BLUF: Scada system stands for supervisory control and data acquisition and is generally used for critical infrastructure. These systems must be safe as they can be used for water treatment facilities and airports and ships. The major issue with SCADA systems is that they weren’t made to be safe from a cybersecurity perspective therefore commonly facing common cyber attacks.
Some of the vulnerabilities include outdated hardware and software, lack of encryption, and access to the system’s network. Unauthorized software breaches are more common within these systems as there is not an adequate amount of cybersecurity order to review the data packets which are being sent to the system. The hardware within these systems is often not firmware updated properly leading to security breaches. Another factor is that the hardware is often outdated due to these systems being built years ago and do not have the latest firmware and security measures. The location of these systems is often in very rural areas causing hardware maintenance to be very difficult. Physical security can also be an issue as these places are very hard to keep secure without security systems or guards.
The software vulnerabilities would include a lack of updates, design flaws within the system, and a lack of cybersecurity. These SCADA systems are typically made with outdated software which has a multitude of vulnerabilities. To add these systems are not often looked at and updated making design flaws common as these systems are extremely custom to tailor fit the SACADA system and their tasks. There is a lack of authentication as well as password management within these systems. Lastly, a lack of encryption is a prevalent issue as these systems all use networks that are typically not encrypted making this an easy way to attack the system.
But the SCADA systems have applications that mitigate these risks such as using firewalls, security training, and network safety measures. Firewalls are used within the system to protect internet security. With these firewalls being regularly maintained it diminishes the risk of being safe from cyber terrorists trying to infiltrate the system through the internet. Using background checks on the physical security within one of these systems will greatly diminish the chances of a rouge employee messing with the system. Security training of employees who deal with the system is also crucial as they should be trained in phishing emails, password security and not communicating with these hackers. (Technical) By adding regular maintenance to the system the operators can mitigate and catch any risk which would compromise the security of the system. By updating the system and equipment to the latest standards the SCADA system will be less prone to cyber-attacks.
Even though these SCADA systems can have many risks involved having an operator who knows the system well and the risk involved can be the difference maker. As these systems can be life-changing for the millions of people using their cybersecurity is a crucial aspect. For example in 2012 a German power SCADA system was attacked through a DDOS attack which caused millions of Germans to be without power causing extreme fear and overall chaos within the community. There have been several more of these cases throughout the world where hackers can cause chaos and kill people with just a few lines of code. The overall importance of these SCADA systems is crucial for human survival and should be kept in the limelight having the most advanced technologically advanced cybersecurity.