable industrial organizations to control and monitor real-time data and industrial processes. Migrating SCADA systems to cloud environments can enhance the performance of traditional systems by improving storage capacity, reliability, and availability while reducing technical and industrial costs. However, the increasing frequency of cloud cyberattacks poses a significant challenge to such systems. In addition, current research on cloud-based SCADA systems often focuses on a limited range of attack types, with findings scattered across various studies. This research comprehensively surveys the most common cybersecurity vulnerabilities and attacks facing cloud-based SCADA systems. It identifies four primary vulnerability factors: connectivity with cloud services, shared infrastructure, malicious insiders, and the security of SCADA protocols. This study categorizes cyberattacks targeting these systems into five main groups: hardware, software, communication and protocol-specific, control process, and insider attacks. In addition, this study proposes security solutions to mitigate the impact of cyberattacks on these control systems.<\/jats:p>","DOI":"10.3390\/computers13040097","type":"journal-article","created":{"date-parts":[[2024,4,11]],"date-time":"2024-04-11T07:09:28Z","timestamp":1712819368000},"page":"97","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["A Survey of Security Challenges in Cloud-Based SCADA Systems"],"prefix":"10.3390","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0209-8836","authenticated-orcid":false,"given":"Arwa","family":"Wali","sequence":"first","affiliation":[{"name":"Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]},{"given":"Fatimah","family":"Alshehry","sequence":"additional","affiliation":[{"name":"Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]}],"member":"1968","published-online":{"date-parts":[[2024,4,11]]},"reference":[{"key":"ref_1","unstructured":"Morsey, C. (2017). Supervisory Control and Data Acquisition (SCADA) Systems and Cyber-Security: Best Practices to Secure Critical Infrastructure, Robert Morris University."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"100433","DOI":"10.1016\/j.ijcip.2021.100433","article-title":"Architecture and security of SCADA systems: A review","volume":"34","author":"Yadav","year":"2021","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_3","unstructured":"Cai, N., Wang, J., and Yu, X. (2008, January 13\u201316). SCADA system security: Complexity, history and new developments. Proceedings of the 2008 6th IEEE International Conference on Industrial Informatics, Daejeon, Republic of Korea."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"345","DOI":"10.2298\/FUEE1903345S","article-title":"SCADA systems in the cloud and fog environments: Migration scenarios and security issues","volume":"32","year":"2019","journal-title":"Facta Univ.-Ser. Electron. Energetics"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Buyya, R., Yeo, C.S., and Venugopal, S. (2008, January 25\u201327). Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities. Proceedings of the 2008 10th IEEE International Conference on High Performance Computing and Communications, Dalian, China.","DOI":"10.1109\/HPCC.2008.172"},{"key":"ref_6","first-page":"183","article-title":"Cloud computing environment and security challenges: A review","volume":"8","author":"Mushtaq","year":"2017","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"612","DOI":"10.1016\/j.procs.2019.08.086","article-title":"Securing SCADA-based critical infrastructures: Challenges and open issues","volume":"155","author":"Tariq","year":"2019","journal-title":"Procedia Comput. Sci."},{"key":"ref_8","unstructured":"Church, P., Mueller, H., Ryan, C., Gogouvitis, S.V., Goscinski, A., Haitof, H., and Tari, Z. (2017). Handbook of Big Data Technologies, Springer."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1016\/j.compeleceng.2018.01.015","article-title":"Cyber-security in smart grid: Survey and challenges","volume":"67","author":"Kaabouch","year":"2018","journal-title":"Comput. Electr. Eng."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Church, P., Mueller, H., Ryan, C., Gogouvitis, S.V., Goscinski, A., Haitof, H., and Tari, Z. (2015, January 19\u201321). Moving SCADA systems to IaaS clouds. Proceedings of the 2015 IEEE International Conference on Smart City\/SocialCom\/SustainCom (SmartCity), Chengdu, China.","DOI":"10.1109\/SmartCity.2015.186"},{"key":"ref_11","unstructured":"Wilhoit, K. (2013). SCADA in the Cloud, Trend Micro."