Threat Detection in Industrial Networks: Methods & Examples

Instructor: Brandon Bass

Brandon has a MS in systems engineering & a PhD in Cyber Security. He has taught at several universities and possesses 12 industry certifications.

Modern industrial control systems are beginning to connect to internet technology and networks. Given this shift, ICS networks are an appealing target for cyber criminals. This lesson will discuss ICS vulnerabiliteis and methods of detection and control to protect ICS systems.

Introduction to ICS

Industrial Control Systems, or ICS, is a term that has been coined to mean any system or associated hardware/software component that is used in the control of industrialized system processes. These systems capture data, monitor industrial processes and provide automation to the industrial framework. ICS systems are responsible for water treatment, manufacturing, transportation, power generation and distribution of power to public entities. As such, they are a key factor in the nation's critical infrastructure. Historically, ICS process control went through localized panels. These transitioned to centralized control rooms to allow for all plant measurements to be sent to one or a few locations. These rooms were permanently manned, and any automation or manual outputs were sent through electronic signals localized to the plant itself. When things became sufficiently large, it was necessary to implement new controls to meet the needs of large continuous processes. Distributed Control Systems, or DCS, were implemented to ensure that modular control would be integrated with high speed networking and a full gamut of control rack suites.

SCADA Systems

ICS systems began to employ systems known as Supervisory Control and Data Acquisition, or SCADA systems, which utilized computers and GUI interfaces to assist in high-level overview processes within the monitoring of ICS processes. This is a DCS that allows for centralized command structure as well as delivery of real-time information and control logic. SCADA systems also assist in network control of peripheral devices, like programmable logic controls, which interface with the machinery inside the plant. This methodology allowed the SCADA control centers to perform a centralized monitoring of field sites. The communication networks and remote stations that provide information to central control may be distributed over incredibly long distances. The Human Machine Interface allowed people to gather information on remote sites and perform specific actions to control these remote sites, including communicating with lower level devices, monitoring alarms and allowing for processes like the opening and closing of valves or breakers to assist with ICS standard functions.


Attacks and unintentional attacks on ICS and SCADA systems have happened on numerous occasions, sometimes causing incredible problems for the general public. Attacks on ICS and SCADA systems using spoofing and denial of service have disrupted utilities, caused spills and created widespread damage to systems, networks and environments.

Maroochy Shire Sewage Spill

In January of 2000, the sewage control plant for Maroochy Shire Council in Queensland, Australia began to have pump failures and to lose communications with pumping stations. The valves and pumps were opened without being instructed by the SCADA system to do so. Tireless logging by the staff found that the controllers were being spoofed to activate the valves without SCADA central command. Here, the culprit was a disgruntled ex-employee of the company who was contracted to install the SCADA control system. He had installed these spoofed systems and was trying to get the plant to hire him to remedy the problems he was creating. The result of his actions was the flooding of nearby hotel grounds, parks and rivers with the dumping of nearly 264,000 gallons of raw sewage into these areas.

Hatch Nuclear Power Plant

In March of 2008, the Southern Company in the state of Georgia had to install a software update on the Hatch Nuclear Power Plant's business network. The business network shared a connective physical piece with the plant's SCADA network. When the systems came back online, the update synced with both systems. This communication between the systems mistakenly caused the SCADA safety system to signal that the water level in the nuclear rods was too low for safety. This shut down the plant. While there was no reported public danger, the revenue lost by the power company was in the millions of dollars and the man-hours getting things back online were also incredibly punitive. The SCADA engineers chose to sever all physical connections between the business network and the SCADA network as a result of the outage.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account