The SCADA article talks about the functions and the history of the system that has been used to control infrastructure and how the different parts of the system are controlled. SCADA (Supervisory Control and Data Acquisition) involves a group of systems that is a part of the ICS (industrial control systems) that is a central control system for all of the ICS that are involved. We are currently on the third generation of SCADA systems that connect to the central system through the WAN system, while it does increase the potential of security problems it can also be mitigated easier through the use of regular security protocols. The SCADA is really good in creating a central control for all of the different systems that are connected and work together, even though it comes with a lot of risk, it makes the job easier in protecting multiple systems at once and eliminating threats that try to harm the system in a timely manner with the correct training.
Vulnerabilities of SCADA System
Because of the SCADA systems being third generation and using WAN protocol, it comes with the possibility of being accessed by unauthorized personnel. The systems can be accessed physically, so in the case of someone or a group of people that shouldn’t be a able to gain access to the physical system, they could cause serious damage to the systems, that could result in a lot of money to repair the system and could result in the system having to be down for some time until its operational again. The SCADA system also has a major vulnerability with being able to be accessed because of a lack of authentication to systems, which allows people to be able to get in and mess with the systems. The system also has a lack of encryption, which can lead to people intercepting data transmissions and causing damage with that, which would be very dangerous and cost a lot to fix. While the third generation of SCADA is a better system since it uses WAN, it has a lot of vulnerabilities that can easily be exploited and cause lots of damage to everything that is connected to the SCADA system.
SCADA Counter to Vulnerabilities
The main way to counter or mitigate a lot of these vulnerabilities is cybertraining, because a lot of the problems with the SCADA systems comes from a lack of knowledge of threats and holes with the system. SCADA vendors are planning on implementing security changes like introducing a special VPN for the industry and improvements to the overall firewall. Those are improvements that can help mitigate the vulnerabilities, but there are still holes in the system that can be exploited like physical protection for the actual system in place and cyber awareness to any problems that may occur. Physical protection is always being worked on to place the SCADA system in a secure place that can be monitored, and Cyber awareness is being taught to people that work on the systems involved even if they don’t know anything about Cybersecurity. While SCADA have different applications tailored to each service to make sure those services are protected, the major risk is handled by the cybersecurity side of the SCADA to protect the central system from threats and to make sure threats can’t spread and infect other parts of the system.
Conclusion
The SCADA is a valuable system to the industry in making sure that a lot of different subsystems are able to be monitored and protected all at once, rather than having to monitor different systems and risk the spread of threats to other systems. The system does come with a lot of vulnerabilities that can be very dangerous to the system like the lack of encryption protection and the overall threats that come with it being through the internet and using WAN protocol, it leaves the system constantly at risk of cyber attacks and physical attacks that would cause major problems. Currently Cybertraining is being done for people that work on the systems that connect to the SCADA and for people involved with working directly with the SCADA, to mitigate and be able to respond to any threat. Vendors for SCADA are also working on ways to improve the systems security and making sure that if there are any sort of threats whether they are physical or cyber, that they are able to be mitigated and responded to in an efficient manner.
Reference
Amos, Z. (n.d.). 9 SCADA system vulnerabilities and how to secure them. 9 SCADA System Vulnerabilities and How to Secure Them. https://gca.isa.org/blog/9-scada-system-vulnerabilities-and-how-to-secure-them
Google. (n.d.). SCADA systems. Google Docs. https://docs.google.com/document/d/1DvxnWUSLe27H5u8A6yyIS9Qz7BVt_8p2WeNHctGVboY/edit?tab=t.0
What is SCADA? Supervisory Control and Data Acquisition. OleumTech. (2020, July 14). https://oleumtech.com/what-is-scada#:~:text=SCADA%20is%20a%20computer%2Dbased,industrial%20plant%20and%20production%20facilities.