SCADA systems

Posted by ndent002 on

Vulnerabilities and Mitigation of Critical Infrastructure systems
Nicholas Dent
CYSE200T
March 23, 2025

Introduction

Supervisory Control and Data Acquisition (SCADA) can be characterized as industrial control systems (ICS). SCADA’s primary use is to manage infrastructure systems associated mainly with industrialization. The number of attacks on critical infrastructure in the US has surged in recent years in both private and public sectors, with most of the attacks being on energy grids, water systems, and transportation networks that have disrupted daily operations and raised national security concerns (Doyle, 2025). The most common monitored infrastructure processes include facility-based programs, water treatment, and manufacturing. It is important that SCADA systems monitor these processes because of how much effect it could have on the overall society living. SCADA systems also have three generations that they have been through. Those three generations being monolithic, distributed, and networked. Over time, throughout these generations, SCADA has only grown into a more stable and secure system to use for critical infrastructure systems. Furthermore, many critical infrastructure systems find themselves to be vulnerable, primarily because of the cyber attacks that happen on weak parts of a particular system. There are many vulnerabilities that are associated with critical infrastructure systems, but the few that I find to be most crucial would be exploitation of packet and physical access, unauthorized access attempts or logging into an account without authorization, and insufficient security measures and lack of awareness. Along with these vulnerabilities, there are also ways to mitigate against potential risks to critical infrastructure systems. The proper mitigation methods that I found to be most effective were using redundant hardware, updating SCADA security measures regularly, modernizing communication protocols, and the use of an alert system implemented by SCADA systems.

Physical and Packet Access

Two more important vulnerabilities that relate to critical infrastructure systems would be physical and packet access. Packet access can be seen as a vulnerability for people, especially using SCADA critical infrastructure systems, because these specific systems mainly communicate through specific networks. Furthermore, most, if not all, of these networks require some type of packet control protocol, and SCADA critical infrastructure systems have little to no proper packet protection. This creates an issue for people using SCADA systems because it allows anyone with access to the network to basically gain control of it altogether. For example, it could be as easy as a hacker implementing malicious packets into a network in order to put a hold on ship manufacturing, ultimately causing future issues. On the other hand, physical access mostly involves the usage of different hardware such as PLCs and RTUs. Due to the usage of these specific hardware devices, it makes it much more straightforward for an attacker to take control of a system. If an attacker gains control of one of these hardware devices, then they can easily get past the weak SCADA security measures and take total control over a system. Overall, these two vulnerabilities affect critical infrastructure systems to a great extent if utilized by the right person.

Unauthorized Access and Security Measures

Unauthorized access is a big problem in today’s cyber world because of the increase in cyber attacks. Hackers and cyber attackers have learned they can take advantage of vulnerable points in a critical infrastructure system and exploit its weaknesses. Most hackers typically aim to target weak points in the network, software, and hardware in order to obtain control of a system. If a hacker gets into a system by exploiting a weakness, then it could lead to bigger issues such as physical damage done to infrastructure processes. In addition, the common security measure that I see get targeted the most would be the lack of new and updated systems. In old SCADA systems, where proprietary communication protocols were used, in time they became more prone to vulnerability because of the absence of regular updates on software, authentication, and encryption used, eventually leading a hacker to gain control over a system. Although, at the time, SCADA systems were using these old communication protocols, they would eventually end up making a change and improving in their communication methods to help mitigate past, present, and future attacks. For instance, modern SCADA systems have started to apply new security protocols to help mitigate against these vulnerabilities and prevent potential attacks. More specifically though, SCADA is developing more secure solutions to prevent vulnerabilities in critical infrastructure systems. For example, there is a process called whitelisting, where it essentially allows only authorized users and applications to interact with implemented SCADA systems. Overall, along with the process of whitelisting and the increase in more robust VPNs and firewalls, communication channels ultimately stay more secure. These two solutions are most commonly used when resolving this type of issue because of how effective they are toward cyber threats.

Communication Protocols and Alert System

Another method SCADA systems used to mitigate their vulnerabilities was to update their communication protocols. Likewise, the switch from proprietary to standardized communication protocols is a very crucial factor when it comes to having a secure critical infrastructure system. For instance, communication protocols such as IEC 61850, DNP3, and IEC 60870-5-101.2 Most of these protocols SCADA systems use either ethernet or IP. These updated standard protocols that were implemented into SCADA systems ultimately help increase more secure critical infrastructure systems, and allow for a wider range of communication between systems and devices. Modern SCADA systems have also newly added a system where operators monitor system failures, collect real-time data, and detect attacks. Operators tend to rely on PLCs and RTUs to get a heads up on when there is an issue in the system or network. These new-modern systems play an important role in protecting data between hardware like RTUs, PLCs, and supervisory stations, which puts a decrease on attackers physically accessing a network or system. Additionally, these modern SCADA systems also show an increase in risk mitigation because of the addition of the alert system. When using SCADA systems, there is almost always a constant notification whenever a system feels vulnerable. These alarms provide an organized system when encountering potential breaches in systems. In addition, because the alerts are so quick and efficient, the faster an operator can handle the breach and stop it from escalating into something larger. All in all, the switch from proprietary to standardized communication protocols, the implementation of real-time workers, and the alert system have all helped mitigate risks in critical infrastructure systems by allowing devices to communicate more efficiently and securely, and in time leading to a decrease in vulnerabilities encountered by users.

Conclusion

In conclusion, SCADA systems have had a major increase in their ability to manage critical infrastructure systems and mitigate risks. SCADA systems are associated with vulnerabilities like physical and packet access, unauthorized access, and outdated security measures. The shift from monolithic to distributed and then networked has shown SCADA systems to have a set goal to increase their stability and security. Nonetheless, these systems remain at risk to potential cyber attacks, specifically toward attackers exploiting weaknesses in security and network protocols, hardware, and communication devices. Through the implementation of up-to-date security measures such as whitelisting, updated communication protocols, stronger VPNs, and real-time alert systems, there has been a massive increase in minimizing these risks. In addition, because of the switch to standardized communication protocols and the increase in improvements among security measures, SCADA systems can protect themselves against potential threats. Even though cyber attackers display themselves as threats to critical infrastructure systems, the continuous resilience of SCADA systems allows them to still prevent cyber attacks from escalating.

(Doyle, K. (2025). Cyber Threats Rising: US Critical Infrastructure Under Increasing Attack in
2025.Critical Infrastructure in the Crosshairs. p.1,
https://www.tripwire.com/state-of-security/cyber-threats-rising-us-critical-infrastructure-under-incr
easing-attack#:~:text=Critical%20Infrastructure%20in%20the%20Crosshairs&text=The%20publi
c%20and%20private%20sector,and%20raised%20national%20security%20concerns.

Leave a Reply

Your email address will not be published. Required fields are marked *