Security of the SCADA System

Introduction

The advent of new technologies that support enhanced communication has greatly influenced the manner in which sharing of information occurs within modern industries. In modern industrial practices, Supervisory Control and Data Acquisition (SCADA) system has been an imperative program in data acquisition and control because it supports system operations. The SCADA system forms part of large control systems for industries known as Industrial Control System (ICS), which is commonly used in the distribution systems that monitor and control actions or messages in the control systems (Hildick-Smith 6). Although it is successful in supporting industries in its operations, the SCADA system serves in the most vulnerable environment. To enhance its desirability and significance in the industries, securing the SCADA system from potential security threats is therefore essential. Hence, this research paper intends to investigate the security of the SCADA system in terms of the potential threats and recommends best practices to improve its security.

Proprietary network
(Source: Kim 3).

Major Security Vulnerabilities of SCADA

Since SCADA is useful in handling important data in the industrial control system, responsible for gathering data from the sensors and instruments situated within the remote site, and transmitting the data to the central site, SCADA faces numerous risk-related factors. The SCADA system is part of the industrial control systems, which are important to the operations of the critical infrastructures of the United States that entail highly interrelated and mutually reliant systems (Hildick-Smith 8). As the SCADA system infrastructure is essential for controlling important operations in the distribution systems, including water supply, oil and gas pipelines, wastewater collection systems, electrical transmission systems, as well as the rail and other transport systems, the critical infrastructure is susceptible to security issues. Kim (3) identifies security threats associated with SCADA within the control system as cyber-based system attacks, network and internet security attacks, and data from hacking terrorist groups, hostile governments, malevolent intruders, industrial spies, human technical errors and accidents, natural hazards, and even equipment failures.

Until recently, research conducted on the threats associated with the SCADA system and the network of the Industrial Control Systems (ICSs) unveiled that there are two major threats that can potentially affect the operations of the SCADA system (Kim 2). The first category of security risks involves the threats associated with unauthorized access to the system control software and the hardware, deliberately from human access or with the unintentional virus infection that also involves human involvement (Kim 5). The second foremost threat to the SCADA system is the threat of packet access to the network components hosting the SCADA devices essential in the data control process (Hildick-Smith 14). The initial setup and practices involved in the SCADA system and its operations had minimal threats or related to the security of the operating systems. Although SCADA has had excellent operational functionality, modern approaches to improving the SCADA system have even posed more security challenges than anticipated earlier in the reforms.

SCADA Cyber-Based System Attacks

Responsible for gathering, controlling important messaging, and managing action systems associated with the critical government infrastructures, the security networks of SCADA are vulnerable to attacks from the cyber system attackers commonly known as hackers (Kim 2). Since the system holds important government information, including financial secrets of the critical infrastructures, attackers seek ways of extracting important information from the SCADA system and using it against the government. America continues to experience threats from the prevalence of organized cybercrime groups that not only prove harmful to the cyber users, but also potentially harmful to network control systems because it allows intruders to access data systems (Amin, Litrico, Sastry, and Bayen 1). Modern changes in the SCADA systems from the initial independent vendor-controlled design to dependent and interconnected channels have predisposed the system to potential cyber-related vulnerabilities. Kim states that “the current SCADA systems remain distributed, networked, and dependent on open protocols for the internet, which make them vulnerable to remote cyber terrorism” (2). Ascertaining and providing an accurate account of cyber incidents is even difficult due to the complexity of the system and the huge number of users.

Cyber attackers have become one of the most technologically suave intellects who break into the SCADA data control systems with high abilities in developing remote cracking devices that hack important SCADA data security protocols. Cyber incidents associated with cybercrime in the SCADA system come in three major categories, namely, computer-based accidents, targeted hacking incidents, and non-targeted incidents. Although they possess different threat capacities, they are all cybercrime issues that are difficult to account, assess, or even ascertain, and thus normally pose great challenges to the network control systems and the SCADA system. The present common practices associated with the utilization of the SCADA system as demonstrated by Hildick-Smith (8) leaves the system to assorted vulnerabilities. The absence of real-time monitoring and improper encryption of the system, coupled with proliferating unsafe network designs, presence of wireless vulnerable devices, and proper restriction of public access, puts the SCADA system into a precarious state where it is prone to security threats. Attackers also possess sophisticated hacking tools that threaten data security within the SCADA system.

