Justin W Christopherson
Old Dominion University
CYSE: 200T
Professor Kirkpatrick
March 24, 2024
Exploring SCADA: Functionality and Vulnerabilities
Supervisory Control and Data Acquisition (SCADA) systems have been around as a concept since
the 60’s. There have been multiple variations of SCADA that vary depending on the technologies
available during the time frame of their use. SCADA works on a 5-tier principle to provide real-time
monitoring of industrial control systems and infrastructure. While considering SCADA systems one also
must consider the potential vulnerabilities to industrial control systems and infrastructure.
History of SCADA
SCADA is rooted in the mid-20th century when industrial automation began. It wasn’t until the
1960’s that it gained momentum because digital computations and telecommunications were on the
rise. The earliest implementation of SCADA was used to connect electrical grids. The First generation of
SCADA systems had little to no networking capabilities so unless they were hard wired there wasn’t
great distances between the controllers and the equipment. The second generation of SCADA brought
about LAN technologies which allowed sites to communicate with each other in real time and came with
the implementation of human-machine interfaces which also allowed troubleshooting. The current
rendition of SCADA introduced an open system architecture that took away from vendors being able to
charge millions for proprietary systems. They also utilize WAN protocols which allows them to
communicate across the world.
5-Tier Principle
Modern renditions of SCADA are based on a 5-tier system that starts with Data acquisition. In
this step data is collected from various electrical systems sensors and meters. With this the
administrators can monitor industrial control systems and infrastructure from remote sites that can
range from an office down the street to across the world. The next logical step is to be able to control
the system. This is done with the Supervisory Control step; with this step not only can they see what is
happening, but they can also control what is going on at the various sites. This can’t be done without
Communication. The way that works varies depending on the era the system was built but is mostly a
combination of wired connections and wireless technologies. The next step in the process is what
administrators see when operating a SCADA system. This is done via the Human-Machine Interface. This
gives administrators the ability to see the real-time data as it is being collected. The last step in the
process is the most mundane and involves the Data Logging and Storage. This gives them to log and
store all data received from the various systems.
Vulnerabilities
Being that companies would prefer to connect their offices and warehouses across the country
they have began relying on being interconnected via the web they face a significant number of
vulnerabilities. This opens these companies and infrastructure to attacks from hackers that want to gain
unauthorized access, disrupt operations, or even cause physical harm. A prime example of this type of
attack on infrastructure happened in Ukraine in 2015. Russian state actors were able to shut down the
power grid in Ukraine using the BlackEnergy Malware.
Conclusion
To conclude SCADA systems are one system in millions that are here to stay, but changes need
to be made, to secure them. SCADA has made leaps and bounds through various generations and as
technologies evolve, they improve. The 5-tier principle of SCADA, includes data acquisition, supervisory
control, communication, human-machine interface, and data logging/storage, provide monitoring and
control of industrial systems. The connection of modern SCADA systems also exposes them to cyber
threats, as shown by the Ukraine power grid attack in 2015. As industries continue to rely on SCADA for
critical operations, a focus must be made on securing them not only in the physical realm but also the
cyber realm as well.
References
A brief history of the SCADA system. Process Solutions, Inc. (2020, October 8).
https://processsolutions.com/a-brief-history-of-the-scada-system/
Cyber-attack against Ukrainian critical infrastructure: CISA. Cybersecurity and Infrastructure Security
Agency CISA. (2021, March 4). https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01
Johnson, M. (2019, May 14). The birth and development of SCADA. The Earth Awards.
https://theearthawards.org/a-brief-history-of-the-scada-system/
SCADA systems. SCADA Systems. (n.d.). https://www.scadasystems.net/