This paper is to explain to you SCADA systems, what they are, vulnerabilities that are associated with SCADA systems, and how to mitigate these risks.<\/em><\/p>\n\n\n\n Supervisory control and data acquisition, also known as SCADA, is an Industrial control system (ICS) that is used to control infrastructure processes like water treatment plants, wind farms, gas pipelines etc. SCADA also controls facility-based processes like airports, space stations, etc. as well as controls industrial processes like production, refining, manufacturing, etc. SCADA systems have a centralized system to control these processes mentioned above called remote terminal units or programmable logic controllers. This is so the sites don\u2019t have to be physically manned and can be controlled remotely. (csoonline.com)<\/p>\n\n\n\n Just like any system that is out there in the world today, vulnerabilities exist. According to a study on the IEEE website by using the National Vulnerabilities Database (NVD) and using the keywords like \u201cSCADA\u201d, \u201cRTU\u201d, \u201cMTU\u201d etc. (all keywords are related to SCADA systems) some of the vulnerabilities found were:<\/p>\n\n\n\n Buffer errors<\/strong> \u2013 an attacker can read or write to a memory location (ieeexplore.ieee.org)<\/p>\n\n\n\n Input validation<\/strong> \u2013 input is not appropriately validated by the software leading an attacker to craft input altering flow control or arbitrary code execution (ieeexplore.ieee.org)<\/p>\n\n\n\n Path traversal<\/strong> \u2013 elements within a pathname of the file or directory are identified by external input<\/p>\n\n\n\n Permissions, Privileges, and Access control<\/strong> \u2013 deals with users having access to files and privileges they are not supposed to have access to<\/p>\n\n\n\n Listed above were some of the key vulnerabilities listed. (See citation for IEEE article if you want to see a further detailed list of vulnerabilities)<\/p>\n\n\n\n Now let\u2019s go over ways that these vulnerabilities can be mitigated. According to the IEEE article many exploits were detected because the SCADA systems still had their default username and password to gain access to the system. By providing security training on the significance in changing the default passwords and usernames (as default usernames and passwords can be found easily online) this would help mitigate some of these vulnerabilities. To address the top three concerns of buffer overflows, improper input validation and path traversal these vulnerabilities are usually inherited by low-level, insecure programming languages. Increasing security in the programming and using a more secure programming language for these systems can help mitigate these vulnerabilities. A simple yet effective solution is to have system administrators patch all \u201chigh\u201d severity vulnerabilities since the article stated that 38% of the vulnerabilities have disrupted SCADA system availability so the main mitigation techniques that should be used are some few general practices such as: access control, vulnerability patching, debugging IDS\u2019s, and cryptographic solutions.<\/p>\n\n\n\n Works Cited<\/strong><\/p>\n\n\n\n Constantine, Lucian. \u201cCisa Warns of Critical Flaws in ICS and SCADA Software from Multiple Vendors.\u201d CSO Online<\/em>, 7 Apr. 2023, www.csoonline.com\/article\/575013\/cisa-warns-of-critical-flaws-in-ics-and-scada-software-from-multiple-vendors.html.<\/p>\n\n\n\n G. Yadav and K. Paul, “Assessment of SCADA System Vulnerabilities,” 2019 24th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)<\/em>, Zaragoza, Spain, 2019, pp. 1737-1744, doi: 10.1109\/ETFA.2019.8869541.<\/p>\n\n\n\n\n\n\n\n Realizing that you have a limited budget (the amount is unimportant), how would you balance the tradeoff of training and additional cybersecurity technology? That is, how would you allocate your limited funds? Explain your reasoning.<\/em><\/p>\n\n\n\n Working on a limited budget it\u2019s obvious that both the technological side and the training of employees are vital for a company\u2019s security posture. I wouldn\u2019t ignore that cybersecurity technology will need to be in place to detect and possibly thwart threats without any damage occurring and human interaction needed. However, I find that I may put more focus on training employees and making them acknowledge the fact that humans are the most dangerous part when it comes to cybersecurity.<\/p>\n\n\n\n Why are humans the most dangerous when it comes to cybersecurity? According to an article by cydef.ca 88% of data breaches occur due to human error. Also, according to IBM, the average cost of data breaches from human errors sits at $3.33 million (cydef.ca). With these costs in mind, I find it more logical to focus on human training and awareness to mitigate these major costs. My main focusses would be the following:<\/p>\n\n\n\n Cybersecurity awareness training<\/strong> \u2013 programs that help employees see real-world simulations of what these threats can do to a company.<\/p>\n\n\n\n Access rights and privileges<\/strong> \u2013 basically controlling which employees have access to which files, restricting employees from access to all files helps mitigate insider threat data leaks.<\/p>\n\n\n\n Regular data backups<\/strong> \u2013 when a disaster happens and there is no data to go back to, restarting from nothing is going to be a financial disaster and will make you lose your clients you may have had.<\/p>\n\n\n\n Good cyber hygiene<\/strong> \u2013 keep all systems and software patched and up to date for the latest firmware upgrades. (cydef.ca)<\/p>\n\n\n\n In conclusion maintaining more focus of the human factor in a business can help you save from potential future costs on data breaches as well as keep you more secure from cyber threats when your employees are more aware of the threats and the damage they can cause when allowing these threats to enter a business\u2019s network.<\/p>\n\n\n\n Works Cited<\/strong><\/p>\n\n\n\n \u201cThe Human Factor: The Hidden Problem of Cybersecurity.\u201d CYDEF<\/em>, 28 Dec. 2021, cydef.ca\/blog\/the-human-factor-the-hidden-problem-of-cybersecurity\/.<\/p>\n","protected":false},"excerpt":{"rendered":" SCADA Systems Explained This paper is to explain to you SCADA systems, what they are, vulnerabilities that are associated with SCADA systems, and how to mitigate these risks. Supervisory control and data acquisition, also known as SCADA, is an Industrial control system (ICS) that is used to control infrastructure processes like water treatment […]<\/p>\n","protected":false},"author":27541,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/pages\/91"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/users\/27541"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/comments?post=91"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/pages\/91\/revisions"}],"predecessor-version":[{"id":323,"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/pages\/91\/revisions\/323"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/matthewrozean\/wp-json\/wp\/v2\/media?parent=91"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Human Factor in Cybersecurity<\/h2>\n\n\n\n