The SCADA system, also known as Supervisory control and data acquisition is the system that analyzes and collects data with the help of sensors. As the SCADA system article mentions, this system is used for a variety of things which include systems of water distribution, traffic lights, electricity transmission, gas transportation and oil pipelines, and many other systems in modern society. The system is configured with many subsystems which make the data analysis and collection efficient. These subsystems include an apparatus used by a human operator, a supervisory system, a remote terminal unit that is connected to sensors, the programmable logic controller, and the communication infrastructure.
Now, with such a profound and useful system comes some vulnerabilities that pose a risk to such a progressive innovation. Those risks would include things such as the cost which for a system that relies heavily on technology could pose high costs for operation and installation. Additionally, the technological components of such a system could lead to greater cyber attacks and cyber-terrorism. This cultivation of such secure data could cause an immense amount of damage and destruction. This is the case due to the lack of human interface associated with the system. The “unauthorized access to software, be it human access or intentionally induced changes, virus infections, or other problems that can affect the control host machine” could lead to a disruption in the systems and influence the productivity and efficient usage (SCADA Systems). The second risk would be a lack of packet security. This becomes a vulnerability due to anyone sending packets to a “SCADA device is in a position to control it” (SCADA Systems). As mentioned in the article, while it is believed that a VPN interface would help mitigate risk, the use of physical access to a network only “ provides the capacity to bypass the security on control software and control SCADA networks’ ‘(SCADA Systems). Once someone gains access and has connected to a computer as admin access to all files is granted. This can leave data modification and data exposure that can be revised and viewed. Digital Forensics 2020 states that if just one “terminal needs to be infected with malware for the attacker to laterally move until they reach the SACADA systems, any number of changes could be initiated that can damage, increase downtime, ruin product or exfiltrate production data.”
To mitigate these risks SCADA had developed a VPN and firewall in which there will continuously maintain access and control over the systems making it more difficult for an outsider to interrupt the processes. There have also been “whitelisting solutions” when implemented, will possess the ability to prevent even further unauthorized application changes (SCADA Systems). The best solution to prevent and mitigate these risks would be to involve more human interface within the system to restrict the sole reliance on the computer systems. With training more operators, programmers, and analysts these issues can be foreseen and data become more secure. This system already aids in the unemployment rate by utilizing technological advances. With the use of more people, employment can rise and the security and the fate of the system do not need to rely on expensive technology that has the opportunity to be swiftly compromised.
References:
Background and risks associated with various SCADA systems. Envista Forensics. (2020, July 31). Retrieved March 20, 2022, from https://www.envistaforensics.com/knowledge-center/insights/articles/background-and-risks-associated-with-various-scada-systems/
SCADA systems. SCADA Systems. (n.d.). Retrieved March 20, 2022, from http://www.scadasystems.net/