{"id":296,"date":"2025-04-02T03:15:16","date_gmt":"2025-04-02T03:15:16","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/?p=296"},"modified":"2025-04-02T03:15:16","modified_gmt":"2025-04-02T03:15:16","slug":"scada-systems-technology","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/2025\/04\/02\/scada-systems-technology\/","title":{"rendered":"SCADA SYSTEMS TECHNOLOGY"},"content":{"rendered":"\n

SCADA SYSTEMS TECHNOLOGY<\/strong><\/p>\n\n\n\n

ENFORCING INFRASTRUCTURE<\/strong><\/p>\n\n\n\n

BY<\/strong><\/p>\n\n\n\n

FELIPE GONZALEZ <\/strong><\/p>\n\n\n\n

SCADA Systems, what does it mean for infrastructure systems? Why is it<\/p>\n\n\n\n

important and crucial to maintain?And why do we need to sustain its infrastructure no<\/p>\n\n\n\n

matter what the cause?<\/p>\n\n\n\n

Will discuss and explain some vulnerabilities associated with the system and the<\/p>\n\n\n\n

role applications that play in mitigating some risk. What would happen if there was a<\/p>\n\n\n\n

cyberattack nationwide, and all the infrastructure systems in the United States like our<\/p>\n\n\n\n

fresh water systems, wastewater systems, gas pipelines, power generation to mention a<\/p>\n\n\n\n

few, where affected? The human race are simple human beings, but when threatened<\/p>\n\n\n\n

with the possibility that their environment could be affected, it panics. What comes after<\/p>\n\n\n\n

that? People always seem to make things worse for themselves, and will panic buy<\/p>\n\n\n\n

everything, creating more issues. We have seen it, over and over again, even with the<\/p>\n\n\n\n

scarcity of eggs. Imagine what could actually happen if these crucial systems were<\/p>\n\n\n\n

taken out, creating widespread chaos and destruction.<\/p>\n\n\n\n

SCADA Systems<\/strong><\/p>\n\n\n\n

Supervisory Control and Data Acquisition<\/strong> \u2013 SCADA refers to ICS (industrial<\/p>\n\n\n\n

control systems) . It has become the backbone of several critical infrastructures like<\/p>\n\n\n\n

water treatment plants, wastewater treatment plants, gas pipelines, facility-based19 March 2025<\/p>\n\n\n\n

processes like airports, space stations, ships, and industrial processes like production,<\/p>\n\n\n\n

manufacturing, refining, power generation ect. This system helps manage the most<\/p>\n\n\n\n

critical parts of what makes people’s lives better, makes us civil, makes us a civilization.<\/p>\n\n\n\n

To include subsystems present in SCADA systems which includes apparatus operated<\/p>\n\n\n\n

by human operators, systems that gather all required data to process, Remote terminals<\/p>\n\n\n\n

Units (RTU\u2019s), and Logic controllers(PLC\u2019s) just to mention a few.<\/p>\n\n\n\n

Vulnerabilities<\/strong><\/p>\n\n\n\n

The main cause of SCADA vulnerabilities is that it is connected to the web, or<\/p>\n\n\n\n

has become easy targets due to lack of security protocols. The security of SCADA<\/p>\n\n\n\n

based systems is being questioned, as it has become a highly potential target for<\/p>\n\n\n\n

cyberterrorism and cyberwarfare attacks. SCADA has undergone significant evolution to<\/p>\n\n\n\n

where it was typically isolated to now, a highly interconnected network. Although this<\/p>\n\n\n\n

brought many benefits like enhanced performance efficiency and some type of cost<\/p>\n\n\n\n

reduction, it made SCADA more vulnerable to cyberattacks. Many of the vulnerabilities<\/p>\n\n\n\n

are that SECADA security is still IT-based and is not efficient enough to detect more<\/p>\n\n\n\n

sophisticated increased risks and threats.<\/p>\n\n\n\n

There has been many cyber incidents in the history of SCADA systems dating<\/p>\n\n\n\n

back to 1982, maybe personnel are getting comfortable because they believe that<\/p>\n\n\n\n

systems are protected, thinking that a VPN is sufficient protection, but their is still the<\/p>\n\n\n\n

physical access to the networks, providing vulnerabilities to bypass the security control<\/p>\n\n\n\n

software and be able to control SCADA networks. The costs related to system failures<\/p>\n\n\n\n

are very high, and even can cost lives.19 March 2025<\/p>\n\n\n\n

Many of the vulnerabilities are human error, like improper input into the systems,<\/p>\n\n\n\n

many ICS vendors commercialize the architecture and applications network protocols<\/p>\n\n\n\n

creating problems, affecting control system networks, to where any exploids can be<\/p>\n\n\n\n

used via the web.<\/p>\n\n\n\n

The SECADA system was created with no security considerations, and<\/p>\n\n\n\n

implementation errors in design and architecture, where older versions lacked proper<\/p>\n\n\n\n

security measures, this increases the chances that an attacker can monitor network<\/p>\n\n\n\n

activities and steal information of future attacks.<\/p>\n\n\n\n

Other vulnerabilities also occur due to weak techniques like the lack of encryption<\/p>\n\n\n\n

to where the software fails to encrypt data before storage or transmission, inadequate<\/p>\n\n\n\n

encryption strength which can result in other weaknesses, lack of verification of data<\/p>\n\n\n\n

authenticity which can create validation errors, weak passwords, improper access<\/p>\n\n\n\n

controls and improper identification protocols.<\/p>\n\n\n\n

Enforcing security risks and controls<\/strong><\/p>\n\n\n\n

Companies need to secure all autonomous operations by implementing more<\/p>\n\n\n\n

robust security controls to all systems, implementing network segmentation, firewalls, to<\/p>\n\n\n\n

incorporate a more strict privilege identity access management protocols to include a<\/p>\n\n\n\n

top security clearance for personnel managing main controls, and more effective<\/p>\n\n\n\n

monitoring and security controls. Furthermore regular patchin and software updates,<\/p>\n\n\n\n

hardening of devices to protect them from malware. By starting these essential security<\/p>\n\n\n\n

protocols organizations can mitigate risks.<\/p>\n\n\n\n

For the physical SCADA systems, hardware needs to be more ruggedized to<\/p>\n\n\n\n

withstand higher temperatures\/voltage, and to withstand higher vibrations to increase19 March 2025<\/p>\n\n\n\n

reliability. This is due to the fact that many installations’ hardware has not been updated<\/p>\n\n\n\n

for many years; it’s very old, and will become a liability in the near future.<\/p>\n\n\n\n

