SCADA systems are the heart of most modern industrial facilities. We’re going to discuss what SCADA is and why cybersecurity for this important system matters.
WHAT EXACTLY IS SCADA?
SCADA systems are the supervisory-level control point over machinery and processes across the entire facility. It is a subset of ICS that combines hardware and software to give organizations control over an entire facility and/or multiple connected facilities.
There are 5 key components to a traditional SCADA system:
- Communication channel
- Human Machine Interface (HMI)
- Programmable Logic Controller (PLC)
- Remote Terminal Units (RTUs)
- Supervisory system
The PLCs and RTUs communicate with the facility machinery and devices and sends information to the Human Machine Interface (HMI), controlled by a human operator. The operator monitors and controls the system, and sends the data to the SCADA server, which then sends commands to the process. This process can be done on site or remotely.
WHAT ARE THE MAIN THREATS TO SCADA SYSTEMS?
Since the SCADA system controls numerous points within a facility, a single vulnerability puts the entire site at risk. Communication on the network is critical to ensure the SCADA runs smoothly. If this communication is interrupted, it could shut the entire operation down. It’s important to remember the system will be connected to the company network, so any network vulnerabilities become SCADA vulnerabilities. Here are a few common threats:
Distributed Denial of Service (DDoS)
A Distributed Denial of Service (DDoS) attack attempts to overwhelm a server’s capacity limits until it slows down dramatically or shuts down entirely.
Ransomware is malware that attackers use to encrypt a server and/or important files until a ransom is paid. The Colonial Pipeline attack and more recently, the NEW Co-op attack made headlines highlighting an uptick in cyberattacks targeting critical infrastructure. With more critical infrastructure using SCADA systems, this creates a perfect storm for disaster.
Remote Access Trojans (RAT)
Remote Access Trojans (RAT) is malware that attempts to give an outside user remote administrative control over critical systems. This attack is often targeted on SCADA, which naturally has administrative control over the facility.
Even with high technology and automated systems, humans make mistakes sometimes. Phishing emails and even reused passwords can be used as entry points into a system.
Best Practices to secure SCADA systems
Here are a few steps organizations can take to secure their SCADA:
Implement threat detection and monitoring
The key to securing SCADA is monitoring. Having an automatic threat detection and monitoring solution on the network will prepare organizations for an attack before it even happens. A threat response solution is a major plus.
Educate employees and create a cybersecurity plan
Organizations should also educate and train their employees on cybersecurity, and create an organizational plan for cyberattacks.
Identify humans users and manage connected devices
Organizations must implement strong controls on who can access the SCADA network and any devices connected to it. Vulnerabilities of connected devices become SCADA vulnerabilities, so maintaining inventory of these devices reduces entry points for attackers.
Implement Network Segmentation
Network segmentation involves dividing a big network into smaller, more manageable segments. This prevents lateral movement of attackers and makes attacks much more difficult.
Maintain system updates and patches
Outdated systems are popular targets for cyber attacks. Automatic patches and updates will keep the system running smoothly and securely.
SCADA systems are vast with numerous control points. It can seem overwhelming trying to secure this system, but with due diligence and a cybersecurity state of mind, it is entirely possible.