CYSE-200T

Overview of SCADA Vulnerabilities and Mitigation of Risks

Posted by msurr006 on

Overview of SCADA Vulnerabilities and Mitigation of Risks


Supervisory control and data acquisition (SCADA) systems are unique to the critical infrastructure system they control. This unique configuration of the SCADA systems also makes the mitigation of vulnerabilities to be unique as well. In this write-up, I will discuss vulnerabilities associated with critical infrastructure systems focusing on implementation issues and security misconfiguration issues. Then, we will touch base on different tools available to critical infrastructure systems to mitigate cybersecurity risks.


Vulnerabilities


The evolution of SCADA systems has encouraged industrial control systems (ICS) to implement the use of commercial off-the-shelf (COTS) hardware and software. This trend has inadvertently increased the attack surface in SCADA systems that previously did not exist in air-gapped ICS environments (Alanazi et al., 2023). The increase in vulnerabilities due to the use of COTS hardware and software paired with the vulnerabilities of SCADA systems older infrastructure still in use, create a very significant taxonomy of SCADA vulnerabilities.


Implementation Issues


The vulnerabilities caused by implementation issues are flaws in the architecture of the programming. This section of the write-up briefly lists and explains vulnerabilities caused by implementation issues (Alanazi et al., 2023):
• Lack of input validation occurs when inputs are not validated to be safe or correct.
• Improper validation of array index occurs because lacking input validation from upstream components are not checked by the software.
• Untrusted search paths exploit can lead to data link library (DLL) hijacking.
• Improper limitation of memory buffer can lead to buffer overflow or an off by one error when the memory buffer is used outside of its limits.
• Improper control flow management which can create modified execution logic due to code not effectively managing flow. This can lead to race conditions, time-of-check time-of-use vulnerability, server-side request forgery, and hidden functionality.


Security Misconfiguration Issues


The vulnerabilities caused by security misconfiguration issues are the result of implementation of weak security techniques. This section of the write-up briefly lists and explains vulnerabilities caused by security misconfiguration issues (Alanazi et al., 2023):
• Protection mechanism failure caused by lack of encryption, inadequate encryption strength, insufficient random values, and insufficient verification of data authenticity.
• Weak password requirements: a successful exploit leads to privilege escalation.
• Improper access control allows access to critical resources by mistake.
• Improper authentication occurs when the software does not validate the identity of a user and can cause: Bypass authentication, use of hard-coded credentials, authentication bypass by capture-replay, lack of certificate validation, default password configuration, improper restriction of invalid authentication attempts, improper authorization, and unsalted hash value.


Mitigation Tools


The differences between ICS and IT systems prevent IT mitigation mechanisms from being utilized in ICS systems. This is because of the conflicts with the ICS system requirements. The following cybersecurity controls can help mitigate risk on SCADA systems (Alanazi et al., 2023):
• Assets management inventory can be utilized to discover unauthorized devices that are connected to the network.
• Vulnerability assessment and management can help determine entries that attackers may use.
• Using safe memory languages such as Rust.
• Integrity checks can prevent attempts to crash a server by the use of DoS and DDoS attacks.
• Input validation by employing a whitelist approach.
• Output encoding that transforms a user input into a safe form.
• Privilege access management to prevent privilege escalation.
• Credential management: avoid using default password configurations and passwords should be salted.
• Intrusion detection, prevention, and prediction systems.


Conclusion


The uniqueness of SCADA systems creates individual challenges that need to be addressed for every critical infrastructure system. Utilizing tools like the NIST framework and MITRE’s Common Weakness Enumeration (CWE), will help discover vulnerabilities, and create a plan to mitigate cybersecurity risks.

References
Alanazi, M., Mahmood, A., & Chowdhury, M. J. M. (2023). SCADA vulnerabilities and attacks: A review of the state‐of‐the‐art and open issues. Computers & security, 125(103028), 1-29. https://doi.org/10.1016/j.cose.2022.103028

Leave a Reply

Your email address will not be published. Required fields are marked *