{"id":439,"date":"2024-04-20T18:51:45","date_gmt":"2024-04-20T18:51:45","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/jchris82\/?p=439"},"modified":"2024-04-20T18:51:45","modified_gmt":"2024-04-20T18:51:45","slug":"exploring-scada-functionality-and-vulnerabilities","status":"publish","type":"post","link":"https:\/\/sites.wp.odu.edu\/jchris82\/2024\/04\/20\/exploring-scada-functionality-and-vulnerabilities\/","title":{"rendered":"Exploring SCADA: Functionality and Vulnerabilities"},"content":{"rendered":"\n<p><br>Justin W Christopherson<br>Old Dominion University<br>CYSE: 200T<br>Professor Kirkpatrick<br>March 24, 2024<\/p>\n\n\n\n<p>Exploring SCADA: Functionality and Vulnerabilities<br>Supervisory Control and Data Acquisition (SCADA) systems have been around as a concept since<br>the 60\u2019s. There have been multiple variations of SCADA that vary depending on the technologies<br>available during the time frame of their use. SCADA works on a 5-tier principle to provide real-time<br>monitoring of industrial control systems and infrastructure. While considering SCADA systems one also<br>must consider the potential vulnerabilities to industrial control systems and infrastructure.<\/p>\n\n\n\n<p><br>History of SCADA<br>SCADA is rooted in the mid-20th century when industrial automation began. It wasn\u2019t until the<br>1960\u2019s that it gained momentum because digital computations and telecommunications were on the<br>rise. The earliest implementation of SCADA was used to connect electrical grids. The First generation of<br>SCADA systems had little to no networking capabilities so unless they were hard wired there wasn\u2019t<br>great distances between the controllers and the equipment. The second generation of SCADA brought<br>about LAN technologies which allowed sites to communicate with each other in real time and came with<br>the implementation of human-machine interfaces which also allowed troubleshooting. The current<br>rendition of SCADA introduced an open system architecture that took away from vendors being able to<br>charge millions for proprietary systems. They also utilize WAN protocols which allows them to<br>communicate across the world.<\/p>\n\n\n\n<p><br>5-Tier Principle<br>Modern renditions of SCADA are based on a 5-tier system that starts with Data acquisition. In<br>this step data is collected from various electrical systems sensors and meters. With this the<br>administrators can monitor industrial control systems and infrastructure from remote sites that can<br>range from an office down the street to across the world. The next logical step is to be able to control<br>the system. This is done with the Supervisory Control step; with this step not only can they see what is<br>happening, but they can also control what is going on at the various sites. This can\u2019t be done without<\/p>\n\n\n\n<p>Communication. The way that works varies depending on the era the system was built but is mostly a<br>combination of wired connections and wireless technologies. The next step in the process is what<br>administrators see when operating a SCADA system. This is done via the Human-Machine Interface. This<br>gives administrators the ability to see the real-time data as it is being collected. The last step in the<br>process is the most mundane and involves the Data Logging and Storage. This gives them to log and<br>store all data received from the various systems.<\/p>\n\n\n\n<p><br>Vulnerabilities<br>Being that companies would prefer to connect their offices and warehouses across the country<br>they have began relying on being interconnected via the web they face a significant number of<br>vulnerabilities. This opens these companies and infrastructure to attacks from hackers that want to gain<br>unauthorized access, disrupt operations, or even cause physical harm. A prime example of this type of<br>attack on infrastructure happened in Ukraine in 2015. Russian state actors were able to shut down the<br>power grid in Ukraine using the BlackEnergy Malware.<\/p>\n\n\n\n<p><br>Conclusion<br>To conclude SCADA systems are one system in millions that are here to stay, but changes need<br>to be made, to secure them. SCADA has made leaps and bounds through various generations and as<br>technologies evolve, they improve. The 5-tier principle of SCADA, includes data acquisition, supervisory<br>control, communication, human-machine interface, and data logging\/storage, provide monitoring and<br>control of industrial systems. The connection of modern SCADA systems also exposes them to cyber<br>threats, as shown by the Ukraine power grid attack in 2015. As industries continue to rely on SCADA for<br>critical operations, a focus must be made on securing them not only in the physical realm but also the<br>cyber realm as well.<\/p>\n\n\n\n<p>References<br>A brief history of the SCADA system. Process Solutions, Inc. (2020, October 8).<br>https:\/\/processsolutions.com\/a-brief-history-of-the-scada-system\/<br>Cyber-attack against Ukrainian critical infrastructure: CISA. Cybersecurity and Infrastructure Security<br>Agency CISA. (2021, March 4). https:\/\/www.cisa.gov\/news-events\/ics-alerts\/ir-alert-h-16-056-01<br>Johnson, M. (2019, May 14). The birth and development of SCADA. The Earth Awards.<br>https:\/\/theearthawards.org\/a-brief-history-of-the-scada-system\/<br>SCADA systems. SCADA Systems. (n.d.). https:\/\/www.scadasystems.net\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Justin W ChristophersonOld Dominion UniversityCYSE: 200TProfessor KirkpatrickMarch 24, 2024 Exploring SCADA: Functionality and VulnerabilitiesSupervisory Control and Data Acquisition (SCADA) systems have been around as a concept sincethe 60\u2019s. There have been multiple variations of SCADA that vary depending on the technologiesavailable during the time frame of their use. SCADA works on a 5-tier principle to &hellip; <a href=\"https:\/\/sites.wp.odu.edu\/jchris82\/2024\/04\/20\/exploring-scada-functionality-and-vulnerabilities\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Exploring SCADA: Functionality and Vulnerabilities<\/span><\/a><\/p>\n","protected":false},"author":26825,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts\/439"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/users\/26825"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"predecessor-version":[{"id":440,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/posts\/439\/revisions\/440"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/jchris82\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}