SCADA Security: Current Scenario and Present Threats

Supervisory Control and Data Acquisition Networks comprise of software and systems which perform critical operations required in providing essential services in the urban infrastructural settings. These are the backbone of a country. These systems being of massive importance, need protection from cyber threats more than any other network does.

These systems are used for the monitoring of production process parameters to provide provisioning of critical services. Initially, these systems were designed with the sole intent to supervise the process and did not necessarily consider the security aspects and external threats.

The life cycle of these systems is of decades which means that they are still utilizing the same frameworks over the internet where they are exposed to obvious security threats. Although the SCADA systems are reliable, flexible and highly scalable, these lack security. This is a cause for concern as the impairment of these systems can cause disruption in the services, redirection of processes and manipulation of the data.

Present Scenario

Over the last decade, there have been major instances of terrorist attacks on SCADA systems in the United States. As a result, many security firms now design solutions keeping the security issues in mind. However, this is not enough. Several government audits conducted have illustrated a lack of protection from the cyber attacks. With the lack of proper defense mechanisms and lack of properly trained personnel, SCADA systems are prone to be mishandled by the attackers.

Nevertheless, there is hope in this bleak scenario. The Internet Security Threat Report published by Symantec in 2012 reports 85 public vulnerabilities in SCADA networks, as compared to the 129 issues in 2011.

Areas in SCADA systems which require attention

In a SCADA network, programmable logic controllers are connected to sensors which feed data to the control equipment. These units are hard coded with default passwords into the ethernet cards used by the system. The hard coded passwords are a common weakness in some industrial control paraphernalia. Most of these connect to gasoline refineries, water treatment units and dams and so, a security breach into these systems would be a national threat. They can sabotage the urban infrastructural setup.

Some of the noteworthy areas in this direction include:

• The supervisory system on the whole
• The PLCs which are used as field devices
• HMIs which act as interface between machine and operator
• Communication infrastructure working over protocols

Anti-national agencies could target any one of these for full access to the networks. It is worthwhile to mention that the SCADA systems can be rendered useless with infection both by network connections and mobile systems such as USB sticks.

Approach to solving the issues in SCADA security

A risk management framework is the best economic approach to fencing off critical cyber assets.

This can be achieved by focusing on the following:
1. Identifying the risks
2. Mitigating the risks by implementing controls, and,
3. Maintenance of risk levels with responsible evaluation and monitoring

 

Related Posts:

SCADA Security 101

Security Aspects of SCADA systems

Understanding SCADA security

SCADA Security Risks and Concerns