CYSE 200

Write-Up on SCADA Systems

Posted by jhend050 on

Assignment Description: “This write-up you will use the SCADA Systems (SCADA Systems, 2024) article, along with your own research, to explain the vulnerabilities associated with critical infrastructure systems, and the role SCADA applications play in mitigating these risks.

This write-up is to be IN YOUR OWN WORDS, and must reference the aforementioned article, and at least one additional source of your choosing.”

The Security Concerns of SCADA Systems


Introduction:
SCADA systems, or Supervisory Control and Data Acquisition systems, are the technological systems used to control, supervise, and maintain wide-scale infrastructure and industrial systems and processes. SCADA includes systems like water treatment, sewage, and energy, the critical infrastructures of a nation. These essential systems are under constant strain though, with “more than 40% of attacks reported to [the FBI] in 2023 related to critical infrastructure organizations,” (Beecher, 2024). With how important these systems are to the health of the people, the organizations running them need to understand the defenses they need to provide for their SCADA systems and how to train the people running them.

Current Protections:
There are numerous current working protections in most SCADA systems that are functional and important to understand. For example, master stations with multiple servers allow for “disaster recovery sites… dual-redundant formation, providing monitoring and continuous control during server failures” (SCADA Systems, 2024). Other common security practices include “specialized industrialized VPN and firewall solutions for SCADA networks” (SCADA Systems, 2024). While these technologies are among the more developed securities commonly provided, they alone are not enough and need to be expanded upon.

Technical Vulnerabilities:
A major oversight of SCADA securities is the executives assuming the technology is already secure. However, because the systems have internet access “the vulnerability of the system is increased,” (SCADA Systems, 2024). Additionally, the packet system SCADA systems use have a lack of inherit security protections, meaning that “any person sending packets to a SCADA device is in a position to control it…[providing] the capacity to bypass the security on control software and control SCADA networks.” (SCADA Systems, 2024). The default securities provided when implementing a SCADA system is not enough, the agencies overseeing them need to model themselves after leading cybersecurity policies in the industry like Wi-SUN FAN that incorporates stronger firewalls, mesh topologies to stop entire systems from being affected, and certificate-based authentication (Beecher, 2024).

Human Vulnerabilities:
In addition to the vulnerabilities in the code, poorly trained employees can also create opportunities for attacks. No matter how secure the systems and backups are, all it takes is one hacked employee account to cost the company billions and affect public health. Strict password requirements, multi-factor authorization, and role-based authorization can all help protect from employee mistakes and minimize the damages a hacked account can cause.

Conclusion:
While there are numerous apt protections for the SCADA systems running critical infrastructure systems, there are numerous glaring flaws in the code and risks in the human firewall. For the sake of public health and safety, the agencies involved with the SCADA systems need to take every possible measurement available to strengthen their securities. With a combination of patching vulnerabilities like sending packages allowing attackers to gain control, implementing better policies with a focus on mesh topologies and better authentication services, and in-depth employee training, SCADA systems can protect themselves from the every-growing rate of attacks on their infrastructure.

References


Beecher, P. (2024, October 24). Why Cybersecurity Should Be at the Top of the Agenda for the Utilities Sector. The Fast Mode. Retrieved November 3, 2024, from https://www.thefastmode.com/expert-opinion/37864-why-cybersecurity-should-be-at-the-top-of-the-agenda-for-the-utilities-sector

SCADA Systems. (2024). SCADA Systems. SCADA Systems – SCADA Systems. Retrieved November 3, 2024, from https://www.scadasystems.net/

Leave a Reply

Your email address will not be published. Required fields are marked *