SCADA stands for Supervisory Control and Data Acquisition, and although it’s not likely to be the first thing to come to mind when discussing cyber security, it certainly should be. As its name implies, it is a type of software designed to supervise – controlling and monitoring – and collect data and well as analyze data for industrial processes. You’ll find SCADA is just about every industrial processing plant around the world, to include manufacturing and utilities production plants. Through the use of SCADA, industrial processes and procedures are made more efficient through a relatively simple command and control architecture composed of several major components: supervisory computers, remote terminal units, programmable logic controllers, communications infrastructure, a historian, alarms, and a human-machine interface.
Supervisory Computers form the backbone of the SCADA system and can vary widely in their complexity, from a single PC to geographically separated systems spanning multiple servers, distributed software applications, and even multiple disaster recovery sites. Remote Terminal Units (RTUs) act as the liaison between the supervisory computing systems and connect to sensors and actuators. While SCADA operators manipulate the human interface machine, RTUs exist to convert those electrical signals and inputs into mechanical outputs, such as the flipping of a switch, the opening of a valve, or collecting measurements and providing feedback to the users. Programmable Logic Controllers (PLC) are very similar to RTUs as they also interface between the supervisory system and sensors and actuators, however, PLCs are more sophisticated than their counterparts, including more embedded control capabilities, often written in numerous programming languages. Finally, they also offer a cheaper, more versatile, and scalable alternative to standard RTUs. The Communications Infrastructure is the glue that ties the whole system together, transmitting commands from the supervisory system to the RTUs and PLCs. This is not to say that the RTUs and PLCs are entirely dependent on this as a system. Operating independently of the supervisory system, PLCs and RTUs are often undeterred by temporary losses of service, able to continue their appointed duties without fail. Upon the resumption of service, monitoring and control can continue. Many of the more robust SCADA systems even install redundant communications pathways in the event of damage or disaster. The Historian is a software service located within the Human-Machine Interface. A critical feature of SCADA, historian enables the collection and storage of historical data, operating metrics, etc. Alarm handling is a critical component to SCADA systems. Just as the system is there to monitor and analyze the information within it, keeping the SCADA operators informed of the goings-on of the system is vital to its continued efficient and safe operation. Finally, the Human – Machine Interface (HIM) can be compared to your standard Graphic User Interface (GUI). Through the HMI, the plant worker or industrial professional can monitor and operate the supervisory system itself.
Given its nearly universal use in utility systems, the ramifications of an unsecure network are just as endless. A well-placed exploit against an undefended system can wreak absolute havoc on national infrastructure. Despite this, SCADA systems are routinely engineered with vulnerabilities. Security and authentication in the deployment of these systems is often viewed as an afterthought, relying instead on the ill-conceived notion that SCADA systems are inherently secured through obscurity – a belief that directly fed into the success of the Stuxnet virus from the not-too-distant past. Another misconception that feeds into their false sense of security is the physical construction of the network itself, believing that if the system is physically secure and not logically connected to the Internet, then it must be secure. Again, breaches of the same caliber as Stuxnet have proven that “air-gapped” networks contribute only to a false sense of security – not any actual sort of security. In defending SCADA, it is critical that organizations actively work to overcome their cyber security inertia – just because your system has yet to be exploited, does not mean that it will never get exploited. Almost unanimously, the question of cyber security breaches is not a question of if, but of when.
The first step in securing SCADA starts with understanding the competing priorities of both standard IT security versus SCADA – centric priorities. Much of the debate between the two entities rests on the point of what each community of users value in their systems. A standard IT system often orders their priorities as confidentiality, integrity, and availability. This model is flipped on its head in the SCADA community, with availability being the most important for the three items, followed by integrity, trailed by confidentiality. In analyzing current trends and historical data, these three items are proven to resolve many of the more routine security issues that commonly plague SCADA systems:
In countering the number of attack vectors often present in SCADA systems, including an office network of firewalls between the different layers of networking just makes comment sense.
Fashioning a defense in-depth takes the DMZ concept a step further. By planning for and developing defensive controls designed to avert threats before they even have a chance of exploiting your system, you effectively create a defense in depth. This could be something as simple as not allowing removable media onto the network without prior scanning and approval. This policy effectively eliminates a common and dangerous attack vector into your system.
Given the busy nature of today’s workforce and occupational demands, workers will want to be able to remote into their SCADA system and continue to accomplish their assigned duties. Rather than choose to introduce a new attack vector into your network, or ban remote working altogether, the use of Virtual Private Networks (VPNs) enables secure web browsing, email exchange, and continued work performance in times of need.
In light of recent attention paid to the importance of cyber security and recent advances in IT networking and cyber security technologies, SCADA networks are evolving. One of the most exciting, but also highly nuanced, advancements of late is the Internet of Things (IOT). Advances in cloud computing technologies has yielded exponential advances in the areas of systems security, system supervision and data collection and analysis. How these advances are going to impact the industrial sector and national infrastructures has yet to be seen but will certainly be exciting.