SCADA Security 101

SCADA systems are supervisory systems which are used for automation in the modern industries. They are highly flexible, robust and scalable, due to which they have emerged as the backbone of modern infrastructure.

While the SCADA systems are highly preferred, they were not designed with the most secure protocols as there was no network sharing. However, with the arrival of the Internet, the network can be accessed over the corporate networks, mobiles and laptops, which can cause a serious compromise in their security.

Any of the following subsystems of SCADA can be breached without proper cyber security mechanisms:

• Supervisory system on the whole
PLC and sensors
• HMIs
• RTUs
• Communication infrastructure
• Process instruments

Terrorists can target any one of these components and gain access to the entire network. They can then compromise a controlled process or any associated equipment.

Identification, Monitoring and Maintaining connections of SCADA networks

It is important to identify all connections in a SCADA network so that the risk of exposure can be evaluated and all countermeasures can be deployed to mitigate the risks. This can be done with the help of network audits.

The network audits comprise of the following details:

• Unique assigned tag numbers
• Functionality descriptions
• Physical location of device
• Security mechanisms for physical parameters
• Network connections
• MAC, IP, and SCADA network addresses assigned to the device
• Available physical interfaces

Protection from real-time threat

Recent attacks on the SCADA networks have been highly sophisticated in nature. These can, therefore, not be rejected by simple patch management of the internal service control.

In such a scenario, a layered approach was proposed by the experts. In such an arrangement, each layer of defense is represented by category of system components which need to be secured.

This include:

• Perimeter control such as Internet perimeter controlled
• Policies, procedures and employee security such as disaster recovery
• Network architecture security such as routers, switches, and firewalls
• Network operating systems such as domain securing, and;
• Host security

Securing protocols and services

All SCADA systems are based on operating systems which can be breached in the same way as other platforms. Therefore, it is crucial to assess all the exposed services and the protocols which are adopted by disabled procedures and network daemons, so that the attack surface may be reduced.

The following services must be properly evaluated:

• Remote assistance
• Web access
• Mailing services
• Meter reading and billing services
FTP controls

The first step to deal with security threats in SCADA networks is to implement all the security features suggested by the vendor. These are usually in the form of updates and product patches. Also, the personnel responsible for installation and maintenance must be aware of all the enabled features of the system and the essential security features. A regular risk assessment audit is another effective method to mitigate the risk associated with the cyber attacks.

 

Related Posts:

SCADA Security: Current Scenario and Present Threats

Security Aspects of SCADA systems

Understanding SCADA security

SCADA Security Risks and Concerns