The growing interconnectivity of networks presents both gains and challenges for local cities to major metropolitans. Gains come in the form of ease of management to added functionality, while the challenges come in the common form of added cyber threats that could led to confusion and potential cost of human life. The systems we rely on to control daily necessities like traffic control systems, electrical plants, or water control facilities are called Supervisory Control and Data Acquisition, or SCADA, systems. These systems gather data points from sensors, which are connected to Remote Terminal Units (RTU), that send this data to a supervisory system which has a Human Machine Interface (HMI). The HMI can be a terminal that a an actual operator uses to monitor the various systems that can be connected over a wide range of land, like a water system of water towers and pumps that control a cities water infrastructure. This HMI gives the operators a view of the health of the system and allows them to send signals back to the RTU that gives instructions, such as turning on or off a flow.
These systems historically where isolated and non-Ethernet networks, with their physical access limitations the systems were isolated from most common remote cyber threats. The growing interconnectivity of these systems to existing city networks starts to present the common vulnerabilities presented to most Ethernet networks, primarily because these systems “lack an active network system” like an Intrusion Prevention System (IPS) and common updates due to the necessity of the systems to remain online [2]. The lack of authentication on these systems due to their potential wide range in age and the fact they were not originally designed with security in mind is another vulnerability that plagues them, when paired with the limited hardware and software updates and now available on an Ethernet network that is connected to the Internet they become prime targets for compromise. This can cause harm and danger to the citizens of an area in many forms depending on the infrastructure being targeted, water flow can be stopped, traffic signals can become non-functional causing traffic issues power plants could be powered down.
Upgrading these systems allows managers to gain faster insights, enhance security, and respond to issues remotely. Originally, these systems were connected by slow rate dial-up modems or serial radio connections but with the integration with Ethernet networks they are gaining the added speed and versatility of those networks. Operators can install physical security such as cameras and access control systems to help monitor and audit access. Remote accessibility offers operators the ability to work remotely and handle most alarms that occur on the systems, but this does remove some of the safety of an isolated system. They can be protected by implementing some common, yet effective, tools that are used to protect normal Internet connected devices – such as, multifactor authentication to access networks and devices, adding SCADA network perimeter controls with strict and limiting communications, explicit trusts on applications and users of the system [3]. The Cybersecurity & Infrastructure Security Agency (CISA) suggests these along with regular cyber health tasks like log review through a SIEM, regular password rotations, and maintaining an Incident Response Plan.
Connectivity is a major bonus for these systems, the operators that use them, and the citizens that rely on the functionality. While increased connectivity introduces risks, implementing strong cybersecurity practices and proactive incident planning can significantly reduce potential threats.
References
1. SCADA Systems. “SCADA Systems – Industrial Automation Solutions.” Accessed March 20, 2025. https://www.scadasystems.net/.
2. SecPoint. “SCADA Systems & Their Vulnerabilities.” Accessed March 20, 2025. https://www.secpoint.com/scada-systems-their-vulnerabilities.html.
3. Cybersecurity and Infrastructure Security Agency (CISA). “APT Cyber Tools Targeting ICS/SCADA Devices.” Last modified April 13, 2022. Accessed March 20, 2025. https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-103a.