The supervisory control and data acquisition (SCADA) system is the major industrial control system (ICS), which is responsible for collecting data from end devices, analyzing data, and managing the system efficiently by sending necessary control commands to the corresponding end devices. Unlike traditional cyber networks, a SCADA system consists of heterogeneous devices that communicate with one another under various communication protocols, physical media, and security properties. Failures or attacks on such networks have the potential of data unavailability and false data injection causing incorrect system estimations and control decisions leading to non-optimal management or critical damages of the system. This chapter provides a theoretical baseline for assessing the security and resiliency of ICS by presenting two formal frameworks, one for security analysis and one for resiliency analysis, considering smart grid SCADA systems. These frameworks take smart grid configurations and organizational security or resiliency requirements as inputs, formally model configurations and various security properties, and verify the dependability of the system under potential attacks or contingencies. The execution of each of these frameworks is demonstrated on an example case study.
