SCADA Write up

Posted by mrush009 on

Marcus. Rushing

What is SCADA?
SCADA is an ICS (industrial control system) that coordinates the infrastructure system in
real-time. The SCADA system is a tagbase data system that takes all the data elements called
tags or points, these points can be hard or soft. Hard points are the input and output of the
system. Whereas the soft points are the results of different math and logic operations applied
these points usually are stored as time values. Some examples of these systems are water
treatments, gas pipelines, and wind farms.
SCADA’s vulnerabilities
Elieser stated that the SCADA system ‘was built without security considerations’ which is the
cause of the SCADA vulnerabilities . This is due to the architecture not having the security
measures due to not involving security in the process of making the SCADA system. Two forms
of vulnerability that come from these issues are Lack of input validation and Buffer overflow. The
process of a buffer overflow in the SCADA system happens when inputs are not verified or
checked properly, then if the buffer size is smaller than the input it leads to a buffer overflow.
The second vulnerability is lack of input validation, which is where SCADA software receives
inputs from other places or components and the software does not validate these inputs; this
affects the hardware and the software of the SCADA system which can lead to other
vulnerabilities in the system. These are just 2 out of a handful of vulnerabilities the SCADA has.
How to mitigate
The SCADA system does have some vulnerabilities but 2 ways to mitigate them are integrity
checks and input validation. According to Eliser, the first way of mitigation is integrity checks
which would help prevent attacks that are aimed at making the system crash from DOS and
DDOS attacks. According to Eliser also the other form of mitigation is input validation. This is
due to using a white list approach which will account for all data types and the amount of data
and its structure of their data interjected into the SCADA application or software.
Conclusion
In conclusion, the SCADA system is an ICL that coordinates the infrastructure systems
in real time and has a decent amount of vulnerability as buffer overflows and lack of input
validation. These vulnerabilities are present because the system wasn’t made with security in
mind when being made. There are ways to mitigate these problems such as integrity checks
and input validation through white list. The SCADA system is a system that helps keep the
production and operation of infrastructures running more smoothly. It has vulnerabilities that are
being worked on to become less of a problem while helping keep the systems of infrastructures
running

work cited.

Work cited.
Ltd., viElseer. “SCADA Vulnerabilities and Attacks: A Review of the State‐of‐the‐art and
Open Issues.” Computers & Security, Elsevier Advanced Technology, 25 Nov.
2022, www.sciencedirect.com/science/article/pii/S0167404822004205#sec0032.
“SCADA Systems.” SCADA Systems, www.scadasystems.net/. Accessed 24 Mar. 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *