Write Up – SCADA Systems

Posted by aosio001 on

Details

In this write up, I will discuss SCADA Systems and explain the vulnerabilities and risks associated with critical infrastructure systems and the role that SCADA application plays in militating against these vulnerabilities and risks.

SCADA Systems

SCADA systems are systems that contain software and hardware elements that make organizations have the ability to perform certain actions. Some of the actions that SCADA systems are able to perform include (Inductive Automation, 2018):

  • Control industrial processes locally or at remote locations
  • Monitor, gather, and process real-time data
  • Directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface software
  • Record events into a log file

These actions allow organizations to help maintain efficiency, especially since the data being processed allows for smarter decisions. Along with this, SCADA systems allow for easier communications within the system, which can help prevent downtime. If the SCADA system notices that there is a high incidence of errors, it will notify the proper administrator or operator, and then this person will be able to view the data provided by the SCADA system and determine the root of the issue.

Vulnerabilities and Risks Associated with Critical Infrastructure Systems

There are two vulnerabilities that are associated with critical infrastructure systems: resource disparity and outsourcing complexity. Resource disparities are considered a vulnerability because significant resources are necessary in order to ensure cyber and physical security. Many essential critical infrastructure needs may be exposed since there are not enough resources being diverted to the need. Outsourcing complexity is a vulnerability because outsourcing physical and cyber security services can lead to “more opportunities for leaked defense-related knowledge, procedures, and data” (Tal 2018).

There are many risks that are associated with critical infrastructure system, including human-caused risks and cyber risks. Tal (2018) explains that human-caused events result from intentional actions of a person and can include terrorism, product tampering, and theft. When a human-caused risk occurs, it can cause harm to the system, cause downtime, or provide unauthorized access to data. Cyber risks involve the disruption and damage that is caused by a cyber-related event. There are many cyber events that can cause disruption and damage, some including spam, phishing, and malware.

Role SCADA Systems Play in Mitigating Against Vulnerabilities and Risk

SCADA systems can be implemented in order to mitigate against certain vulnerabilities and risk. SCADA systems can implement a “specialized industrial VPN and firewall solution for SCADA networks that are based on TCP/IP” (SCADA Systems, 2020). These VPNs help ensure that only authorized users are accessing the system. If an unauthorized user is trying to access the system, they will need to ensure that they have access to the VPN. Along with this, “white-listing solutions can be implemented to prevent unauthorized application changes”. This ensures that programs and applications that are not white-listed cannot be ran on the system. If an authorized or unauthorized user attempts to run a program or application that is not white-listed, the administrator will receive a notification of this event.     

Conclusion

It is important that security is taken seriously in terms of critical infrastructure systems. If a system becomes offline or destroyed, there can be very severe consequences. Even though SCADA systems are disconnected from the Internet, security issues can still exist. In order to prevent these issues, SCADA systems have certain measures implemented in order to help mitigate against these vulnerabilities and risks. SCADA systems have industrial VPN and firewall solutions implemented in order to prevent unauthorized access. Along with this, SCADA systems have the capability to white-list solutions, which helps prevent unauthorized applications and programs from being run on the system. As long as companies are ensuring physical and cyber security within their organization, SCADA systems can be properly used to enhance security of their critical infrastructure systems.

References

Inductive Automation. (2018, September 12). What is SCARA? Retrieved November 08, 2020, from https://www.inductiveautomation.com/resources/article/what-is-scada

SCADA Systems. (2020). SCADA Systems. Retrieved November 08, 2020, from http://www.scadasystems.net/

Tal, J. (2018, September 20). Please Enable Cookies. Retrieved November 08, 2020, from https://www.securityinfowatch.com/access-identity/access-control/article/12427447/americas-critical-infrastructure-threats-vulnerabilities-and-solutions

Leave a Reply

Your email address will not be published. Required fields are marked *