SCADA stands for Supervisory Control and Data Acquisition. It is a control system architecture that comprises computer systems, networked data communications, and Graphical User Interface (GUI) for a high-level process supervisory management. In addition, SCADA also incorporates other peripheral devices such as discrete Proportional Integral Derivative (PID) and Programmable Logic Controllers (PLC) to interface with process machinery or plant. One of the applications of SCADA also includes operations and management of the project-driven process in construction. SCADA systems also control most critical infrastructures such as transport systems and industrial networks.
SCADA based on IP-based systems and current trend involves TCP/IP, rather than the traditional proprietary protocols. Therefore, it involves all the threats and vulnerabilities that are associated with Internet Protocol (IP). Efforts are being made to combat threats and vulnerabilities to SCADA systems.
TCP/IP offers several benefits to SCADA, such as:
Moreover, you would also have tremendous economic advantages if you are using an IP-based SCADA system. For example, migrating from a proprietary radio-based network to the IP-based network provides various advantages, including:
SCADA systems are very intelligent, smart control systems. They acquire inputs from numerous sensors and respond to a system in real-time through actuators under program control. SCADA systems, in fact, can function as a supervisory or monitoring system or control system, or even their combination.
An effective SCADA security framework involves some essential characteristics that include:
SCADA systems are suitable for dealing with organizations that have the critical infrastructure, where we can mention the extraction and transportation of oil and gas, as well as electricity and water supply, since the data represented there has gigantic impact power for the structure, for example, from a country.
In this sense, any system or subsystem that affects the state through electronic means, changes control parameters, presents, stores or transmits data can be included in the definition of SCADA. Here, the security concern for these systems should include treatment with unsafe networks and maintenance of equipment and management accesses. SCADA security framework controls involve various security controls that can deal with above-said issues. These are listed below:
Policies are fundamental for building a sustainable security system. Without them, and good security administration, it becomes impossible to keep a system functioning properly, as it will be completely exposed to vulnerabilities that are existed on the network. But not only policies but also other specific security documents, such as security plans and implementation guidelines, can and should be created to define specific practices to be used within a SCADA environment.
An effective SCADA security policy should base on the following essential components:
For the development of these policies, there is a framework, called the SCADA policy framework.
Supervisory management systems whether they are operating under the government, oil and gas companies or any other. However, such systems must be protected and secured from all internal and external threats such as malware or viruses. SCADA cybersecurity framework provides complete guidelines and security controls in this regard.