Vulnerabilities of critical infrastructure and SCADA applications
As cities continue to increase their reliance on technology to address aspects of their critical infrastructure there exist vulnerabilities for hackers to exploit.
Critical infrastructure
As the world increases its advancement with technology, so too are cities integration of technology to monitor and control its infrastructure. These technologically integrated cities are called smart cities and their numbers are on the rise. Within these smart cities are critical infrastructure such as power plants, water, schools, and transportation (Ercan, 2021) which if compromised could lead to a disruption to the inhabitance as well as the businesses within these cities. Vulnerabilities exist in everything and the ones that can affect these infrastructures can be accomplished by people, nature, or malfunctions.
Not too long ago there was an attack on the electrical grid in the Pacific North-West where it was reported that some people where shooting at the powerlines (Wilson, 2022). This is an example of people affecting the infrastructure. It is indeed a physical attack but there could also be negligence from the people that are responsible for maintaining these infrastructures. Natural disasters such as tornados, floods, and earthquakes are another vulnerability to these infrastructures where they could be destroyed or taken offline for days to weeks at a time. Consider the effects of hurricanes to the coastlines where flooding takes out road access or winds tear down trees onto powerlines. This disruption to the lives of those that rely on these critical infrastructures are what makes them a priority to secure. Not only from people but also from the elements as well as itself (updates and patches).
SCADA
SCADA stands for Supervisory Control And Data Acquisition and as an application it is responsible for the collection and monitoring of data. This application can be used both commercially and industrially to allow end users the ability to review and act on the data collected either on site or via the internet. The ability to have remote access is great for near real time access and action should it be required. The data that SCADA applications collect is sent to Human-Machine Interfaces for the operators. This level of access and information is paramount to maintain the uptime of critical infrastructures.
However, there are also vulnerabilities with SCADA applications as they are indeed susceptible to hacks. In 2010, Iran was in the process of enriching uranium for the purpose of nuclear energy. However, their enrichment plant was hacked and proceeded to destabilize the centrifuges and have them break (Rhysider, 2019). Had this been an attack on a functional nuclear powerplant it potentially could have far reaching ramifications for the plant as well as the people that reply on the power it supplied. This attack was called Stuxnet and it is a prime of a hack taking out key infrastructure.
While the Stuxnet attack is an extreme example, it is none the less important that critical infrastructure is protected. SCADA is not without its share of vulnerabilities due to the nature that it is a system that can be connected to the internet. Cyberattacks or even human error are an ever-present threat to the applications. Vendors are working to incorporate virtual private networks as well as firewalls to address the risks of hacks.
Conclusion
SCADA applications are not only helpful in the daily operations of maintain critical infrastructure, but it is also gateway to sabotaging the critical infrastructure. It is important to not only physical safeguard the infrastructure but to safeguard the mechanisms and controls of the internet connected systems like SCADA applications.
References:
SCADA systems. SCADA Systems. (n.d.). from http://www.scadasystems.net/
Ercan, T. (2021). Solving Urban Infrastructure Problems Using Smart City Technologies. https://doi.org/10.1016/B978-0-12-816816-5.00024-3
Wilson, C., & Ryan, J. (2022, December 9). String of electrical grid attacks in Pacific Northwest is unsolved. opb. Retrieved March 26, 2023, from https://www.opb.org/article/2022/12/08/string-of-electrical-grid-attacks-in-pacific-northwest-are-unsolved/
Rhysider, J. (2019). EP 29: Stuxnet. Darknet Diaries. from https://darknetdiaries.com/episode/29/