Critical infrastructure and how SCADA helps mitigate its risk

Posted by ldent001 on

INTRO
Critical infrastructure systems encompass an energy grid of interconnected platforms, including power
generation and water treatment. The problem with this energy grid is that it is vulnerable to cyber attacks.
Critical infrastructure has become increasingly vulnerable every day. With the development of PLCs or
programmable logic controller, it has become easier to hack into someone’s critical infrastructure and take
over their system. All it takes is an embedded code on web browsers, and it can even be accessed through
web browsers. SCADA, or Supervisory Control and Data Acquisition, helps with this problem. Known for being able to spread across large area’s SCADA would control and monitor entire
sites. One of the biggest things SCADA has that makes it different is that, if you want to restrict access to
the host control function, then you would have to have supervisory control or basic override. This would
make it difficult for the hackers to take over your system fully.

Vulnerability’s
Intro
When it comes to critical infrastructure, many vulnerabilities could be exploited. This could lead
to your system being corrupted, and even in the worst case, completely taken away from you.
Vulnerability protection is so important when it comes to critical infrastructure because it is
Evolving every year, there are even new vulnerabilities being added in the past few years.

PLC Malware/Network Exposure
The newest vulnerability found in 2024, the PLC is placed on a web server, and if you interact
with said web server, someone could gain complete control of your system, as well as the
physical process controls. This is possible due to the recent change in how software is used to
monitor and control systems. This big change made it so that the management is “web-based.”

Stuxnet Computer Virus/Supply Chain Risk
One if not the most famous computer viruses in the world, Stuxnet, was used on Iranian nuclear
facilities and was taken and changed to attack SCADA systems. Stuxnet was used to take control
of a PLC in a system and to take control of the rest of the system from there. This was used on
the Iranians to damage nuclear material and was used in Germany to shut down and damage a
steel mill. This is a Supply Chain Risk because of the fact that the virus comes from a third party.
That third party is the US.

Weak Authentication/Dated Software
When researching this topic, I couldn’t help but recognize how much of a problem weak
authentication is when it comes to critical infrastructure. The CISA, or the Cybersecurity and
The Infrastructure Security Agency describes strong authentication as “not enforced.” Further saying
that the software for critical infrastructure isn’t up to date. This could cause a “denial of service.”
attack, which pretty much locks you out of your system. This could also lead to your cloud being
unprotected, one of the biggest targets for cyber attacks. Allowing your sensitive data to be
taken.

SCADA Helps Mitigate
SCADA would help address these different vulnerabilities in similar ways. The best way
SCADA would help you mitigate these vulnerabilities through the HMI. This would allow you
to see important information like your diagnosis and management information in your database.
This allows you to stop the infection of malware and viruses on your computer as fast as
possible. This would also allow you to see your dated and outdated software if you know what
you’re doing. Overall, understanding critical infrastructure and how SCADA could help mitigate
the risk of vulnerability to infection could be key to protecting your critical infrastructure.

Citations:
1. https://docs.google.com/document/d/1VnMlL2YmcW5Jg4MdDa1dt5fJpmQM0KVH/edit
2. Allianz Commercial. (2016, June). Cyber attacks on critical infrastructure.
https://commercial.allianz.com/news-and-insights/expert-risk-articles/cyber-attacks-on-critical-inf
rastructure.html
3. Stewart, J. (2024, February 29). Critical infrastructure systems are vulnerable to a new kind of
cyberattack. Georgia Institute of Technology, College of Engineering.
https://coe.gatech.edu/news/2024/02/critical-infrastructure-systems-are-vulnerable-new-kind-cyb
erattack
4. CISA. (2022, May 17). Weak security controls and practices routinely exploited for initial access
(Alert AA22‑137A). U.S. Department of Homeland Security.
https://www.cisa.gov/sites/default/files/publications/AA22-137A_Weak_Security_Controls_and_
Practices_Routinely_Exploited_for_Initial_Access.pdf
5. Grammarly. (2025). Grammarly [Software]. Grammarly, Inc. https://www.grammarly.com

Leave a Reply

Your email address will not be published. Required fields are marked *