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Yi, M., Mueller, H., Yu, L., and Chuan, J. (2017, January 11\u201314). Benchmarking cloud-based SCADA system. Proceedings of the 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Hong Kong, China.","DOI":"10.1109\/CloudCom.2017.25"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"101677","DOI":"10.1016\/j.cose.2019.101677","article-title":"Cybersecurity for industrial control systems: A survey","volume":"89","author":"Bhamare","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Alakbarov, R., and Hashimov, M. (2023, January 28\u201330). Development of Security Mechanisms in Cloud Based SCADA Systems. Proceedings of the 2023 5th International Conference on Problems of Cybernetics and Informatics (PCI), Baku, Azerbaijan.","DOI":"10.1109\/PCI60110.2023.10325946"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1375","DOI":"10.1109\/ACCESS.2016.2549047","article-title":"Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges","volume":"4","author":"Sajid","year":"2016","journal-title":"IEEE Access"},{"key":"ref_16","first-page":"e1","article-title":"Threats, countermeasures and attribution of cyber attacks on critical infrastructures","volume":"5","author":"Maglaras","year":"2018","journal-title":"EAI Endorsed Trans. Secur. Saf."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1942","DOI":"10.1109\/COMST.2020.2987688","article-title":"A survey on SCADA systems: Secure protocols, incidents, threats and tactics","volume":"22","author":"Pliatsios","year":"2020","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"135812","DOI":"10.1109\/ACCESS.2019.2926441","article-title":"A survey of security in SCADA networks: Current issues and future challenges","volume":"7","author":"Ghosh","year":"2019","journal-title":"IEEE Access"},{"key":"ref_19","first-page":"22","article-title":"Cloud computing for SCADA","volume":"58","author":"Combs","year":"2011","journal-title":"Control Eng."},{"key":"ref_20","unstructured":"Byers, C. (2024, March 01). Fog Computing for Industrial Automation. Available online: https:\/\/www.controleng.com\/articles\/fog-computing-for-industrial-automation\/."},{"key":"ref_21","first-page":"22","article-title":"How Cloud and Fog Computing will Advance SCADA Systems","volume":"32","author":"Nugent","year":"2017","journal-title":"Manuf. Autom."},{"key":"ref_22","unstructured":"Howard, P. (2022, April 15). A Security Checklist for SCADA Systems in the Cloud. Available online: https:\/\/www.route-fifty.com\/infrastructure\/2015\/06\/a-security-checklist-for-scada-systems-in-the-cloud\/287164\/."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Mesbah, M., Elsayed, M.S., Jurcut, A.D., and Azer, M. (2023). Analysis of ICS and SCADA Systems Attacks Using Honeypots. Future Internet, 15.","DOI":"10.3390\/fi15070241"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"93083","DOI":"10.1109\/ACCESS.2020.2994961","article-title":"A review of research work on network-based scada intrusion detection systems","volume":"8","author":"Rakas","year":"2020","journal-title":"IEEE Access"},{"key":"ref_25","unstructured":"Nazir, S., Patel, S., and Patel, D. (2020). Innovations, Algorithms, and Applications in Cognitive Informatics and Natural Intelligence, IGI Global."},{"key":"ref_26","unstructured":"Cerullo, G., Mazzeo, G., Papale, G., Sgaglione, L., and Cristaldi, R. (2016, January 12\u201314). A Secure Cloud-Based SCADA Application: The Use Case of a Water Supply Network. Proceedings of the International Conference on New Trends in Intelligent Software Methodology Tools and Techniques (SoMeT 16), Larnaca, Cyprus."},{"key":"ref_27","unstructured":"Ulltveit-Moe, N., Nergaard, H., Erd\u00f6di, L., Gj\u00f8s\u00e6ter, T., Kolstad, E., and Berg, P. (2016). Secure information sharing in an industrial Internet of Things. arXiv."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Rashid, A., Gardiner, J., Green, B., and Craggs, B. (2019, January 23\u201325). Everything is awesome! Or is it? Cyber security risks in critical infrastructure. Proceedings of the International Conference on Critical Information Infrastructures Security, Link\u00f6ping, Sweden.","DOI":"10.1007\/978-3-030-37670-3_1"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1039","DOI":"10.1109\/JPROC.2015.2512235","article-title":"The cybersecurity landscape in industrial control systems","volume":"104","author":"McLaughlin","year":"2016","journal-title":"Proc. IEEE"},{"key":"ref_30","unstructured":"(2022, March 02). Common Vulnerabilities and Exposures, \u201cCVE-2011-2367\u201d. SUSE. Available online: https:\/\/www.suse.com\/ko-kr\/security\/cve\/CVE-2011-2367.html."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Irmak, E., and Erkek, \u0130. (2018, January 22\u201325). An overview of cyber-attack vectors on SCADA systems. Proceedings of the 2018 6th International Symposium on Digital Forensic and Security (ISDFS), Antalya, Turkey.","DOI":"10.1109\/ISDFS.2018.8355379"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Chromik, J.J., Remke, A., and Haverkort, B.R. (2016, January 23\u201325). Improving SCADA security of a local process with a power grid model. