Steps must be taken to ensure the security of SCADA systems in order to protect and maintain critical infrastructure in modern society.<\/p>\n\n\n\n
Introduction<\/strong><\/p>\n\n\n\n <\/strong>In the modern world, critical infrastructure systems are generally automated in order to mitigate the risk of human error. While this helps to ensure that the infrastructure does not get misused by workers, it opens new vulnerabilities, namely cyber threats. These infrastructures are monitored and controlled by SCADA systems. SCADA, standing for \u201cSupervisory Control and Data Acquisition\u201d are systems which can be used to measure important parameters such as water chemistry, power consumption or output, and much more, as well as alter these parameters. <\/p>\n\n\n\n Vulnerabilities<\/strong><\/p>\n\n\n\n <\/strong>The cyber-linked nature of modern infrastructure gives rise to new vulnerabilities. Some of these are the misreading and misinterpretation of critical data, unauthorized access to control systems, and downtime in the control systems – whether through faulty programming or via a malicious attack.<\/p>\n\n\n\n Data misrepresentation and HMIs<\/strong><\/p>\n\n\n\n SCADA systems, despite functioning as a mitigator for human error, do not fully eliminate the possibility of misuse. These systems measure data in ways which may not be easy or simple for a worker to understand or interpret, which may lead to incorrect determinations based on misread data. To this end, companies use HMIs, or Human Machine Interfaces, which display data in simpler ways such as charts or graphs. According to scadasystems.net, \u201cThese representations can be as simple as an on-screen traffic light that represents the state of the actual traffic light in the area, or complex, like the multi-projector display that represents the position of all the trains on railway or elevators in skyscrapers\u201d (ScadaSystems.net). It is through these Human Machine Interfaces that alterations are made to infrastructure systems.<\/p>\n\n\n\n Unauthorized Access<\/strong><\/p>\n\n\n\n <\/strong>Unauthorized access is a major fault in the security of infrastructure in the cyber world. Whether through someone with malicious intent making their way to a physical terminal location, or through social engineering to learn of a worker\u2019s account details, unauthorized access to SCADA systems could be catastrophic to any business or organization in charge of this infrastructure. For example, a major US drinking water treatment facility was victim to a SCADA system hack in February 2021. According to the Cybersecurity & Infrastructure Security Agency, the hackers \u201cused the SCADA system\u2019s software to increase the amount of sodium hydroxide\u2026 a caustic chemical, as part of the water treatment process\u201d (CISA). While this specific incident was detected and resolved before causing issues to the public, we must take action to reduce risk of similar incidents occurring in the future. One such action is ensuring the security of the SCADA systems themselves, via enhancing physical security of the terminals such as having security guards and key card locks, and enhancing the online security through ensuring only company devices with secure digital certificates are permitted to access or alter the systems.<\/p>\n\n\n\n Downtime<\/strong><\/p>\n\n\n\n The third major risk of SCADA systems in critical infrastructure is the risk of extended downtime. This can occur either through an unforeseen error in the devices\u2019 programming, or through a malicious attack, such as a denial of service attack. The former can be prepared for by ensuring that systems are constantly monitored, baselines are recorded, and aberrant data is investigated. The latter can be addressed by ensuring that proper firewalls are installed, both between the exterior internet and laterally between the devices within the business.<\/p>\n\n\n\n Conclusion<\/strong><\/p>\n\n\n\n SCADA systems and HMIs are a great advancement in the modern world\u2019s critical infrastructure. Despite the benefits of these devices, it is always important to understand and address the risks which the devices bring to the table. Businesses employing SCADA systems should ensure that data is interpreted and used properly, that steps are taken to prevent unauthorized access, and that monitoring is maintained to ensure that downtime is minimal.<\/p>\n\n\n\n References<\/strong><\/p>\n\n\n\n Article provided by Professor Kirkpatrick; \u201cSCADA Systems\u201d https:\/\/www.scadasystems.net<\/a> <\/p>\n\n\n\n Cybersecurity & Infrastructure Security Agency, \u201cCompromise of U.S. Water Treatment Facility, https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa21-042a<\/a> <\/p>\n","protected":false},"excerpt":{"rendered":" Steps must be taken to ensure the security of SCADA systems in order to protect and maintain critical infrastructure in modern society. Introduction In the modern world, critical infrastructure systems are generally automated in order to mitigate the risk of human error. While this helps to ensure that the infrastructure does not get misused by… <\/p>\n