SCADA is the acronym for Supervisory Control and Data Acquisition. It is a computer-based system for gathering and analyzing data to monitor and control equipment that deals with critical and time-sensitive material or events. It refers to an industrial control system that use to control infrastructure processes such as water treatment, wastewater treatment, gas pipelines, wind farms, etc. that is based on a facility like airports, space stations, ships, etc. or industrial processes like production, manufacturing, refining and power generation.
From local companies to federal governments, every business or organization that works with the SCADA system is vulnerable to SCADA security threats. These threats can affect both the economy and the community. There are threats to SCADA networks, one is the hacker that could bring the SCADA network down by accessing key components. It could unleash on an organization that can range from a disruption in services to cyber warfare. Malware, including viruses, spyware, and ransomware, can pose a risk to the SCADA system. It can still pose a threat to the key infrastructure that helps manage the SCADA network even though malware cannot specifically target the network itself, including the mobile SCADA application that monitors and manages the SCADA system. Terrorist likes to cause damage as much as possible. Also, employees can be insider threats that can damage like external threats. SCADA must address these risks from a human error to disgruntled employees or contractors.
Compass IT compliance developed a recommendation to enhance their cybersecurity posture. Recommend asking SCADA vendor to provide clear step-by-step guidance for patching the OS underlying on the system. Configure the authentication per user and use authorization and logging controls. Ensured that they are configured to use the new features, if not, evaluate to see if there is a way to use a secure channel for communication. Conducting a physical security survey and inventory access points at each facility that has a connection to the SCADA system.