SCADA

Posted by srock007 on

SCADA

Name: Stephen E. Rockefeller

Date: 3/20/2022

Details:

Critical infrastructure systems include airports, water treatment systems, bridges and tunnels, nuclear plants, highways, and many other systems that are critical to society’s normal daily life and national security. Any interruption to one of these systems can endanger the lives of thousands of individuals or put national security at risk. Interruptions can come in the form of natural disasters, human error, and terrorist attacks. The occurrence of cyber-attacks on critical infrastructure systems continues to grow at an alarming rate. With the instability around the world, and the most recent Russian invasion of Ukraine, cyber threats continue to grow around the globe.

Laremenko (2022), states the convergence of digital and physical systems has created a scenario that is ripe for cyber security risks. She goes on to state the burden of this risk falls on both the public and private sectors and it is their shared responsibility to provide reliable security that ensures the safety of our critical infrastructure systems. Whether it is a natural disaster, human error, or an intentional cyber-attack, it is vital that these critical infrastructure systems are protected against interruptions or failures. Tal, (2019) notes the backbone of our society rests in our ability to manage and secure our own critical infrastructure.

Vulnerabilities to infrastructure systems range from malware attacks to DDos attacks. From our nuclear plants to our underground subway system, a breach in security cannot just shut down a system, but it can endanger the lives of thousands of individuals. Laremenko, (2022) defines the top five risks and threats to our critical infrastructure systems as network segmentation, DDoS attacks, web application attacks, malware attacks, and command injection and parameters manipulation. All of these vulnerabilities can be exploited when adversaries are able to intrude or attack our systems using these methods. The author of this blog goes on to state the only protection we have is to implement a critical infrastructure protection plan.

The article provided in our class explains the Supervisory control and data acquisition, SCADA, as an industrial control system that is used to control infrastructure processes. This system plays a significant role in securing and mitigating risks and threats to our critical infrastructure systems. SCADA was developed to centralize and control sites and complex systems. Control actions are mostly automated, and actions are performed via RTUs (remote terminal units). In the article, What is SCADA (2018), a basic SCADA system is designed with programable logic controllers (PLCs) or RTUs that communicate with multiple types of critical infrastructure devices. This data is then routed to computers with SCADA software to process, distribute, and display the data for analysis.  The SCADA system will notify an operator if data is showing a high level of incidence errors. This enables the operator to determine where the malfunction is happening, why it is happening, and take the appropriate actions. Below is an illustration showing the basic SCADA system (2018).

Diagram Description automatically generated

Our in-class article reports that SCADA is now into its third generation. The latest generation provides communication through a WAN protocol. Much like internet protocols, these protocols can be accessed through internet capabilities and therefore has increased the vulnerability of SCADA. According to the article, current SCADA systems are now updated with TCP/IP and ethernet protocols. Future generations of SCADA will use XML web services making them more IT support friendly. Although technology is working to keep SCADA secure these systems remain the target of cyber terrorism and cyberwarfare. The author goes further to state the major threats to SCADA include unauthorized access, viruses that negatively impact the control host machine, and packet access. While these threats to SCADA impact the security of critical infrastructure, without a system such as SCADA, our ability to monitor and mitigate security breaches would be limited and put major systems at high risk. We have seen a surge in cyber security threats and these threats are likely to continue growing in numbers as wells complexity. Our job lies in our ability to stay a few steps ahead of these threats and continue to develop and elevate the level of protection of our critical infrastructure systems.

References:

‌ Laremenko, A. (2022, March 7). 5 threats to Critical Infrastructure Security. HUB Security. Retrieved March 19, 2022, from https://hubsecurity.com/blog/critical-infrastructure-security/5-threats-to-critical-infrastructure-security/

‌ Tal, J. (2019, September 20). America’s critical infrastructure: Threats, Vulnerabilities, and Solutions. Security Infowatch.com. Retrieved March 18, 2022, from https://www.securityinfowatch.com/access-identity/access-control/article/12427447/americas-critical-infrastructure-threats-vulnerabilities-and-solutions

What is SCADA? Inductive Automation. (2018, September 12). Retrieved March 20, 2022, from https://inductiveautomation.com/resources/article/what-is-scada

Leave a Reply

Your email address will not be published. Required fields are marked *