Modern industrial facilities, such as oil refineries, chemical factories, electric power generation plants, etc. are large, complex, distributed systems. These systems are monitored and controlled by networks of special purpose embedded computing devices such as sensors, actuators, and PLCs. These industrial control networks are commonly called SCADA (Supervisory Control and Data Acquisition) networks. The increasing interconnectivity of SCADA networks has exposed them to a wide range of network security problems. One of the important issues in securing SCADA networks is to identify vulnerabilities in the communication protocols. This book analyses existing qualitative security assessment guidelines, specifically attack and vulnerability taxonomies, and proposes a new framework for organizing information about known attacks and vulnerabilities to find unknown or similar vulnerabilities in new systems. This framework is used to organize information related to known vulnerabilities in SCADA protocols into a taxonomy that provides a systematic methodology for the security assessment of other SCADA protocols.