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research, Belfast, UK.","DOI":"10.14236\/ewic\/ICS2016.13"},{"key":"ref_33","unstructured":"Daneels, A., and Salter, W. (1999, January 4\u20138). What is SCADA?. Proceedings of the International Conference on Accelerator and Large Experimental Physics Control Systems, Trieste, Italy."},{"key":"ref_34","first-page":"122","article-title":"Analysis of cyber-attacks in IoT-based critical infrastructures","volume":"8","author":"Resul","year":"2020","journal-title":"Int. J. Inf. Secur. Sci."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Green, B., Krotofil, M., and Abbasi, A. (2017, January 3). On the significance of process comprehension for conducting targeted ICS attacks. Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy, Dallas, TX, USA.","DOI":"10.1145\/3140241.3140254"},{"key":"ref_36","unstructured":"Demertzis, K., and Iliadis, L. (2018). Modern Discrete Mathematics and Analysis, Springer."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1016\/j.ijcip.2019.01.002","article-title":"Extending the cyber-attack landscape for SCADA-based critical infrastructure","volume":"25","author":"Rodofile","year":"2019","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2015.09.009","article-title":"A review of cyber security risk assessment methods for SCADA systems","volume":"56","author":"Cherdantseva","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"101561","DOI":"10.1016\/j.cose.2019.06.015","article-title":"Current cyber-defense trends in industrial control systems","volume":"87","author":"Rubio","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Nechibvute, A., and Mafukidze, H. (2023). Integration of scada and industrial iot: Opportunities and challenges. IETE Tech. Rev., 1\u201314.","DOI":"10.1080\/02564602.2023.2246426"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1109\/TSG.2016.2547742","article-title":"Runtime semantic security analysis to detect and mitigate control-related attacks in power grids","volume":"9","author":"Lin","year":"2016","journal-title":"IEEE Trans. Smart Grid"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"106366","DOI":"10.1016\/j.ijepes.2020.106366","article-title":"Serverless computing for cloud-based power grid emergency generation dispatch","volume":"124","author":"Zhang","year":"2021","journal-title":"Int. J. Electr. Power Energy Syst."},{"key":"ref_43","unstructured":"Zeng, P., and Zhou, P. (2018). Intelligent Computing and Internet of Things, Springer."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Davis, C., Tate, J., Okhravi, H., Grier, C., Overbye, T., and Nicol, D. (2006, January 17\u201319). SCADA cyber security testbed development. Proceedings of the 2006 38th North American Power Symposium, Carbondale, IL, USA.","DOI":"10.1109\/NAPS.2006.359615"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Bere, M., and Muyingi, H. (2015, January 17\u201320). Initial investigation of industrial control system (ICS) security using artificial immune system (AIS). Proceedings of the 2015 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC), Windhoek, Namibia.","DOI":"10.1109\/ETNCC.2015.7184812"},{"key":"ref_46","unstructured":"Molle, M., Raithel, U., Kraemer, D., Gra\u00df, N., S\u00f6llner, M., and A\u00dfmuth, A. (2019, January 5\u20139). Security of cloud services with low-performance devices in critical infrastructures. Proceedings of the Cloud Computing 2019, The Tenth International Conference on Cloud Computing, GRIDs, and Virtualization, Venice, Italy."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Routray, K., and Bera, P. (2023, January 10). Context-Aware Attribute Based Access Control for Cloud-based SCADA Systems. Proceedings of the 1st Workshop on Enhanced Network Techniques and Technologies for the Industrial IoT to Cloud Continuum, New York, NY, USA.","DOI":"10.1145\/3609389.3610569"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Alam, S., Shuaib, M., and Samad, A. (2019, January 5\u20136). A collaborative study of intrusion detection and prevention techniques in cloud computing. Proceedings of the International Conference on Innovative Computing and Communications, New Delhi, India.","DOI":"10.1007\/978-981-13-2324-9_23"},{"key":"ref_49","first-page":"102717","article-title":"Adversarial attacks on machine learning cybersecurity defences in industrial control systems","volume":"58","author":"Anthi","year":"2021","journal-title":"J. Inf. Secur. Appl."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/13\/4\/97\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T14:26:11Z","timestamp":1760106371000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/13\/4\/97"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,11]]},"references-count":49,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,4]]}},"alternative-id":["computers13040097"],"URL":"https:\/\/doi.org\/10.3390\/computers13040097","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,11]]}}}