Supervisory control and data acquisition (SCADA) networks are widely used in modern industrial organizations to monitor and analyze real-time data, control both local and remote industrial processes, interact with devices, and log data and events for auditing and other purposes. Because SCADA networks are vital to the industrial organizations that use them – and because they are comprised of hardware and software that may be subject to vulnerabilities – SCADA security is a growing need in the industrial sector.
Definition of SCADA Security
SCADA Security is broad term used to describe the protection of SCADA networks. These networks are made up of computer hardware and applications and are utilized to control and monitor vital infrastructure in nations where they are employed. Some of the systems utilizing SCADA networks include natural gas, electricity, water, and other key services.
Due to the valuable role and vulnerabilities of these networks, measures are taken by governments and private companies to ensure the safety of these systems. SCADA security is a term to describe measures taken to protect SCADA networks as well as to discuss vulnerabilities (i.e. common SCADA security problems).
Examples of SCADA Security Threats and Vulnerabilities
With the growing threat of cyber-attacks and cyber warfare, the security of certain networks is under scrutiny by those hoping to protect them. Rising cases of SCADA network attacks and attacks have caused increased discussion of the topic.
Everyone from large companies to local and federal governments are all vulnerable to these threats to SCADA security. Schneider Electric is a multinational corporation that specializes in energy management automation and SCADA networks. According to a recently reported story on DarkReading.com, Schneider was hacked, and the digital assailants gained control of the company’s emergency shutdown system and used it to target one of Schneider’s customers.
Specific types of threats to SCADA networks fall into four categories:
1. Hackers: Intentional, malicious individuals or groups that are intent on gaining access to key components in SCADA networks. These hackers could also be part of a government plan as a type of cyber warfare.
2. Malware: Malware would include viruses, spyware, and other programs not necessarily targeting SCADA networks. While they may not be specifically targeting these networks, malware still poses a threat to the operation of key infrastructure.
3. Terrorists: Hackers may want access for malicious intent, but are typically motivated by sordid gain. Terrorists are typically driven to cause as much damage as possible to critical systems of particular services.
4. Insider Error: Workers are a common cause of SCADA network issues. Either intentionally (due to internal work issues) or, more commonly, operator error. Most issues in this category are due to poor training or carelessness.
SCADA System Security Weaknesses
SCADA networks are made up of hardware, firmware, and software. Newer networks are, at least partially, controlled by applications. Each point of the network has its own form of security threats. However, hackers are targeting systems with some of the same common weaknesses.
Some of those weaknesses include:
1. Poor Training: Most employees understand the vital nature of the systems and how to operate and monitor controls. Although, many who operate SCADA systems are undertrained in preventing, monitoring, and identifying potential threats to security.
2. App Development Loopholes: Apps have become an increasing part of industrial control systems. Yet, many applications being developed lack the level of security to be expected for such vital systems.
3. Monitoring Issues: One type of monitoring is to ensure that systems are running properly. Another is to seek out potential threats to the network. In many cases, a threat is not detected until hackers have access to certain systems and have begun to exploit them.
4. Lack of Maintenance: Software becomes outdated, new application updates are created to improve the functionality or security, and bugs in the programming get fixed. If these updates are not administered quickly and properly, vulnerabilities occur.
SCADA Security Best Practices
There are many points of vulnerability and multiple effective measures to protect each. However, there are a few components of SCADA security that are common to any network. These preventative measures can be employed by any industrial control network.
Map All Current Systems
Everywhere your system connects to the internet and internal networks should be documented. Every piece of hardware, software, firmware, and application needs to be part of a map of the overall SCADA network. Anyone who has access to these systems, especially apps, should also be documented.
Knowing all points of data entry and exit is important to identifying all potential access points for malware and hacks.
Institute Monitoring and Detection
Many SCADA networks are still without necessary monitoring and detection systems, making them incredibly vulnerable to attacks and malware. Once every connection and device is documented, monitoring and detection controls are a crucial next step.
Network segmentation should be employed to separate other crucial business systems. And because attacks on SCADA networks are increasingly exploiting both physical and cyber vulnerabilities, it’s crucial to align physical security with cybersecurity measures. Application whitelisting, firewalls, and unidirectional gateways are just a few of the security measures (.PDF) used in combination to build a defensive security posture for SCADA networks.
Create Procedures for Network Security
Security is something that needs constant attention. Security checks, report monitoring, and standard protocols will have to be instituted and employed by all who have access to the SCADA network. Asset, vulnerability, and risk assessments should be conducted on an ongoing basis (.PDF) to adapt security measures to the ever-changing threat landscape and promptly address vulnerabilities.
It takes a carefully thought-out combination of security policies and effective controls to adequately secure today’s complex industrial control systems. Understanding common weaknesses, creating and implementing an action plan to bring security to an acceptable level, and employing a standard operating procedure for security protocols will minimize the risk posed by an increasingly hostile Internet.