Potential cyber attackers that influence security concerns of the SCADA system include organized cybercrime groups, technologically suave terrorists, insiders, and other industrial spies (Hildick-Smith 13). The systems have been recording attacks, with evidence indicating that these criminal groups seek monetary gain through hacking important information from the SCADA system that is imperative to the critical infrastructure (Amin, Litrico, Sastry, and Bayen 2). Cybercriminals and other attackers do not only destroy the system structures physically, but also have multiple cyberspace systems that coordinate attacks, distribute spam messages, phishing schemes, and even malware attacks (Hildick-Smith 10). The presence of such programs interferes with the systems of SCADA and its operations as it losses important data communication system protocols, which predisposes it to other numerous security threats (Kim 3). Due to lack of strategic security plans, both the hardware and the software of the SCADA system employed to meet functionality demands remain prone to cyber attacks from the organized criminals of cybercrime.

Network and the Internet Security Attacks, (TCP/IP Drawbacks)

Cyber attacks comprise all the system attacks associated with the aggressions of technical systems and the network protocols used by the SCADA data control system, but identifying them individually is essential in this case. According to Amin, Litrico, Sastry, and Bayen, the SCADA computerized system enables real-time processes through integrated network protocols that also involve several vulnerabilities in securing the operation data (4). Extensions, which include both logical communication network links and physical connections, are susceptible to various security threats that threaten the functionality of the SCADA system (Kim 3). Opposed from its present setup, the convectional SCADA system operated separately from the business systems only through the operational network, and hackers and civilians had little knowledge about the system (Hildick-Smith 12). The growth in the industries has impelled additional connectivity in the SCADA system from small range networks of diverse network systems and consequently raises new security concerns in the operating systems. The presence of the open standards used for communication in the SCADA networks poses significant security challenges.

The major advancements in the SCADA system entail modernization that includes the integration of the Internet Protocol (IP) based systems to enhance the performance of the system to meet the rising modern industrial demands (Kim 5). Despite proving essential in improving data monitoring and control, the presence of the IP-based SCADA system has presented unique challenges to industrial operations. Amin, Litrico, Sastry, and Bayen assert that the Internet Protocols (IPs) and the Transmission Control Protocol (TCP) have recently indicated security lapses in the SCADA system, as they have been experiencing attacks on the communication stacks (1). The intent of integrating the IP-based standards in the SCADA system is to provide specific security in the selective part of communication that included securing client/server applications against attackers. Contrastingly, IP communication is vulnerable to great attacks, as invaders can route the packets through the field devices from anywhere, as they no longer depend on physical access through the systems (Kim 5). Therefore, IP communications have become more predisposed to attacks than serial communication protocols.

The TCP/IP derived from the SCADA system replaced the proprietary interfaces, but has increased the possibility of enhanced security vulnerabilities and incidents of data security threats (Hildick-Smith 17). To understand the risks associated with the IP-based SCADA system, one must know that the SCADA system encompasses sensors and other instruments necessary in acquiring information regarding the physical processes of monitoring and controlling the industrial operations (Kim 5). These sensors remain connected to the field control devices, including RTUs (Remote Terminal Units) and the PLCs (Programmable Logic Controllers) to share, transmit signals to the digital data responsible for determining the next decision depending on predestinated programmed commands of the main system operators (Kim 5). These decisions are capable of determining the course of action of the other equipment and can potentially change the system control parameters. The fielded devices depending on the TCP/IP communication may face attacks from highly suave hackers who manipulate the system operations for their personal gain.

Internet
(Source: Kim, 4).

Platform, Policy, and Procedure Vulnerabilities

Apart from the risks of SCADA associated with the technical complexities in the network parameters, this system has experienced a long history of mismanagement, poor policy-making approaches, and procedural vulnerabilities. Over its operational years, potential threats to the security of the SCADA system emanate from the inappropriate or even nonexistence of security enforcement strategies, characterized by poor security management programs (Amin, Litrico, Sastry, and Bayen 6). Policies established are either few or even completely not existing in the SCADA system; hence, posing threats to the entire Industrial Control Systems (ICSs). Few policy frameworks that enhance the security of the SCADA system currently exist in the operational controls, and this predisposes the system to potential security threats. Loopholes in the security planning and management of the SCADA system predispose the system to serious security problems. This allows malicious attackers to find ways of manipulating the system with little awareness on the part of the SCADA system management, which consequently poses a great security challenge to the entire ICSs.

