Scada Systems: Vulnerabilities and the mitigation of risks

Posted by dflow001 on

David Flowers
Department of video game development and design, Old Dominion University
CYSE-200: Cybersecurity, Technology & Society
Dr. Christopher Bowman
April 12, 2026

Critical infrastructure and Vulnerabilities

Like with all forms of technology there will always be different types of vulnerabilities
that will allow hackers to gain access to it. A lot of main critical infrastructure runs on a system
known as SCADA and this can be best described as an industrial control system (ICS). What this
does is it observes and manipulates critical infrastructure systems, and this can be seen when it is
stated in What is SCADA and SCADA system? (2026)“To define SCADA, it is an industrial
control system (ICS) that monitors and controls infrastructure processes.”(p.1). Critical
infrastructures are mainly seen as services that we as a nation cannot survive without such as
energy, water, and waste control, and this can be seen when it is mentioned in What is SCADA
and SCADA system? (2026)“ organizations involved in the provision of electricity, natural gas,
waste control, water, and other necessary services.”(p.1). Since many of these SCADA systems
have been in place and have been running for generations, some of these systems are outdated.
This can lead to weakness within the old procedures and ancient equipment voided from modern
security features. Due to this it has become a consistent and everlasting vulnerability within these
Critical infrastructures, and this can be seen from Koelemiji (2024)”Outdated protocols and
legacy equipment, which often lack modern security features, remain a persistent
vulnerability.”(p.1). This can make it easy to take advantage of by using packet access. This
allows a hacker to gain control of a system due to there being no packet control protocol, thus it
is easy for a person to gain access to such systems, and this can be seen from the article SCADA
systems (2026)”In numerous cases, there remains less or no security on actual packet control
protocol; therefore, any person sending packets to SCADA device is in position to control
it.”(p.1).

Applications that mitigate risk

These risks can be very detrimental and can cause damages that could potentially last
months. Currently what many critical infrastructures are doing about these weaknesses inside of
their SCADA systems is that they are manufacturing industrial VPNs. This will help with
preventing unwanted outside forces from accessing the SCADA systems in order to control
them. Another form of protection that critical infrastructures are putting into place are firewalls.
These are to strengthen the networks that run on TCP/ICP, and this can be seen from the article
SCADA systems (2026) “SCADA vendors are addressing these risks by developing specialized
VPN and firewall solutions for networks that are based on TCP/ICP.”(p.1). If a hacker were to
get past these then they would have full access to the system and be able to manipulate it to their
whim, thus a white listing solution was found. This allows only authorized individuals to
manipulate the system, and this is found in the article SCADA systems (2026) “white-listing
solutions have been implemented due to their ability to prevent unauthorized application
changes.”(p.1).

Conclusion

To reiterate, SCADA is an industrial control system (ICS), and many critical
infrastructure, such as energy, water, and waste control, use it to control their facilities and
systems. A major vulnerability with these systems is that they are incredibly old and do not have
modern protections against current cybersecurity threats. This can leave them vulnerable to
packet control attacks that allow hackers to gain unauthorized control of a critical infrastructure.
A way to reduce the risk of this happening is by implementing VPN and firewalls to try and
mitigate the risk of a hacker breaking into the system. If a hacker were to get past these then a
white list could try to prevent them from manipulating the application since they would be
unauthorized to do so.

References

Koelemij, Sinclair. “Why Scada and DCS Face Different Cyber Threats.” Industrial Cyber, 9
Dec. 2024,
industrialcyber.co/expert/why-scada-and-dcs-face-different-cyber-threats/#:~:text=we%20can%2
0conclude:-,SCADA%20systems%20oversee%20processes%20across%20large%2C%20dispers
ed%20areas%E2%80%94like%20power,further%20complicates%20consistent%20security%20
measures.


“SCADA Systems.” SCADA Systems, www.scadasystems.net/. Accessed 10 Apr. 2026.


“What Is SCADA and SCADA System?” Fortinet,
www.fortinet.com/resources/cyberglossary/scada-and-scada-systems#:~:text=SCADA%20syste
ms%20are%20typically%20deployed,in%20place%20to%20protect%20them. Accessed 10 Apr.
2026.

Leave a Reply

Your email address will not be published. Required fields are marked *