There are a series of cyber and physical threats associated with ICS (industrial control systems) linked to critical infrastructure systems. Consider the sheer amount of access points these systems have technologically and materially–sometimes these processes, like shutting valves on and off to provide local access to water, span vast geographical areas and service potentially millions of people. Threats of attacking the power grid, for example, seem abstract until you realize the very real possibilities and ramifications of an emergency event of this magnitude occurring without critical infrastructure backups already in place and ready-to-go. 

If a company or organization is using a legacy system with limited security updates for their operations, then they have increased their chances of having unpatched vulnerabilities. This condition coupled with a severe lack of encryption would make them a ripe and easy target for a salivating hacker. Further points of potential exploit include: a lack of threat monitoring and IDS, insecure network connections with a lack of segmentation, weak authentication and access controls, employee and contractor access, authentication, and behavior, potential backdoors or malware affecting the entirety of the supply chain, and any other weak physical points of entry or access to critical systems infrastructure where genuine credentials can be spoofed to gain entry to the physical hardware and digital network. 

SCADA systems protect these vital ICS at various phases throughout each industrial oversight process–they are specific for whichever utility/company they are supporting. Supervisory Control and Data Acquisition Systems play a vital structural role in maintaining the integrity and availability of industrial processes by controlling, monitoring, segmenting, and securing each step. It’s important to note that SCADA systems must be installed properly after being efficiently designed and secured for deployment. Utilizing SCADA applications, risk and vulnerabilities are minimized in a plethora of ways including, but not limited to: a continuous monitoring and data collection process that works with software, hardware, and personnel to detect any anomalies and to maintain system integrity and work safety, data logging to capture any notable events and maintain a baseline of activity, forensics, and regulations, implementation of CIA especially with regards to role-based access controls and authentication, and an overall analytics strategy to help prevent any events from occurring. 

Essentially SCADA applications are the brains, eyes, and ears of the operation: they are continuously utilizing a large-picture systems approach to dissect traffic, processes, grant permissions, hall-monitor activities, turn vital machine functions on and off, and a plethora of specific tasks and procedures to keep the business running smoothly.

Copyright. Bryanda Epps.