by Jared Williams
BLUF: SCADA systems are pivotal in supporting an organization’s operations. Still, the design’s security has become a key vulnerability to cyberattacks across networks, systems, and even software, and must be adapted to current threats.
Supervisory Control and Data Acquisition Systems, or SCADA, are critical components of the daily economic infrastructure that help maintain our way of life. It controls power grids, water systems, and supply chains, and makes the comforts and costs of current life and infrastructure feasible. SCADA systems were primarily built to perform a specific task, and most remain on the legacy systems that originally implemented them. This creates a large threat surface as ease of use and networked connections have increased, allowing those systems and data to be better monitored both administratively and by malicious actors.
A SCADA system can be broken down into its key components: sensors, programmable logic controllers (PLCs), and human-machine interfaces (HMIs). For these purposes, sensors would collect data, ensure proper process performance, and enable the PLCs to control the processes. The HMI would serve as the graphical user interface, enabling operators and administrators to monitor the system’s performance and make human decisions. These all work together to ensure the availability and integrity of the systems and the ongoing infrastructure.
The problem is that SCADA systems are still largely running on legacy technology and lack the security posture to protect themselves from current cyber threats. Additionally, they have been networked and moved from a local area network architecture to a wide area network for constant monitoring and assurance of uptime and availability. With increased internet connectivity, the threat surface has expanded, and, due to legacy systems, software, and even hardware at times, it is exposed widely because of the lack of encryption and the ease with which cyber threat actors can use false authentication methods. An example of how Stuxnet demonstrated that a malware attack, making small changes over long periods, can disrupt an industrial control system, and a real-world look at SCADA’s vulnerabilities.
In hopes of improving the security posture, organizations should strengthen firewalls, intrusion detection systems, and access controls, and implement network segmentation. This alone will be a temporary measure, but including more routine risk assessments will put these systems in the best position to maintain proper security levels and functionality, implement changes, and help when operations can’t be easily shut down for updates or maintenance. The challenge of applying patches or updates may disrupt operations and pose a risk to organizations but should be prioritized for long-term availability and reliability to match security.
In conclusion, SCADA systems are vital to modern infrastructure and pose a significant threat to it. As connectivity increases and cyber threats evolve, this should be a point where organizations can recognize and modify their security practices and implementations to improve security. It is possible to reduce risk over time and ensure the longevity and resilience of the systems that run today’s ecosystems.
References
Author(s) unknown. (n.d.). SCADA systems. Perusall. https://app.perusall.com/courses/202530_cyse200t_33004-cybersecurity-technol-society/scada-systems
National Institute of Standards and Technology. (2015). Guide to industrial control systems (ICS) security (NIST SP 800-82 Rev. 2). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf