Supervisory control and data acquisition (SCADA) systems are used in critical infrastructure to control vital sectors such as smart grids, oil pipelines, water treatment, chemical manufacturing plants, etc. Any malicious or accidental intrusion could cause dramatic human, material and economic damages. Thus, the security of the SCADA is very important, not only to keep the continuity of services (i.e., availability) against hostile and cyber-terrorist attacks, but also to ensure the resilience and integrity of processes and actions. Dealing with this issue, this paper discusses SCADA vulnerabilities and security threats, with a focus on recent ones. Then, we define a holistic methodology to derive the suitable security mechanisms for this kind of critical systems. Our methodology starts by identifying the security needs and objectives, specifying the security policies and models, deriving the adapted architecture and, finally, implementing the security mechanisms that satisfy the needs and cover the risks. We focus on the modelling step by proposing the new CI-OrBAC model. In this paper, we focused on securing communication and protecting SCADA against both internal and external threats while satisfying the self-healing, intrusion tolerance, integrity, scalability and collaboration needs.

监督控制和数据采集（SCADA）系统用于关键基础设施中，以控制重要部门，例如智能电网，输油管道，水处理，化工厂等。任何恶意或意外入侵都可能造成严重的人员，物质和经济损失。因此，SCADA的安全性非常重要，不仅要保持服务的连续性（即可用性）以抵抗敌对和网络恐怖袭击，而且要确保流程和行动的弹性和完整性。针对此问题，本文讨论了SCADA漏洞和安全威胁，重点是最近的漏洞和安全威胁。然后，我们定义一种整体方法，以得出适用于此类关键系统的安全机制。我们的方法首先是确定安全需求和目标，指定安全策略和模型，推导适用的体系结构，最后实施满足需求和覆盖风险的安全机制。通过提出新建议，我们专注于建模步骤CI-OrBAC模型。在本文中，我们专注于保护通信并保护SCADA免受内部和外部威胁，同时满足自我修复，入侵容忍，完整性，可伸缩性和协作的需求。