Abstract
SCADA systems control all of the systems that provide water, oil, and gas to the entire nation. These systems do not have the security that is best suited for their role in our society. it was common belief that since these systems are kept off the internet and VPN’s are used that its enough security. This is not the case, unauthorized access to physical systems can pose a potential issue. SCADA systems do not have packet protection, so the attacker can send packets to the SCADA and can alter the data. There are many ways we can mitigate these potential breaches. By applying security principles, such as additional physical security and routine updates to the host OS. SCADA system technicians need to be more vigilant when it comes to the physical security of these systems. Applying additional password security, making passwords longer and not default is a good step to prevent people from having unauthorized access to these systems.
SCADA System vulnerabilities
SCADA systems provide technicians ways to control infrastructure like water treatment, wastewater treatment, gas pipelines, and wind farms. These systems provide critical services to the entire population. if these systems were to be compromised, the amount of damage that will result from it would be catastrophic. Even though these systems are not publicly accessible from the internet, they still have local networks that an attacker can exploit. Disconnecting a network port and placing a device that can send packets to the target device. There is a general belief that since these systems are not on the internet, their protected from cyberattacks. Physical security is also an important measure that needs to be taken more seriously to protect these systems.
An attacker that has physical access to network switches and jacks can bypass the different security measures that are in place. Once the attacker gets access to the local network, packets can be sent to the host machine that these SCADA systems are on (trendmicro, 2019). Other potential issues these systems are vulnerable to are buffer overflow attacks, and unauthorized access via default credentials. Most of the SCADA systems are deployed with their default administrator credentials, if these are not changed it’ll be easy for an attacker to guess to credentials to gain access to the system.
SCADA systems use VPN’s to keep their networks off the internet, which does limit the attack surface for these systems. Ensuring the passwords are secure is crucial for making sure the networks are secure. In 2021, a hacker group got access into the Colonial Pipeline’s network though a compromised VPN password. Since there was no multifactor authentication alongside the password, access to the system was much easier since there was no additional verification (Insurica, 2025).
Ways to prevent these attacks
There are many ways to mitigate the attacks from happening. Increasing physical security in areas that contain critical network infrastructure can help prevent unauthorized access to those system. Login credentials need to be changed when setting up newer hardware, keeping default credentials is improper security. Making sure the login credentials are not easy to guess, increases security. To combat buffer overflow attacks, securing the code that handles input data can prevent an attacker from exploiting the code to gain access to the system.
Conclusion
SCADA systems control physical assets that are vital to our society. the colonial pipeline when it was compromised, it affected gas prices across the entire east and south coasts. Prices were at this highest point since 2014, people were in panic. Strategies that can help prevent or mitigate these attacks are to be taken seriously. Applying updates to the OS can patch software vulnerabilities, locking down code is also measure that can assist with securing programs. SCADA system operators need to start looking into more physical security on these systems to mitigate incidents.
References
Insurica. (2025, March 24). Cyber Case Study: Colonial Pipeline Ransomeware attack. Retrieved from https://insurica.com/blog/colonial-pipeline-ransomware-attack/
trendmicro. (2019, December 16). One Flaw Too Many: Vulerabilities in SCADA Systems. Retrieved from https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/one-flaw-too-many-vulnerabilities-in-scada-systems