As Industrial Supervisory Control and Data Acquisition (SCADA) systems have increased in popularity, they have become a growing target for malicious actors, requiring urgent attention to strengthen their defenses and ensure operational integrity. SCADA systems are used to control a wide variety of processes that manage our critical infrastructure, from electricity and water, to traffic and gas. Any interruption to these systems can cause major supply chain issues for businesses and consumers. It is paramount that the programs used to manage these important systems are secured from all external threats.
The primary and most common vulnerabilities targeting SCADA systems is that they are not regularly patched and use default passwords. SCADA systems are typically disconnected from the internet, which leads to a false sense of security among administrators. However, in order to integrate with other systems or for ease of access, companies may connect their Industrial Control Systems (ICS) to the internet (Singh, 2020). Open internet access provides an opportunity for malicious actors to gain access to these systems. Therefore, it is very important that all vendor patches are applied in a timely manner, and that default vendor passwords are changed when the system is put in place.
Another common vulnerability to SCADA systems is access to the networks that SCADA systems are hosted on. An attacker who gains access to the internal network that hosts SCADA systems can send malicious packets to SCADA devices. Per the article SCADA Systems, “there remains less or no security on actual packet control; therefore, any person sending packets to a SCADA device is in a position to control it.” Physical access to the switches that host the SCADA network should be controlled, and unused Ethernet ports should be disabled. If the network has access to the internet, all external traffic should be routed through a firewall with a whitelist of IPs for systems that are allowed to interact with devices on the network. With these controls in place, administrators can prevent malicious actors from gaining access to their SCADA device network.
Despite the mitigation strategies previously mentioned, cybersecurity professionals must also consider malicious insiders in their cybersecurity strategies. This can be particularly difficult to approach because workers need to be able to access systems to do their job. The principal of least privilege should be applied when assigning access rights to users to ensure programmers and users only have the necessary privileges to perform their tasks (Alanazi et al., 2023). Controlling access rights will help to ensure that a malicious insider cannot gain access to the underlying operating system of SCADA systems.
As SCADA systems have grown in popularity due to the ease of managing industrial systems they provide, so too have they become a popular target for malicious actors. Cybersecurity professionals can ensure that these systems are protected by appropriately employing a layered defense-in-depth strategy, including patching systems, requiring strong passwords, restricting physical access to the physical network that hosts SCADA systems, firewalling SCADA systems from the internet, and applying the principal of least privilege when assigning user access rights. With the right security policies in place, security administrators can ensure the resilience of these critical industrial systems.
References
Alanazi, M., Mahmood, A., & Chowdhury, M. J. (2023). SCADA vulnerabilities and attacks: A review of the state‐of‐the‐art and open issues. Computers & Security, 125, 103028. https://doi.org/10.1016/j.cose.2022.103028
SCADA systems. SCADA Systems. (n.d.). https://www.scadasystems.net/
Singh, S. (2020, April 28). Biggest threats to ICS/SCADA systems. Infosec. https://www.infosecinstitute.com/resources/scada-ics-security/biggest-threats-to-ics-scada-systems/