Supervisory Control and Data Acquisition systems provide increased efficiency, improved safety, real time monitoring and cost savings with system monitoring and control of industrial processes (SCADA, 2023). Like all technologies, SCADA system comes with vulnerabilities. Sensor/hardware vulnerabilities and network vulnerabilities can be tempered and countered with ruggedized equipment and redundancy, good cyber security practices, network hardening and live monitoring.
SENSOR AND HARDWARE MALFUNCTION
In 2012, hackers replaced data on computer systems owned by Aramco with a picture of a burning American flag. The malware attempted to spread from the corporate network to the SCADA network running the industrial activities of the Saudi owned company. However due to data backups and isolation of the network, it was unable to replicate into the SCADA network and affect the PLCs (Biswas, 2022).
SCADA systems rely on data fed by sensor fed to RTUs (Remote Terminal Units) to provide accurate information to HMIs (Human Machine Interface) which control PLCs (Programmable Logic Controllers). A malfunction in any part of the SCADA system can cause system failure. A compromised or failed HMI can be a single point of failure if supervisors are unable to control processes with it. A sensor or RTU failure can provide erroneous data to the system, and a faulty or compromised PLC can cause damage or failure in critical installations.
MITIGATION: RUGGEDIZED EQUIPMENT, BACKUPS AND REDUNDANCY
To combat this, the SCADA Systems article suggests redundancy through data backups, automatic controller devices and the use of ruggedized hardware to mitigate risk (SCADA, 2023). The DOE (Department of Energy) also recommends conducting regular physical surveys of remote sites to identify vulnerabilities in equipment and physical security (DOE, 2023). Another mitigation technique mentioned in the DOE guide, “21 Steps to Improve Cyber Security of SCADA Networks” is to ensure a disaster recovery plan is in place in the event of system failure or cyber-attack (DOE, 2023).
NETWORK VULNERABILITIES
Second and Third Generation SCADA systems provide network interoperability and communication resulting in reduced cost and convenience with Distributed and Networked connections (SCADA, 2023). However, this convenience came at a price: network vulnerabilities.
A well-known network attack is the 2009 Stuxnet attack on Iran’s nuclear enrichment complex (Biswas, 2022). Entering the system via vulnerabilities in Microsoft Windows, it disrupted the PLCs halting the enrichment of uranium.
Network vulnerabilities exist in the HMI, mobile applications/web interfaces and protocols of SCADA systems and understanding and applying mitigations can help prevent attacks (TREND, 2019). Outdated protocols and software, malware, unauthorized devices and unauthorized users can all pose risks to SCADA systems opening it to attack.
MITIGATION: NETWORK HARDENING, WHITELISTING, LIVE MONITORING
Network hardening is a way to mitigate risk in a networked SCADA system. An organization can apply network segmentation to prevent the spread of cyberattacks. Regularly applied patches and updates ensure the latest security measures and protocols are up to date (TREND, 2019). The DOE also suggests organizations identify all connections to SCADA networks and disconnect unnecessary connections to the SCADA network, whilst applying a whitelisting control approach to user and processes to prevent unauthorized access (DOE, 2023). Use of Intrusion Detection Systems (IDS) and 24/7 live network monitoring can also help identify suspicious activity and ensure quick and timely response to system failures and attacks (DOE, 2023).
CONCLUSION
SCADA systems are valuable systems that help organization efficiently monitor, control, and activate processes. Second and Third Generation SCADA systems provide increased efficiency with networked interoperability and communication bringing with it physical and network vulnerabilities. In order to combat these vulnerabilities, organizations should invest in ruggedized and redundant hardware, perform regular updates to their network, and be vigilant in monitoring their network through IDS and physical walkthroughs, responding with a disaster recovery plan in the event of an attack or failure.
Sources:
Biswas, S. (2022, April 25). 6 major SCADA attacks that happened and their consequences.
HackerNoon. https://hackernoon.com/6-major-scada-attacks-that-happened-and-their-
consequences
Department Of Energy. (2023, January 1). 21 Steps to Improve Cyber Security of SCADA
Networks. https://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf
SCADA Systems. (2023, January 1). SCADA systems. SCADA Systems.
http://www.scadasystems.net/
TREND MICRO. (2019, December 16). One flaw too many: Vulnerabilities in SCADA systems.
Security News. https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-
exploits/one-flaw-too-many-vulnerabilities-in-scada-systems