Nicholas T. Martin <\/p>\n\n\n\n
Professor Hiser <\/p>\n\n\n\n
CYSE \u2013 200 <\/p>\n\n\n\n
9 April 2026 <\/p>\n\n\n\n
SCADA and ICS Systems: Vulnerabilities and Mitigation Tactics<\/strong> <\/p>\n\n\n\n BLUF: <\/strong>This brief memo aims to define Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) technologies, their necessity in critical infrastructure, the inherent vulnerabilities to malicious actors, and some strategies to mitigate these risks. <\/p>\n\n\n\n SCADA and ICS<\/strong> <\/p>\n\n\n\n According to a recent article from Fortinet, Industrial Control Systems (ICS) is an umbrella term for tools that are used to automate and control industrial systems. Some examples of these include Programmable Logic Controllers (PLC), Distributed Control Systems (DCS), and Remote Terminal Units (RTU) (Fortinet, n.d.). Another variant which falls under this umbrella is Supervisory Control and Data Acquisition (SCADA), which are specific tools used to centrally monitor and control a variety of ICS applications in large industrial settings. SCADA systems provide industrial operators with updates, real-time metrics, and alerts in the event of system malfunctions. <\/p>\n\n\n\n Vulnerabilities<\/strong> <\/p>\n\n\n\n A key issue with many ICS technologies, including SCADA systems, is that many of them were developed years ago and were intended to be used in offline applications. As stated in the article linked with this assignment, many of these systems have since been connected to networks so that they may be operated remotely (Using SCADA to Protect Critical Infrastructure and Systems, n.d.). This has resulted in often outdated, legacy devices being connected to the broader internet, and introduced potential malicious strategies they were never designed to be subjected to. Since SCADA systems often provide industrial operators with a central access point to view and control other ICS devices, they are a favored target for malicious actors. Many of these systems control critical industrial plants and other infrastructures, and so it is often the case that device replacement and\/or updates are not an option. <\/p>\n\n\n\n Mitigation<\/strong> <\/p>\n\n\n\n It is a misconception to believe that SCADA applications can mitigate risks of other ICS devices. In fact, it is paradoxical to say because SCADA is an ICS application itself. Though there are measures which can be taken to strengthen the defense of these systems. The previously mentioned Fortinet article provides some key strategies: <\/p>\n\n\n\n (Fortinet, n.d.) <\/p>\n\n\n\n Conclusion<\/strong> <\/p>\n\n\n\n As stated before, many industrial facilities do not have the option to replace or update outdated ICS devices, and these devices are often too critical to fully discontinue use. This means that some inherent risks will always be present. Though there are several methods to mitigate these vulnerabilities and lessen the risk of compromise. ICS devices are utilized in our most critical industries, including nuclear power, water treatment, and manufacturing centers. It is vital to safeguard these essential devices from both state-sponsored and criminal cyberattacks. <\/p>\n\n\n\n References<\/strong> <\/p>\n\n\n\n Fortinet. (n.d.). ICS SCADA: Strengthening OT security<\/em>. Fortinet Cybersecurity Glossary. https:\/\/www.fortinet.com\/resources\/cyberglossary\/ics-scada<\/a> <\/p>\n\n\n\n Using SCADA to Protect Critical Infrastructure and Systems (n.d.) <\/p>\n","protected":false},"excerpt":{"rendered":" Nicholas T. Martin Professor Hiser CYSE \u2013 200 9 April 2026 SCADA and ICS Systems: Vulnerabilities and Mitigation Tactics BLUF: This brief memo aims to define Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) technologies, their necessity in critical infrastructure, the inherent vulnerabilities to malicious actors,… Continue Reading →<\/a><\/p>\n","protected":false},"author":31982,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":0},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts\/221"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/users\/31982"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/comments?post=221"}],"version-history":[{"count":1,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts\/221\/revisions"}],"predecessor-version":[{"id":222,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/posts\/221\/revisions\/222"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/media?parent=221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/categories?post=221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/ntm1794\/wp-json\/wp\/v2\/tags?post=221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n
\n
\n
\n