SCADA Systems

By Angelica Grace Castro

SCADA Systems

According to the article “SCADA Systems”, SCADA is an acronym for Supervisory Control and Data Acquisition which is a system that collects data from control infrastructure, facilities and industrial complexes and sends that data to a computer that manages and controls that data. These infrastructures, facilities and industries are important and any vulnerabilities poses a great threat to society. Vulnerabilities of infrastructures include outdated systems, insider threats, human error, and development of cyber security threats. SCADA systems consists of subsystems and applications such as remote terminal units (RTU), programmable logic controllers (PLC), and human machine interfaces (HMI) that mitigate these vulnerabilities of critical infrastructure.

Vulnerabilities Of Critical Infrastructure Systems:

1. Outdated Systems

Most critical infrastructure systems were developed at a time where cyber security was not considered as a threat. Therefore, the systems do not have the proper level of security making them easy targets for bad actors. These outdated systems also are difficult to patch and update.

2. Insider Threats/Human Error

Insider threats will always be a risk to critical infrastructure systems due to the massive amount of employees who have access in order to keep the system running. There are many potential actors who can deliberately introduce a threat or be coerced by bad actors. Again due to the typical large population of employees, there is a large potential for an individual to accidentally introduce a risk or expose a vulnerability.

3. Uncontrollable Events

Critical infrastructures are subject to uncontrollable events such as natural disasters. Other events include war, power outages, and pandemics. Due to the importance of critical infrastructure, infrastructure must be able to withstand any outside activity that will mess with their operations. Infrastructure must be adaptable and have some redundancy in order to prevent any failures.

How SCADA systems mitigate against vulnerabilities:

1. SCADA Protocols

SCADA systems have communication protocols that allow for a more efficient communication between applications of the system. The two most common communication protocols are Modbus and IEC 60870. Several of the communication protocols have extensions that allow them to operate through the TCP/IP.

2. RTUs/PLCs

SCADA systems have remote terminal units and programmable logic controllers that have sensors which collects data from the site and records them. The plant can also be controlled using the remote terminal units by allowing individuals to set certain values that relates to a piece of equipment or connect to the human machine interface and allow control there. SCADA systems have timestamp-value pairs that will reveal the history of a particular point. This feature protects from insider threats and human error by ensuring employees are accountable and recording data that can be used for future purposes.

3. HMI

The human machine interface uses the data collected by the RTUs and PLCs and presents it to an operator via a main computer. This operator is a human who is able to control processes using the HMI. The HMI provides the operator with diagnostic data, management information, logistics, schematics, maintenance procedures and troubleshooting guides. The HMI provides the human operator with plenty of data and assistance to ensure that the facility is running properly. The operator is also alerted using alarms when there is a change in status. The HMI allows the operator to be alerted to any failures or changes that may be caused by an uncontrollable event. Any natural disasters will be easily noticed and action can be quickly taken to mitigate any threats to the system.

Conclusion

SCADA systems are systems that control and record data while allowing a human operator to change the facility status through its hardware components. SCADA systems are much easier to update than the legacy systems of critical infrastructures due to its communication protocols. The ability to record data as well as alert the operator mitigates against insider threats, human error and uncontrolled events by holding employees accountable and allowing time for them to take action in the case of a natural disaster.

References

The Security Company (International) Limited. (2023, September 27). What are Critical Infrastructure Cyber Security Vulnerabilities and Threats? https://www.linkedin.com/pulse/what-critical-infrastructure-cyber-security-vulnerabilities/

SCADA Systems. (n.d.) SCADA Systems https://www.scadasystems.net/

Fick A. (2022, September 6). Critical Infrastructure is More Vulnerable Than Ever – Your Industry Could Be a Prime Target. Lacework. https://www.lacework.com/blog/critical-infrastructure-is-more-vulnerable-than-ever-your-industry-could-be-a-prime-target/#:~:text=When%20it%20comes%20to%20critical,it%20can%20be%20very%20dangerous

Sharma S. et al. (2022, July 4) SCADA Communication Protocols: Modbus & IEC 60870 – 5. Institute of Electrical and Electronics Engineers. https://ieeexplore.ieee.org/abstract/document/10006579

Kurii Y. (2018, November 29). SCADA Cyber Security Threats and Countermeasures: Ultimate Checklist. Eleks. https://eleks.com/blog/scada-cyber-security-threats-countermeasures/

Leave a Reply

Your email address will not be published. Required fields are marked *