SCADA SYSTEMS TECHNOLOGY

Posted by fgonz006 on

SCADA SYSTEMS TECHNOLOGY

ENFORCING INFRASTRUCTURE

BY

FELIPE GONZALEZ

SCADA Systems, what does it mean for infrastructure systems? Why is it

important and crucial to maintain?And why do we need to sustain its infrastructure no

matter what the cause?

Will discuss and explain some vulnerabilities associated with the system and the

role applications that play in mitigating some risk. What would happen if there was a

cyberattack nationwide, and all the infrastructure systems in the United States like our

fresh water systems, wastewater systems, gas pipelines, power generation to mention a

few, where affected? The human race are simple human beings, but when threatened

with the possibility that their environment could be affected, it panics. What comes after

that? People always seem to make things worse for themselves, and will panic buy

everything, creating more issues. We have seen it, over and over again, even with the

scarcity of eggs. Imagine what could actually happen if these crucial systems were

taken out, creating widespread chaos and destruction.

SCADA Systems

Supervisory Control and Data Acquisition – SCADA refers to ICS (industrial

control systems) . It has become the backbone of several critical infrastructures like

water treatment plants, wastewater treatment plants, gas pipelines, facility-based19 March 2025

processes like airports, space stations, ships, and industrial processes like production,

manufacturing, refining, power generation ect. This system helps manage the most

critical parts of what makes people’s lives better, makes us civil, makes us a civilization.

To include subsystems present in SCADA systems which includes apparatus operated

by human operators, systems that gather all required data to process, Remote terminals

Units (RTU’s), and Logic controllers(PLC’s) just to mention a few.

Vulnerabilities

The main cause of SCADA vulnerabilities is that it is connected to the web, or

has become easy targets due to lack of security protocols. The security of SCADA

based systems is being questioned, as it has become a highly potential target for

cyberterrorism and cyberwarfare attacks. SCADA has undergone significant evolution to

where it was typically isolated to now, a highly interconnected network. Although this

brought many benefits like enhanced performance efficiency and some type of cost

reduction, it made SCADA more vulnerable to cyberattacks. Many of the vulnerabilities

are that SECADA security is still IT-based and is not efficient enough to detect more

sophisticated increased risks and threats.

There has been many cyber incidents in the history of SCADA systems dating

back to 1982, maybe personnel are getting comfortable because they believe that

systems are protected, thinking that a VPN is sufficient protection, but their is still the

physical access to the networks, providing vulnerabilities to bypass the security control

software and be able to control SCADA networks. The costs related to system failures

are very high, and even can cost lives.19 March 2025

Many of the vulnerabilities are human error, like improper input into the systems,

many ICS vendors commercialize the architecture and applications network protocols

creating problems, affecting control system networks, to where any exploids can be

used via the web.

The SECADA system was created with no security considerations, and

implementation errors in design and architecture, where older versions lacked proper

security measures, this increases the chances that an attacker can monitor network

activities and steal information of future attacks.

Other vulnerabilities also occur due to weak techniques like the lack of encryption

to where the software fails to encrypt data before storage or transmission, inadequate

encryption strength which can result in other weaknesses, lack of verification of data

authenticity which can create validation errors, weak passwords, improper access

controls and improper identification protocols.

Enforcing security risks and controls

Companies need to secure all autonomous operations by implementing more

robust security controls to all systems, implementing network segmentation, firewalls, to

incorporate a more strict privilege identity access management protocols to include a

top security clearance for personnel managing main controls, and more effective

monitoring and security controls. Furthermore regular patchin and software updates,

hardening of devices to protect them from malware. By starting these essential security

protocols organizations can mitigate risks.

For the physical SCADA systems, hardware needs to be more ruggedized to

withstand higher temperatures/voltage, and to withstand higher vibrations to increase19 March 2025

reliability. This is due to the fact that many installations’ hardware has not been updated

for many years; it’s very old, and will become a liability in the near future.

These area other controls and mitigations that can be use to help enhance

security of the SCADA system:

1- Asset management inventory; can help discover unauthorized devices connected to the SCADA network, to include device configurations, software and firmware to document asset inventory with device locations in the network.

2- Vulnerability assessment and management; this can help determine several entries that the attackers may use.

3- Using safe memory languages; Rust is a memory-safe language, it guarantees memory safety, isolation and concurrency. This language is used to design future Iot-SCADA operating environments where buffer overflow will no longer be an issue.

4- Integrity checks; By doing this in field devices, it can prevent attempts to crash a SCADA server or network by DoS and DDos attacks.

5- Input validation; Where designers can consider all possible entries where attackers can input data, will help validate inputs by employing a whitelist approach.

6- Privileged access management; Manage users to critical assets and control systems.

7- Credential management; Vital role improving cybersecurity in an industrial SCADA system.

And many more, these are just a few to get the ball rolling in protecting assets.

Conclusion

With many system upgrades, plans, tactics, training, risk assessments and testbeds that can be put in

place, to secure the safety and protection from risk, and to clear all possible vulnerabilities from the

systems, and it starts with every single personnel as a whole, since people are the main contributor for

error. As you can see, there are many threats and risks that can jeopardize a SCADA system. There are

still ways to go because the consequences can be totally catastrophic and they have to be averted.

There are many open challenges, and many improvements in the fields of SCADA and ICS like dataset

development, but hopefully will get there one day.

References:

SCADA Systems article provided by ODU- SCADA Systems https://docs.google.com/document/d/1DvxnWUSLe27H5u8A6yyIS9Qz7BVt_8p2WeNHctGVboY/edit?tab=t.0

Manar Alanazi, Abdun Mahmood, Mohammad Jabed Morshed Chowdhury, “SCADA vulnerabilities and attacks: A review of the state‐of‐the‐art and open issues”, Computers & Security, Volume 125, 2023, https://www.sciencedirect.com/science/article/pii/S0167404822004205

IEEE Public Safety Technology Initiative, public charity, “Cybersecurity of Critical Infrastructure with ICS/SCADA Systems”, 2025 https://publicsafety.ieee.org/topics/cybersecurity-of-critical-infrastructure-with-ics-scada-systems#:~:text=These%20specialized%20computer%20systems%20are,with%20legacy%20ICS/SCADA%20systems

Sinclair, Koelemij, “Why SCADA and DCS Face Different Cyber Threats”, Industrial Cyber, 2024, https://industrialcyber.co/expert/why-scada-and-dcs-face-different-cyber-threats/#:~:text=Example:%20A%20cyber%2Dattack%20on,safety%20incidents%2C%20or%20production%20losses

Andrew Erickson, “14 Major SCADA Attacks and What You Can Learn From Them”, DPS TELECOM, 2019, https://www.dpstele.com/blog/major-scada-hacks.php#:~:text=Primary%20Security%20 Vulnerabilities,gain%20control%20of%20system%20components.

The Claroty Team, “SCADA Risk Management: Protecting Critical Infrastructure”, Claroty press, 2024, https://claroty.com/blog/scada-risk-management-protecting-critical-infrastructure

Leave a Reply

Your email address will not be published. Required fields are marked *