The Vulnerabilities of SCADA Systems

Posted by ewatk003 on

BLUF: SCADA stands for Supervisory Control and Data Acquisition, it refers to the use of industrial control systems to control critical infrastructure, facility-based processes, and industrial processes. SCADA systems control important processes like our water and power grids but were not made to be secure, making them easier to hack into.

What do SCADA Systems do?

SCADA systems are used to control major systems for large areas. This includes our water pipes, power grids, gas pipes, airports, ships, production, manufacturing, ect (Duvall). SCADA systems use remote terminal units (RTUs) and programmable logic controllers (PLCs) to monitor and control these major systems. It first starts out by collecting and logging system changes and then formats and sends that information to the operator of the control room using the Human Machine Interface via hard points from tag databases.

The Main Brain

The Human Machine Interface, or HMI, connects the human operator to the RTUs and PLCs. Any data received from the hard points is transmitted to the human operator through graphical images that are updated in real time. From that software the human operators can control the processes in the HMI and can see the effects of their actions. The signals that the HMI sends controls hardware on the infrastructure which is the RTUs and PLCs. The whole system is run on a simpler programming language in order for people to create what they need without having to have a software-developer-written custom-made program (Duvall).

Stepping Stones

The first SCADA systems were used at a time when networks didn’t exist meaning they didn’t have connection to other systems and were independent. Eventually, RTU vendors created the Wide Area Networks which made the SCADA systems able to communicate with the RTUs. The second generation of SCADA systems started to use LAN to share information and distribute the processing between multiple stations. Since the networks were still newer the protocols for them were still proprietary; meaning very few people knew how secure the installation was, and resulting in many security issues for the systems. The most recent generation uses WAN protocols, like the Internet Protocols (IP), to communicate between the system and the master station (Duvall). Because the SCADA systems can be accessed through the internet now, the vulnerability of the systems have increased.

Vulnerabilities

The SCADA systems are very important to us because they control critical infrastructure, so if someone committed a cyberattack on them it could end very badly. Some people think that our system is secure enough but we still have some major threats we need to worry about. Unauthorized access is a big threat to us, whether it’s human access or malware, it can heavily affect our critical infrastructure. Network packets are dangerous for us too. They usually have little to no security on packet control protocol, so any person that is sending packets to a SCADA device can control it (Duvall). They are now trying to develop specialized industrial VPNs specifically for the SCADA systems.

Conclusion

SCADA Systems is what controls all of our critical infrastructure. They use RTUs and PLCs to monitor and control these major systems. The data the come from the RTUs and PLCs get sent to the HMI which displays the information via graphical images to the human operator. The first SCADA systems were independent and not connected to any network. We now have our SCADA system accessible through the internet causing more security threats because these systems were not made to be secure. We are trying to fix this problem by creating specialized industrial VPNs.

References

SCADA Systems. March 29, 2025
https://docs.google.com/document/d/1VnMlL2YmcW5Jg4MdDa1dt5fJpmQM0KVH/edit ?tab=t.0

Malisko. (2024, September 5). Malisko. March 29, 2025,
https://malisko.com/scada-systems-explained/

Leave a Reply

Your email address will not be published. Required fields are marked *