CYSE 200T SCADA System assignment

Posted by nguma001 on

Nathan Guman

202420_SPRING_CYSE200T_32776

CYSE-200T – Cybersecurity, Technology & Society

SCADA systems write up

Due Wed Mar 26, 2025 11:59pm

TASK:

In this write-up you will use the SCADA SystemsLinks to an external site. article, along with your own research, to explain the vulnerabilities associated with critical infrastructure systems, and the role SCADA applications play in mitigating these risks.

This write-up is to be IN YOUR OWN WORDS, and must reference the aforementioned article, and at least one additional source of your choosing.

Obvious cut/paste from online articles, including AI generators will be marked with a grade of zero.

Business writing skills apply and account for 50% of the final grade.

Response

Supervisory Control and Data Acquisition (SCADA) systems and their vulnerabilities

BLUF: SCADA systems represent a strategic level vulnerability to entire nation states as they are typically used to manage large scale infrastructure, manufacturing, and public works facilities. Management of such systems requires serious protection and investment from managing organizations and governments as an attack is likely to come in the form of a dedicated and planned cyberwarfare operations then a simple cyberattack from criminals.

SCADA System components

SCADA systems allow for automation, manipulation, and oversight of industrial and municipal scale processes in real time. SCADAsystems.net provides a comprehensive overview of how SCADA systems operate. In summation, the system collects data from sensors, transmit the data to control centers, and allows for human operators to supervise or override certain actions. A typical SCADA system consists of:

    Human-Machine Interface (HMI): Displays data for operators to control systems.

    Remote Terminal Units (RTUs) & Programmable Logic Controllers (PLCs): Collect sensor data and automate actions like adjusting pumps or valves.

    Supervisory System: Collects data from field equipment (RTUs, PLCs).

Communication Infrastructure: Connects field devices to the control system.

Vulnerabilities:

Some examples of SCADA systems oversee include power generation and distribution, water treatment and distribution, oil and gas pipelines, automated factories, traffic lights, airports and almost all other critical infrastructure. These systems, if manipulated or tampered with can be used to cripple entire society’s ability to function in the 21st century. Turning off electricity, running water, oil and gas, telecommunications and the ability of people to travel are individually grounds for a state of emergency to be declared, comparable to governments responses to powerful storms. The potential for them all to happen simultaneously or taken offline longer term represent a threat capable of societal collapse.

In February 2022, the FEDTECH magazine reported “… that 80 percent of the [US] Army’s cyber vulnerabilities in critical infrastructure “are because of purely misconfigured control systems, things like people not resetting the factory default passwords.” (Stone) SCADA systems are typically operating with older technology and proprietary software on antiquated operating systems. The critical nature of the items managed by SCADA systems means they are high value targets.

Defenses

 The diverse nature of these systems and management of them being structured independently rather by a central organization does present some defense against a single attack effecting multiple systems. Additionally, since much of these systems control production and manage such critical infrastructure, they represent a much higher profile target. For example, the colonial pipeline attack in 2022, in which a cybercriminal group shut down a critical gasoline pipeline for the east coast of the U.S., resulted in federal investigations, a 10-million-dollar bounty placed on its members, 84% of the ransom being recovered by the FBI, the groups organizational accounts being discovered, and new cybersecurity standards being implemented via a new executive order. (Kerner). All of this highlights how these targets are simply not worth the attention and are not money-making enterprises. They do however expose a very real threat an adversary nation state may notice as half the fuel to east coast was taken offline by a few lines of computer code.

Conclusion:

SCADAs ability to automate industrial scale infrastructure and manufacturing processes has revolutionized the ability to provide information and services in real time. As the systems have become more interconnected organizations have not prioritized the security of the systems, resulting in a significant vulnerability to the functioning of the societies which rely on them to function. Significant upgrades and investment should be made to mitigate the threat these systems pose to a nation state. 

References:

“SCADA Systems – SCADA Systems.” Www.scadasystems.net, www.scadasystems.net/.

Stone, Adam. “SCADA Critical Infrastructure Works to Block Cyberattacks.” Technology Solutions That Drive Government, 2022, fedtechmagazine.com/article/2022/06/federally-operated-scada-systems-work-block-cyberattacks. Accessed 22 Mar. 2025.

Kerner, Sean . “Colonial Pipeline Hack Explained: Everything You Need to Know.” TechTarget, 26 Apr. 2022, www.techtarget.com/whatis/feature/Colonial-Pipeline-hack-explained-Everything-you-need-to-know.

Leave a Reply

Your email address will not be published. Required fields are marked *