Kwabena Asumadu
05/02/2025
SCADA Systems and Tomorrow’s
Threat: A Long-Term View of
Cybersecurity in Critical Infrastructure
Introduction: Why SCADA Systems Are Important
SCADA systems are a vital part of the functioning of contemporary infrastructure.
Electricity grids, water systems, and transportation systems all utilize SCADA systems to
manage and monitor essential services. There is one huge problem, however—most of these
systems were constructed years ago, with little thought given to cybersecurity. Now, as they
become networked, they are vulnerable to computer attacks that can have disastrous long-term
consequences.
In this essay, I address the long-term danger of continuing to use aging, vulnerable
SCADA systems. I use the philosophical model called *The Short Arm of Predictive
Knowledge* to illustrate how we are underestimating the future impact of today’s weak
protections. My belief is that if we don’t act now, we are betting on more than system failure—
we are betting on public safety, national stability, and trust in technology itself.
SCADA System Vulnerabilities: What We Know
The majority of SCADA systems continue to operate on outdated technology and lack
strong defenses like encryption or adequate password protection. Inadequate patching practices,
outdated software, and human error are among the most prevalent risks to these systems, says the
Cybersecurity and Infrastructure Security Agency (CISA). These vulnerabilities provide hackers
with an easier path to enter and inflict harm.
We have real-world examples already showing how dangerous this is.
In 2021, a cyberattack intruded into the water treatment plant in Oldsmar, Florida, and
made an attempt to raise the levels of a harmful chemical in the water. Happily, it was caught
and foiled. But it leaves one wondering: what if it had succeeded? What if something similar
happened on a power grid or a railroad control center?
These are not just technical issues—they can actually create emergencies that affect large
numbers of people.
The Short Arm of Predictive Knowledge: We Don’t See What’s Coming
The Short Arm of Predictive Knowledge explains that individuals and organizations tend
not to appreciate the long-term effects of emerging technologies. When it comes to SCADA
systems, this issue becomes highly pronounced. Because many of these systems still run on their
foundational levels today, decision-makers might not feel compelled to update or secure them.
Simply because something is functional today, nevertheless, doesn’t imply that it will be secure
tomorrow.
The largest danger in this case is that technology is exceeding our ability to secure it.
Cyber threats are becoming smarter, but our infrastructure systems simply stick to a given
configuration. If we persist with this approach, we could end up having catastrophic outcomes
across the next decade or so. These may range from economic meltdown due to blackout, to
environmental devastation due to contaminated water supply.
The longer we wait, the harder and more expensive these issues will be.
What Can Be Done Now to Minimize Future Risks?
To reduce the long-term risks, we have to implement changes now, however challenging
or expensive. Obsolete infrastructure needs to be replaced with modern counterparts having
strong cybersecurity provisions built-in. Training personnel to recognize threats is just as vital as
using cutting-edge technology. Minor weaknesses can give way to colossal attacks, and hence,
human error has to be addressed with as much seriousness as technical malfunction.
In addition, more policy is required. Business and government need to collaborate on
legislation that imposes a minimum amount of protection on any system that impinges on public
safety. It is not sound risk management to wait for a catastrophe to change things. By taking
action now, we can prevent far greater problems down the road.
Conclusion
SCADA systems are at the center of services we use daily. They are also, sadly, some of
the most exposed components of our infrastructure. Looking with the Short Arm of Predictive
Knowledge, it is clear that not addressing these threats now will only make things even worse
later. I know the problem is not easy. It costs money to upgrade aging systems. Some institutions
do not have the funds, the personnel, or even the knowledge to make the necessary changes. And
no system is ever fully secure, regardless of how robust the defenses. But that should not stop us
from doing what we can. The price of inaction will almost certainly be much greater. I believe
that if we act today with a vision for the future, we can build a safer and more stable
infrastructure. This means understanding our limits in predicting future threats but understanding
we have a responsibility to act anyway. We may not be able to anticipate every threat perhaps,
but we can certainly be far more prepared than we are now.
References:
Cybersecurity and Infrastructure Security Agency (CISA). “Industrial Control Systems.” CISA,
https://www.cisa.gov/topics/industrial-control-systems.CISA
Claroty. “SCADA Risk Management: Protecting Critical Infrastructure.” Claroty Blog,
https://claroty.com/blog/scada-risk-management-protecting-critical-infrastructure.