Critical infrastructures run the necessities for people, businesses, and countries to run. Critical infrastructures have serious vulnerabilities that can be devastating. SCADA systems play a role in mitigating these vulnerabilities and exposures.
What are Critical Infrastructures?
Critical infrastructures include physical and virtual infrastructures that allow for normalcy of everyday life. Critical infrastructures include networks of highways, bridges and tunnels, railways, and utilities such as water treatment, electricity, and transportation (Department of Homeland Security, 2022). This makes these infrastructures a high value target for hackers and opposing countries to take down and control.
Critical Infrastructure Vulnerabilities
Critical infrastructures have multiple vulnerabilities that can cause great damage. For example, Stuxnet was a computer worm that would affect the Iranian nuclear program. Stuxnet would utilize six zero-day attacks that would impact Siemens equipment. In addition, the malware would infect air gapped networks that were a part of the nuclear program. Stuxnet would damage or degrade nearly 1,000 centrifuges (New Jersey Cybersecurity & Communications Integration Cell, 2017). A more recent example of vulnerabilities in critical infrastructure would be the Colonial Pipeline on the East Coast of the United States. The pipeline would be infected with ransomware, which would force the company to shut down its systems to prevent more computers from being infected. This would cause panic-buying because of the fear of a gas shortage. Gas prices would rise to an average of $3 a gallon (Kerner, 2022).
What are SCADA Systems?
SCADA stands for supervisory control and data acquisition. SCADA refers to the ICS, an industrial control system, used to control infrastructure processes. There are multiple steps in the process for a SCADA system to work. First, there are sensors and actuators which collect data. RTUs, remote terminal units, are connected to the sensors. RTUs convert the sensor signals to digital data. The data is then sent over public or private networks to SCADA clients and servers. The data can then be seen and readable by a human on a human machine interface (SCADA Systems, 2022).
SCADA System Applications and Risk Mitigation
SCADA systems allow for the automation of telemetry to be monitored and manipulated. HMI, human machine interfaces, allow for human operators to control and see processes that are being recorded (SCADA Systems, 2022). For example, a SCADA system could record irregular water pressure build up. The SCADA system would record and alert the operators. The problem could be fixed automatically or manually, depending on the problem. Risks are a force that must be taken into account as risks can be unpredictable. SCADA systems allow telemetry data to be recorded and sent to systems that monitor the stability of the processes and environments of machines. If a machine begins to malfunction or begins to see anomalies, the SCADA system will display the information for human operators to see and combat the issue.
Conclusion
Physical and virtual critical infrastructures allow for normalcy of everyday life. However, critical infrastructures are not invulnerable to attack. Ransomware and malware can infect these systems even if they are air gapped from other networks. SCADA systems can mitigate some of these risks because of the telemetry data collected and sent to front-end monitoring services. This allows for immediate detection of malfunction or degraded performance of machinery.
References
Department of Homeland Security. (2022, January 17). Critical Infrastructure. Critical Infrastructure | Homeland Security. Retrieved November 1, 2022, from https://www.dhs.gov/science-and-technology/critical-infrastructure
Kerner, S. M. (2022, April 26). Colonial Pipeline Hack Explained: Everything You Need to Know. WhatIs.com. Retrieved November 1, 2022, from https://www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know
New Jersey Cybersecurity & Communications Integration Cell. (2017, August 10). NJCCIC Threat Profile Stuxnet. NJCCIC. Retrieved November 1, 2022, from https://www.cyber.nj.gov/threat-center/threat-profiles/ics-malware-variants/stuxnet
SCADA Systems. (2022). SCADA Systems. Retrieved November 1, 2022, from http://www.scadasystems.net/
