From Traditional to IoT Based: A Generational Taxonomy and Attack Classification of Supervisory Control and Data Acquisition Syste

Supervisory control and data acquisition (SCADA) systems play a crucial role in managing vital infrastructures, including power generation, distribution networks, waste management, and smart manufacturing. Initially designed as isolated and closed systems, SCADA architectures have evolved by integrating advanced information technologies, enabling enhanced remote management and interoperability. However, this integration significantly broadens the attack surface, increasing vulnerabilities to sophisticated cyber threats that can lead to severe environmental, human, and economic consequences, thus posing a substantial risk to national security. This study systematically categorizes SCADA systems into distinct generations based on core features, including communication protocols, auditing, and integration levels, and emphasizes the necessity of generationspecific vulnerability analyses. By grouping SCADA systems into two main generational categories, the research provides a structured framework for understanding differing security risks and guiding the development of tailored cybersecurity solutions, such as intrusion detection and prevention systems. This generational approach offers critical insights for both academic inquiry and practical defense strategies, facilitating more effective risk mitigation and resilience building in SCADA systems amid an increasingly complex cyber threat landscape.

Cite this article as: M. Y. Yağcı, Ş. Durukan-Odabaşı and M. A. Aydın, “From traditional to IoT based: A generational taxonomy and attack classification of supervisory control and data acquisition systems,” Electrica, 2026, 26, 0173, doi: 10.5152/electrica.2026.25173.