The world is experiencing exponential growth in the use of SCADA systems in many industrial fields. The increased and considerable growth in information and communication technology has been forcing SCADA organizations to shift their SCADA systems from proprietary technology and protocol-based systems into internet-based ones. This paradigm shift has also increased the risks that target SCADA systems. To protect such systems, a risk management process is needed to identify all the risks. This study presents a detailed investigation on twenty-one scientific articles, guidelines, and databases related to SCADA risk identification parameters and provides a comparative study among them, as well as proposes a comprehensive risk identification model for SCADA systems. Finally a case study is presented to demonstrate one of the usages of the proposed model and its benchmark database. This case study provides 306 possible attack scenarios that Hacktivist can use to affect SCADA systems.
Please note: That all fields marked with an asterisk (*) are required.