According to Executive Order 13010, “certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States.” These critical infrastructures include telecommunications, electrical power systems, gas and oil storage and transportation, banking and finance, transportation, water supply systems, emergency services (including medical, police, fire, and rescue), and continuity of government. Threats to these critical infrastructures will have a significant impact on society and the economy. Where there are gaps in our vital assets, vulnerabilities will begin to surface.

Weaknesses can be identified in a group of personnel if their policies and procedures are different from one another. It is important that teams are ensuring that risks are understood and that appropriate controls are in place. Different sides should establish cooperative relationships by working together to build a unified security policy that protects their technology. This can be accomplished through communication and information sharing. There is a crucial responsibility in securing the U.S critical infrastructure. However, the efforts may lack sufficient user and system authentication. Criminals may see it as an opportunity to use brute-force attacks. Once an attacker succeeds, they have access to all data and may compromise an account. Worst case scenario, a hacker could take full control of the entire application and potentially obtain access to internal infrastructure if they are able to breach a high-privileged user, such as a system administrator. At times legacy SCADA controllers and industrial protocols lack the ability to encrypt communication. Such practice can lead to breachers capturing data packets containing sensitive information such as password or account information. An attack known as ‘sniffing’ is a double edge sword. Sniffers can be hardware or software installed in the system. 

In some cases, SCADA systems are connected to unaudited dial-up lines, or operators of the industrial environment have wrongly configured remote-access servers that could give attackers a path to access to the OT network as well as the corporate LAN. To add on, infrastructure systems may have simple passwords as their baseline which makes it easier for intruders to compromise them. To eliminate a potential breach, they must enforce different, multiple characters as a requirement for passwords. One of its major vulnerabilities involves packet access to network segments that house SCADA equipment. In many circumstances, there is little or no security on the actual packet control protocol; as a result, anyone sending packets to a SCADA device can control it.

To tackle these issues, SCADA providers are offering specialist industrial VPN and firewall solutions for TCP/IP-based SCADA networks. White-listing solutions have also been introduced as a means of preventing unauthorized program updates. In all, critical infrastructures are crucial and extremely significant to society. Control Systems, such as SCADA, are used to manage most of the critical infrastructure. SCADA, as outlined in this work, has some vulnerabilities that require attention. If these vulnerabilities are not addressed, the societal consequences will be severe.

References

Robles, J.M, Choi, M, Cho, E, Kim, S, Park, G, Yeo, S. (2009, June) Vulnerabilities in SCADA and critical infrastructure systems. International Journal of Grid and Distributed Computing,2(2), 99-104 https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.176.5665&rep=rep1&type=pdf

(2020, June). Top 10 critical infrastructure and SCADA/ICS cybersecurity vulnerabilities and threats. Checkpoint Software Technologies, 1-2.
https://www.checkpoint.com/downloads/products/top-10-cybersecurity-vulnerabilities-threat-forcritical-infrastructure-scada-ics.pdf