A Comprehensive Overview: Explaining the Vulnerabilities Associated with Critical Infrastructure Systems and how SCADA Applications Play in Mitigating these Risks

Posted by bcoop010 on

Bryce Cooper

This document identifies and explains the vulnerabilities associated with critical infrastructure systems, and how SCADA applications play a role in mitigating those risks.

What is Critical Infrastructure?
Critical Infrastructure includes facilities, systems, and assets that are vital to the economy. “If one or more of those services were to meet their destruction or incapacitation, the resulting effect would have a debilitating impact on national security, the economy or public health, safety, and welfare” (ASCE). To elaborate further, critical infrastructure is what keeps the different services we use every day running. It can keep the lights and water on inside of our homes as well as keep our communication systems and our national defenses online. Our critical infrastructure is an important part of our country and without it detrimental things can occur, although, these systems aren’t invincible.

Some Critical Infrastructure Vulnerabilities
There are various potential vulnerabilities through which our critical infrastructures can be compromised. “Those vulnerabilities include events and conditions such as natural disasters/occurrences that across varying temporal and spatial scales, accidents, and deliberate acts that can damage, and reduce functionality of services” (ASCE). The disasters can also affect economic and social outcomes that could potentially lead to injuries, illnesses, or ultimately resulting in loss of life. Cyber-attacks represent another of the methods through which our critical infrastructure can be compromised. Cyber criminals can attack the critical infrastructure systems, these attacks can highlight potential public safety threats and cause physical damage and deny critical services. However, natural occurrences and cyber threats are not the only factors that could lead to the disruption of critical infrastructure systems. The systems could randomly fail or malfunction, which would cause the same and maybe even more damage than the previous examples.

SCADA Systems
SCADA or the Supervisory Control and Data Acquisition refers to ICS (industrial control systems) which “is used to control infrastructure processes, facility-based processes, or industrial processes” (SCADA Systems). The following subsystems are usually present in SCADA systems.
• The human operator, which all the processed data is presented to the operator
• A supervisory system that gathers all the required data about the process
• Remote Terminal Units (RTUs) which are connected to the process sensors, they help convert the sensor signals to digital data and it sends the data to the supervisory stream
• Programmable Logic Controller (PLCs) used as field devices
• The communication infrastructure which connects the Remote Terminal Units to the supervisory system.

SCADA Applications Mitigating CI Vulnerabilities
SCADA systems play a crucial role in managing and monitoring the critical infrastructure systems. They help utilize various strategies “to plan, prepare for, mitigate, and adapt to changing conditions from vulnerabilities to enable rapid recovery of physical, social, economic, and ecological infrastructures” (ASCE). For example, secure server rooms, surveillance, and restricted access to SCADA help protect critical infrastructures from physical attacks. Intrusion detection systems are often integrated into the SCADA systems to monitor network traffic for unusual activities. Additionally, access control to the SCADA systems are strict and are only authorized to personnel, this typically includes multi-factor authentication (MFA) to limit access to the critical functionalities. Also, in order to mitigate vulnerabilities to the SCADA systems, regular software updates and patching are required to protect the systems from known or unknown security flaws. These can include software and firmware updates that address the vulnerabilities in both hardware and software components.

Conclusion
The information above identifies and explains some of the vulnerabilities associated with critical infrastructure systems. The SCADA systems can be used to protect and mitigate those vulnerabilities by providing support and continuous monitoring. However, it has been stated that the security of SCADA-based systems is being questioned, as they are potential targets of cyberterrorism/cyberwarfare attacks. With this knowledge it is imperative that the SCADA systems are up to date and monitored. This is a never-ending process with different twists and turns that we must be prepared for.





Work Cited/References

“SCADA Systems.” https://docs.google.com/document/d/1DvxnWUSLe27H5u8A6yyIS9Qz7BVt_8p2WeNHctGVboY/edit?tab=t.0#heading=h.6b87jxq9zi56 Accessed 20 Mar. 2025

“Policy statement 518 – Unified definitions for critical infrastructure resilience.” American Society of Civil Engineers, https://www.asce.org/advocacy/policy-statements/ps518—unified-definitions-for-critical-infrastructure-resilience/#:~:text=Critical%20infrastructure%20includes%20systems%2C%20facilities%2C%20and%20assets%20so,the%20economy%20or%20public%20health%2C%20safety%2C%20and%20welfare. Accessed 20 Mar. 2025

Leave a Reply

Your email address will not be published. Required fields are marked *