Marlowe Cosby
IT 200 CRN 20192
11/8/2020
IMPACT OF SCADA
Vulnerabilities are bound to be existent anywhere in the tech field, especially within critical infrastructure systems. Any device involved is a potential door for a cyber attack. Yes, a poorly protected device usually is not the attackers end goal but it could provide the first step or
door for an attack on a valuable asset leading somewhere in the system (powerpoint). Us humans daily are vulnerable whether it is walking down the sidewalk or just opening up our phones and checking emails. Anything can happen at any time and more likely than not, usually the technology or person is not as prepared as one should be.
There is suspicion of more attacks, larger much more impactful attacks coming soon, it is only right that suspicion has raised because there is plenty of data to support that notion also. Over time annually it is without question we see more attacks, attacking bigger and bigger organizations and companies taking more information, data and money. AT&T has logged a 458% increase in vulnerability scans of IoT devices in the last two years. According to AT&T, just 10% of respondents to its survey are fully confident that their connected devices are secure (Verma). It is well known how the internet of things if growing day by day, but that also means that the difficulty of keeping it secure increases double that. Hundreds if not thousands of IoT devices already control physical infrastructure, such as things like production lines, supply chains and utilities, including transportation such as airplanes and cars (Verma).
A number of commonly seen security vulnerabilities include weak physical protection, weak devices, limited computational power, remote devices are difficult to upgrade, weak passwords, all traffic is on one port, too few firewall options, last but not least security for engineering cyber system is typically five to ten years behind (powerpoint). Already being
behind in this fast paced growing environment does not fair well at all. Then there is the issue of physical security also, engineering cyber systems are more likely than not stretched across large areas making it more vulnerable also. This could potentially have effects on things such as
distributed power supply systems, water supply systems, transportation systems and or agriculture systems too. As of late some would say cybersecurity has focused virtually all on the enterprise side, and less focused on the hidden side associated with industrial control systems (powerpoint). Another issue would simply be the devices at hand, they are not fully equipped or engineered for modern security. These devices usually have simple passwords shared amongst one another, which makes it a double liability. Then you have remote field devices, the RTUs
and PLCs which are not easy to upgrade with new software, due to they may be physically unable to upgrade due to their circumstance.
This is when SCADA comes into play and helps mitigate these risks. SCADA stands for Supervisory Control and Data Acquisition. It is essentially an automation control system that is used in industries such as energy, oil, gas, water and power, to name a few. What makes it special is it has a centralized system that monitors and controls entire sites whether it is one site or multiple groups of that site across the map. The way SCADA works is sends signals through channels to give users remote control of any equipment desired in the system selected. SCADA has five key elements involved, from Human machine interface, to supervisory system, remote
terminal units (RTUs), programmable logic controllers (PLCs), and communication infrastructures (Galco). HMI processes data and sends it to a human operator where they can monitor and or control the system. Supervisory system gathers data and sends commands or operations to the process. RTUs connect sensors and convert their signals to digital data and send it to the supervisory system where it can be stored in a distributed database. While PLCs are used
as field devices due to their versatility, swiss army knife like, more fit than an RTU at times. Your communication infrastructure delivers connectivity to the supervisory system then hits the RTUs and PLCs for user commands. The key link that makes everything inside the SCADA system itself work is proper communication amongst all these different elements. If the SCADA
communicates well, it will work very efficiently and help maintain productivity, process data better, express system failures or issues needed to be fixed to help mitigate downtime.
Even though there are all these vulnerabilities there will always be some no matter what, it is just a factor of being inside of technology, using the SCADA system effectively will help mitigate them greatly in an efficient, effective and productive way.
References
200 IT Module 4 Powerpoint
https://docs.google.com/presentation/d/1lB2dMFBXx2SmUyxwB8YvOWho4s_BCWmy
K1bPjAxyUqc/edit?usp=sharing
Verma, S. (2016). Has IoT increased our exposure to cyber threats? – Paris Innovation
Review. Retrieved November 09, 2020, from
http://parisinnovationreview.com/articles-en/sandy-verma-has-iot-increased-our-expo
sure-to-cyber-threats
Galco, (2019). What is SCADA? (Supervisory Control and Data Acquisition) – A
GalcoTV Tech Ti. Retrieved November 09, 2020, from
https://www.youtube.com/watch?v=sphvkkybTt0&ab_channel=GalcoTV