What is SCADA?

Supervisory Control and Data Acquisition (SCADA) is a system of software and hardware elements that allows industrial organizations to:

  • Control industrial processes locally or at remote locations
  • Monitor, gather, and process real-time data
  • Directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software
  • Record events into a log file

SCADA systems are crucial for industrial organizations since they help to maintain efficiency, process data for smarter decisions, and communicate system issues to help mitigate downtime.

The basic SCADA architecture begins with programmable logic controllers (PLC’s) or remote terminal units(RTU’s). PLCs and RTUs are microcomputers that communicate with an array of objects such as factory machines, HMIs, sensors, and end devices, and then route the information from those objects to computers with SCADA software. The SCADA software processes distribute, and displays the data, helping operators and other employees analyze the data and make important decisions.

For example, the SCADA system quickly notifies an operator that a batch of products is showing some errors. The operator then pauses and views the SCADA system data via an HMI to determine the cause of the issue. The operator reviews the data and confirms that machine number 4 was malfunctioning. The SCADA system’s ability to notify the operator of an issue helps the operator to resolve it and prevent further loss of the product.

A basic SCADA Diagram:-

Who uses SCADA?

SCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. SCADA systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations, SCADA systems are the backbone to many modern industries including:

  1. Energy
  2. Oil and gas
  3. Transportation
  4. Food and beverage
  5. Power
  6. Water and wastewater
  7. Manufacturing
  8. Recycling etc.

Examples of SCADA security threats and Vulnerabilities :

With the growing threat of cyber-attacks and cyber warfare, the security of certain networks is under scrutiny by those hoping to protect them. Rising cases of SCADA network attacks and attacks have caused increased discussion of the topic. Everyone from large companies to local and federal governments are all vulnerable to these threats to SCADA security. Schneider Electric is a multinational corporation that
specializes in energy management automation and SCADA networks. According to a recently reported story on DarkReading.com, Schneider was hacked, and the digital assailants gained control of the company’s emergency shutdown system and used it to
target one of Schneider’s customers.

Specific types of threats to SCADA networks fall into four categories:
Hackers: Intentional, malicious individuals or groups that are intent on gaining access to key components in SCADA networks. These hackers could also be part of a government plan as a type of cyber warfare.
Malware: Malware would include viruses, spyware, and other programs not necessarily targeting SCADA networks. While they may not be specifically targeting these networks, malware still poses a threat to the operation of key infrastructure.
Terrorists: Hackers may want access for malicious intent, but are typically motivated by sordid gain. Terrorists are typically driven to cause as much damage as possible to critical systems of particular services.
Insider Error: Workers are a common cause of SCADA network issues. Either intentionally (due to internal work issues) or, more commonly, operator error. Most issues in this category are due to poor training or carelessness.

SCADA SYSTEM SECURITY WEAKNESSES

SCADA networks are made up of hardware, firmware, and software. Newer networks are, at least partially, controlled by applications. Each point of the network has its own form of security threats. However, hackers are targeting systems with some of the same common weaknesses.

Some of those weaknesses include –

Poor Training: Most employees understand the vital nature of the systems and how to operate and monitor controls. Although, many who operate SCADA systems are undertrained in preventing, monitoring, and identifying potential threats to security.
App Development Loopholes: Apps have become an increasing part of industrial control systems. Yet, many applications being developed lack the level of security to be expected for such vital systems.
Monitoring Issues: One type of monitoring is to ensure that systems are running properly. Another is to seek out potential threats to the network. In many cases, a threat is not detected until hackers have access to certain systems and have begun to exploit them.
Lack of Maintenance: Software becomes outdated, new application updates are created to improve the functionality or security, and bugs in the programming get fixed. If these updates are not administered quickly and properly, vulnerabilities occur.

SCADA SECURITY BEST PRACTICES

There are many points of vulnerability and multiple effective measures to protect each. However, there are a few components of SCADA security that are common to any network. These preventative measures can be employed by any industrial control network.
1. Map All Current Systems :
Everywhere your system connects to the internet and internal networks should be documented. Every piece of hardware, software, firmware, and application needs to be part of a map of the overall SCADA network. Anyone who has access to these systems, especially apps, should also be documented. Knowing all points of data entry and exit is important to identify all potential access points for malware and hacks.

2. Institute Monitoring and Detection :
Many SCADA networks are still without necessary monitoring and detection systems, making them incredibly vulnerable to attacks and malware. Once every connection and device is documented, monitoring and detection controls are a crucial next step.
Network segmentation should be employed to separate other crucial business systems and because attacks on SCADA networks are increasingly exploiting both physical and cyber vulnerabilities, it’s crucial to align physical security posture for SCADA networks.

3. Create Procedures for Network Security :
Security is something that needs constant attention. Security checks, report monitoring, and standard protocols will have to be instituted
and employed by all who have access to the SCADA network. Asset, vulnerability, and risk assessments should be conducted on an ongoing
basis to adopt security measures to the ever-changing threat landscape and promptly address vulnerabilities. It takes a carefully thought-out combination of security policies and effective controls to adequately secure today’s complex industrial control systems. Understanding common weaknesses, creating and implementing an action plan to bring security to an acceptable level, and employing a standard operating procedure for security protocols will minimize the risk posed by an increasingly hostile Internet.

CONCLUSION:
E Com Security Solutions, a big 4 cybersecurity firm conducts industrial control systems security testing services. They build and test attack scenarios to uncover critical vulnerabilities exposing your most valuable industrial control systems. Using the “attacker mindset,” E Com Security Solutions cybersecurity team uncovers vulnerabilities along the attack chain before criminals can exploit them and can manage the entire remediation process and, in cases where patching is too risky, can recommend countermeasures to reduce risk.