SCADA systems are extremely important to our nation’s infrastructure; it is consequential that we understand the intricacies of what SCADA systems do, recognize the vulnerabilities associated with our critical infrastructure, and acknowledge SCADA systems role in mitigating the vulnerabilities in critical infrastructure. SCADA stands for Supervisory Control and Data Acquisition, this system is commonly used in critical infrastructure systems to control an entire site. There are also many vulnerabilities associated with SCADA systems, specifically software and packet access along the network.
SCADA systems contain multiple subsystems to function, with each having an objective to complete in order to function effectively. The first subsystem is an apparatus, this is controlled by a human and is where all process data is presented (SCADA Systems pg. 1). This allows for a human to interpret the data and take appropriate actions in response to the data received. The second subsystem is the supervisory system, this is used to gather “all the required data about the process” (SCADA Systems pg. 1). The third subsystem is a series of Remote Terminal Units, these record digital data via sensors which is then sent to the supervisory system. The fourth system is a set of field devices called Programmable Logic Controllers, these “control and monitor industrial equipment” (Inductive Automation). The final subsystem is the communication infrastructure, this acts as a connection between the supervisory system and the Remote Terminal Units.
Critical infrastructure is immensely important to ensure a nation’s health, so we must recognize the vulnerabilities associated with it. Due to their importance, critical infrastructure is a prime target for adversaries and cyberterrorists to sabotage. If a section of our critical infrastructure were to be sabotaged it would change how the daily life of a citizen, and cause many complications to their life. There are many cyber vulnerabilities that would allow a threat agent to access some sections of critical infrastructure. The first vulnerability is the use of outdated systems, these systems provide an easy access point for threat agents due to their lack of modern security programming (The Security Company Limited, LinkedIn). The second vulnerability is that of those with access to these sections of critical infrastructure. Employees looking to take advantage of their position for profit also compromise security, in addition to those that accidentally invite security threats in (The Security Company Limited, LinkedIn). The third vulnerability is that of remote access. The surge in remote work in recent years has led to an increase in the acceptance and reliability of remote work in order for critical infrastructure to function, this has added increased risk of threat agents using this to their advantage (The Security Company Limited, LinkedIn). Anyone who remotely accesses work could be exposed to malware and inadvertently transfer it to the critical infrastructure site.
SCADA systems are still being improved for the sake of security and efficiency. As of recent, the most discussed vulnerabilities within a SCADA system is unauthorized access to software, and the lack of security on packet control protocol. The lack of security on packet control protocol allows for any individual to send packets to control a SCADA device (SCADA systems pg. 6). The current security to these vulnerabilities are physical security, and possible VPN usage. SCADA vendors are developing a specialized type of VPN and firewall for SCADA networks based on the TCP/IP protocol (SCADA systems pg. 6). The use of whitelisting solutions has proven to be beneficial to the security of SCADA systems and the application changes found within the critical infrastructure (SCADA systems pg. 6).
In conclusion, critical infrastructure systems are the most vital to our nation’s health. Therefore understanding the vulnerabilities within that critical infrastructure allows us to implement security protocols to better protect them. Furthermore, understanding how SCADA systems operate allows us to develop ways to mitigate risks associated with them and the infrastructure they operate.

References
“SCADA Systems.” SCADA Systems, www.scadasystems.net/. Accessed 5 Nov. 2023.
“PLC: Programmable Logic Controller.” Inductive Automation, https://inductiveautomation.com/resources/article/what-is-a-PLC#:~:text=Programmable%20Logic%20Controllers%20(PLCs)%20are,equipment%20based%20on%20custom%20programming. Accessed 5 Nov. 2023.