These area other controls and mitigations that can be use to help enhance<\/p>\n\n\n\n

security of the SCADA system:<\/p>\n\n\n\n

1- Asset management inventory<\/strong>; can help discover unauthorized devices connected to the SCADA network, to include device configurations, software and firmware to document asset inventory with device locations in the network.<\/p>\n\n\n\n

2- Vulnerability assessment and management<\/strong>; this can help determine several entries that the attackers may use.<\/p>\n\n\n\n

3- Using safe memory languages<\/strong>; Rust is a memory-safe language, it guarantees memory safety, isolation and concurrency. This language is used to design future Iot-SCADA operating environments where buffer overflow will no longer be an issue.<\/p>\n\n\n\n

4- Integrity checks<\/strong>; By doing this in field devices, it can prevent attempts to crash a SCADA server or network by DoS and DDos attacks.<\/p>\n\n\n\n

5- Input validation<\/strong>; Where designers can consider all possible entries where attackers can input data, will help validate inputs by employing a whitelist approach.<\/p>\n\n\n\n

6- Privileged access management<\/strong>; Manage users to critical assets and control systems.<\/p>\n\n\n\n

7- Credential management<\/strong>; Vital role improving cybersecurity in an industrial SCADA system.<\/p>\n\n\n\n

And many more, these are just a few to get the ball rolling in protecting assets.<\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

With many system upgrades, plans, tactics, training, risk assessments and testbeds that can be put in <\/p>\n\n\n\n

place, to secure the safety and protection from risk, and to clear all possible vulnerabilities from the <\/p>\n\n\n\n

systems, and it starts with every single personnel as a whole, since people are the main contributor for<\/p>\n\n\n\n

error. As you can see, there are many threats and risks that can jeopardize a SCADA system. There are <\/p>\n\n\n\n

still ways to go because the consequences can be totally catastrophic and they have to be averted. <\/p>\n\n\n\n

There are many open challenges, and many improvements in the fields of SCADA and ICS like dataset <\/p>\n\n\n\n

development, but hopefully will get there one day.<\/p>\n\n\n\n

References<\/strong>:<\/p>\n\n\n\n

SCADA Systems article provided by ODU- SCADA Systems https:\/\/docs.google.com\/document\/d\/1DvxnWUSLe27H5u8A6yyIS9Qz7BVt_8p2WeNHctGVboY\/edit?tab=t.0<\/a><\/p>\n\n\n\n

Manar Alanazi, Abdun Mahmood, Mohammad Jabed Morshed Chowdhury, \u201cSCADA vulnerabilities and attacks: A review of the state\u2010of\u2010the\u2010art and open issues\u201d, Computers & Security, Volume 125, 2023, https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404822004205<\/a><\/p>\n\n\n\n

IEEE Public Safety Technology Initiative, public charity, \u201cCybersecurity of Critical Infrastructure with ICS\/SCADA Systems\u201d, 2025 https:\/\/publicsafety.ieee.org\/topics\/cybersecurity-of-critical-infrastructure-with-ics-scada-systems#:~:text=These%20specialized%20computer%20systems%20are,with%20legacy%20ICS\/SCADA%20systems<\/a><\/p>\n\n\n\n

Sinclair, Koelemij, \u201cWhy SCADA and DCS Face Different Cyber Threats\u201d, Industrial Cyber, 2024, https:\/\/industrialcyber.co\/expert\/why-scada-and-dcs-face-different-cyber-threats\/#:~:text=Example:%20A%20cyber%2Dattack%20on,safety%20incidents%2C%20or%20production%20losses<\/a><\/p>\n\n\n\n

Andrew Erickson, \u201c14 Major SCADA Attacks and What You Can Learn From Them\u201d, DPS TELECOM, 2019, https:\/\/www.dpstele.com\/blog\/major-scada-hacks.php#:~:text=Primary%20Security%20 Vulnerabilities,gain%20control%20of%20system%20components.<\/a><\/p>\n\n\n\n

The Claroty Team, \u201cSCADA Risk Management: Protecting Critical Infrastructure\u201d, Claroty press, 2024, https:\/\/claroty.com\/blog\/scada-risk-management-protecting-critical-infrastructure<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

SCADA SYSTEMS TECHNOLOGY ENFORCING INFRASTRUCTURE BY FELIPE GONZALEZ SCADA Systems, what does it mean for infrastructure systems? Why is it important and crucial to maintain?And why do we need to sustain its infrastructure no matter what the cause? Will discuss and explain some vulnerabilities associated with the system and the role applications that play in… <\/p>\n

Read More<\/a><\/div>\n","protected":false},"author":30571,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/posts\/296"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/users\/30571"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/comments?post=296"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/posts\/296\/revisions"}],"predecessor-version":[{"id":297,"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/posts\/296\/revisions\/297"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/media?parent=296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/categories?post=296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/gonzalezcybersite\/wp-json\/wp\/v2\/tags?post=296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}