SCADA Systems

Posted by dbeck013 on

SCADA Systems
Derek Beckham
March 20, 2022


A SCADA is a control system architecture designed to perform a supervisory operation over a variety of processes and devices. They are used to control infrastructure processes, facility-based processes and industrial processes, everything from control of machinery in power plants to the management of traffic lights in cities. Critical infrastructure industries rely on SCADA devices to perform daily operations. Unfortunately, many SCADA systems are outdated and vulnerable to cyber-attacks.


According to threat researchers at Trend Micro, the number of vulnerabilities reported in SCADA systems has been increasing, with 2018 having the most reported vulnerabilities and 2019 having the second most. They believe that these types of vulnerabilities will be more common as more PLCs and HMIs are found online. The impact of an attack on a SCADA system can be sever, ranging from production delays and industry downtime to critical human safety hazards.


Trend Micro also notes that previous attacks against industrial facilities have highlighted the impact of attacks on SCADA systems:


• Possibly the most well-known was the Stuxnet worm in 2010 that targeted industrial facilities through SCADA vulnerabilities.
• In 2016, the malware known as Industroyer caused power outages in Ukraine.
• While in 2017, the Trojan Triton targeted industrial safety systems that caused an operational shutdown. Such cyberattacks continue to exist today—an Indian nuclear power plant was discovered to have suffered from a cyberattack that may have been meant for espionage and data exfiltration.” (Trend Micro, 2019)


The main issue with SCADA vulnerabilities is that many of them can be exploited by novice attackers because of the simplicity of the vulnerabilities. Simple vulnerabilities like stack and buffer overflows can lead to DoS attacks and easily shut down a SCADA system. Most of the vulnerabilities that get reported are easy to fix and get mitigated very quickly. It is the vulnerabilities that do not get reported that are the real issue.


It is critically important that SCADA manufactures, vendors and maintainers continually test for new vulnerabilities and address that as quickly as possible. The NIST has provided a set of recommendations regarding ICS security in order to reduce the number of exploitable vulnerabilities:
• Use virtual patching to help manage updates and patches
• Apply network segmentation
• Use adequate security measures between the ICS network and corporate network
• Properly manage authorization and user accounts
• Use endpoint protection on engineering workstations connected to SCADA for device programming and control adjustments
• Maintain strict policies for devices that are allowed to connect to SCADA networks
• Restrict the roles of transitory SCADA nodes to a single purpose
• Prevent the use of unknown and untrusted USB devices


References
1. One Flaw Too Many: Vulnerabilities in SCADA Systems. (2019). Security News. https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/one-flaw-too-many-vulnerabilities-in-scada-systems

Leave a Reply

Your email address will not be published. Required fields are marked *