SCADA and Its Role in Network Security

Posted by pbays001 on
The SCADA system enables industrial workers to maintain full hardware and software security through the constant collection and graphical presentation of sensor and machine data, especially in regards to automation and factory make lines. SCADA systems consist of two main parts: Programmable Logic Controllers, or PLCs, and Remote Terminal Units, or RTUs. PLCs exist on any given machine or monitoring device within a given automation facility, and send their data through
SCADA software to a RTU for a human to interpret and/or control.

Where does SCADA come from, and what sectors utilize it?

SCADA systems were first implemented after the advent and popularization of industrial computers and, by extension, PLCs in the early 1970s. SCADA is not only hardware, but software as well – the software running on these PLCs allow the secure collection, analyzation, transmission, readable display, and control of status data to remote locations. Oil, chemical, automotive, food, and beverage companies all use this system on a daily basis[1].

What does SCADA measure and how is data transported?

Sensors in these systems generally measure speed, temperature, weight, flow rate, gaseous emissions and pressure[2]. SCADA software interpret these values within the PLCs present in factories and then send it to an RTU to be presented to an operator and controlled via a Human-Machine Interface, or HMI. These interfaces use various graphics ranging from traffic lights to massively scaled systems for controlling complex things like railways or skyscraper elevators[1]. These PLCs originally used modems or serial connections to report their telemetry data, and most small-scale uses of SCADA still do to this day. Larger scale solutions usually involve full wireless connections over TCP/IP, some using extended versions of already standardized protocols such as IEC 61850, DNP3, and IEC 60860-5-101/104[1]. It is due to these standards that operators can ensure a baseline of both the sanctity and quality of data provided by SCADA hardware and software.

What security concerns are associated with using a SCADA system?

Even though SCADA systems are secured physically, many believe that this factor alone means that they’re secure. In reality, it’s far from the truth. Since SCADA is used to monitor critical infrastructure that is integral to the function of modern society, on-site and network security are vital to maintaining operations. There are two major threats to these systems: unauthorized software access, or unauthorized network access[1]. The first threat is exemplified by the Stuxnet worm that was uncovered in 2010, that targeted PLCs within an Iranian nuclear program, causing them to report to their RTU that everything was normal, while the machines themselves were automatically controlled to operate in unsafe capacities. The result of this was significant damage to Iran’s nuclear program, and shows how
disastrous improper security and protocol can be when attackers are involved in sabotaging SCADA systems[3]. As for the second threat, malicious hackers can capture and potentially spoof packets within SCADA transit networks, allowing them to send control commands back to the PLCs, as there is little to no control in regards to packet protocol in legacy systems[1]. With proper preventative and responsive measures such as an industrial VPN, a tight firewall, and physical security measures such as access control vestibules and training against social engineering attacks, vendors can detect and prevent these attacks before they become as disastrous as Stuxnet.

In conclusion, SCADA is the standard of industrial automation telemetry, and is vital for minimizing the manpower needed to ensure the proper and continuous operation of factory systems. Its’ standards such as the IEC series for electrical substations or the DNP series for electric and water companies ensure that training can be simplified and security can be better developed due to known variables. Despite the flaws of earlier iterations of SCADA, with proper cyber and physical security vigilance, SCADA systems can easily become safe and secure solutions to large-scale infrastructure management.


Works Cited:
1. “Scada Systems” –
https://docs.google.com/document/d/1DvxnWUSLe27H5u8A6yyIS9Qz7BVt_8p2WeNHctGVboY/edit
2. “SCADA System: What is it and How it Works” – https://www.plctechnician.com/news-blog/scadasystem-what-it-and-how-it-works
3. “Stuxnet” – https://en.wikipedia.org/wiki/Stuxnet

Leave a Reply

Your email address will not be published. Required fields are marked *