SCADA Systems

Posted by dhale002 on

Destiny Hale

March 21, 2023

SCADA systems are used today to maintain infractures processes within an industrial facility. Within this system comes different interfaces or software that help regulate data or provide real-time results. In this write-up, we’ll find out how a SCADA system operates, what vulnerabilities it encounters, and what it takes to mitigate future cybersecurity attacks.

What Is It?

Supervisory control and data acquisition (or SCADA for short) is an industrial control system that combines hardware and software components in order to supervise and control things remotely and locally in factories (Phoenix Control System Limited). A couple examples that this system plays a part are water treatment systems, sewage treatment systems, gas pipelines, etc. This system also has subsystems that gather and process data to send to other components. Those subsystems that are present in the systems are: an apparatus, a supervisory system, remote terminal units, and a programmable logic controller. Apparatuses are used by human operators in which this system presents processed data it has gathered to the operator(which is also called Human Machine Interface). The supervisory system also gathers data about the process, however, this isn’t operated by a human. Remote terminal units are connected to sensors of the process which later convert the signals to the data and send them to the supervisory stream. Lastly, a programmable logic controller is used as a field device. All of these subsystems are what keeps data regulated and stable.

Vulnerabilities

Being efficient and precise with its data, the outputs and results that are being transported throughout SCADA systems can also be exposed.One vulnerability that is found within these systems is a lack of encryption. With these systems not having the ability to encrypt communication, malicious actors can use sniffing to discover username and passwords(Berman 2017). Another one is network segmentation. With having misconfigured networks, this provides unauthorized access to the system. Since these systems are a part of the IoT concept, web application attacks such as cross-site scripting and SQL injections can alter the systems, especially in HMI and PLC. The last and final one is remote access. Malicious actors can gain access to the network through a backdoor entry if not protected. However, how can we prevent these vulnerabilities from happening?

Mitigation Solutions

According to Alcala(2023), here’s how we can prevent these attacks from happening. To list a few, one is hardening SCADA networks by removing or disabling unnecessary services. Another is establishing strong controls over any medium in prevention of backdoors. To prevent sensitive data from being exposed, establishing policies and conducting training will disclose everything within the system. To check the network’s security, performing technical audits within the devices are able to identify security concerns. Lastly, conducting physical security surveys in remote sites can evaluate their network security. By following all of these methods, this will keep the system secured.

Conclusion

In conclusion, SCADA systems are there to maintain industrial processes in today’s industrial facilities. Where you’ll see them is in water treatment systems, sewage treatment systems, and gas pipelines. With its software, these systems are able to gather, receive, process, or send data. However, if not secured properly, numerous vulnerabilities will be exposed throughout the network. Malware, misconfiguration, and lack of encryption are a few vulnerabilities that can be found in a poorly secured system. In order to prevent these attacks from happening, establishing and testing the systems frequently will prevent malicious actors from gaining unauthorized access to sensitive information. 

References

Alcala, F. (2023, February 6). Protecting SCADA systems from cyber-attacks. Experts in Cybersecurity Services. Retrieved March 21, 2023, from https://www.compassitc.com/blog/protecting-scada-systems-from-cyber-attacks 

Berman, J. (2017, March 20). Critical Infrastructure and SCADA/ICS cybersecurity vulnerabilities and threats. LinkedIn. Retrieved March 21, 2023, from https://www.linkedin.com/pulse/critical-infrastructure-scadaics-cybersecurity-threats-justin-berman

SCADA systems. Phoenix Control Systems Ltd. (2023, February 16). Retrieved March 21, 2023, from https://phoenixcontrol.co.uk/scada-systems/ 

SCADA systems. SCADA Systems. (n.d.). Retrieved March 21, 2023, from http://www.scadasystems.net/

Leave a Reply

Your email address will not be published. Required fields are marked *