Recommendations

When threats compromise the security function of the SCADA system within the critical infrastructure known to be imperative to the national interest and its people, the life of nationals remains at stake, as they might lose resources important to them (Amin, Litrico, Sastry, and Bayen 3). Critical infrastructure that involves transportation systems, telecommunication networks, oil and gas pipelines, banking and finance, electrical power systems, water supply units, and emergency services require monitoring and protection. Eliminating such security threats, therefore, becomes an essential approach that enhances resource availability and assures security to civilians. Several approaches may deem essential in eliminating potential security threats associated with the SCADA system, but risk assessment, monitoring and evaluation programs are essential in the mitigation of such threats. Kim (7) asserts that, “to raise security to an acceptable level, appropriate risk management and security planning are essential.” This will include a proper reexamination of the new approaches designed to transform the system, as well as other relevant threats associated with the utilization of the SCADA system.

Risk Assessment Plans in the SCADA system

A continuous process in ensuring the security of the SCADA system involves a proper risk assessment and management plan that should involve proper examination of the devices essential in the system operations and often predisposed to threats (Hildick-Smith 16). The industrial management concerned with the industrial control systems (ICS) must ensure that the main control system components of the SCADA system, which include the Programmable Logic Controllers and Remote Terminal Unit, must undergo rigorous scrutiny on a regular basis to eliminate security threats (Amin, Litrico, Sastry, and Bayen 6). The industrial control system experts should analyze the network-related risks, architectural ambiguities, technical difficulties that affect risk mitigation and consequences and costs of incidences of security attacks. Experts should conduct an appraisal of how the hacking and attackers’ tools work in the attacks, evaluate their potential consequences to the control system, and devise plans to counter any proliferation of the risks identified in the evaluation. A risk assessment would provide a means of controlling the attacks when at their early stages.

Disconnecting Unnecessary Connections in the SCADA network

Major security threats to the SCADA system emerged during the reforms that resulted in a control system with numerous connections and communication channels connected to the SCADA platform. Since these multiple internet communication channels surrounding the SCADA system affect the proper assessment of the threats associated with the system, it is essential to isolate the SCADA network to remain independent. Kim (5) recommends that “the SCADA IP network should be located physically separate from corporate networks and other untrustworthy networks” (5). When the physical separation is not applicable to the systems, it is essential to consider logical separation, although the logical isolation contains some technical difficulties that are risky (Kim 5). Operation controllers should avoid the use of Virtual Local Area Network (VLAN) technology to enhance the logical separation of the SCADA IP communications from the IP communications since the VLAN technology contains little security capabilities (Hildick-Smith 18). Experts should use the buffer network to terminate other untrustworthy IP networks.

Integrating Intrusion Detection Systems

Any unauthorized intrusion to the SCADA networks poses significant security threats to the entire industrial control system and one of the potential means of mitigating security risks is to control such intrusions (Amin, Litrico, Sastry, and Bayen 1). Securing networks, prevention of intrusion, and the use of antivirus and sophisticated intrusion detection systems (IDS) and devices would reduce cybercrime-related incidences (Kim 5). The IDS devices will potentially assist in preventing hacking of messages by the attackers, as the systems disrupt and disturb communication initiated by attackers. Once the system establishes a connection between the SCADA master and the Remote Assets (RAs), the IDS must continuously monitor and detect anomalous activities and malevolent nodes within the operating systems (Kim 9). This should also involve the training of competent personnel who can handle security-related matters, including designing security policies, training programs, and attack response mechanisms to help in the mitigation of security threats (Hildick-Smith 7). Security alerts, malicious code detection, data integrity checking should be essential industrial security practices.

Physical Environment Protection

Just as other operational devices for industries, the supervisory control, and data acquisition systems serve in a physical environment that is normally prone to physical disruptions from both human activities and natural disasters (Kim 4). The best security of the SCADA system entails physical protection from external aggression that entails the protection of the physical locations, providing tracking systems of people, and developing access-monitoring systems among other important strategies (Hildick-Smith 9). Malicious physical human activities interfere with the physical hardware and subsequently interfere with the logical communication network connections of the SCADA operational system that presents potential risks to the entire ICSs. When authorized to interfere with the physical components of the system, human beings who include dangerous attackers pose threat to the security of the important information contained in the SCADA system (Amin, Litrico, Sastry, and Bayen 1). Physical protection of components such as the meters, controllers, data cables, and other facilities normally enhance the protection of the data in the SCADA system.

Proper Vending on Operating Systems (OS) and Software

Cybercrime groups are highly suave internet criminals who have great knowledge of the presence of software trending within the markets (Hildick-Smith 15). Whilst it is essential and mandatory for the SCADA to use operating systems due to its recent computational abilities, vendor software patches contain vulnerabilities that the system experts must familiarize themselves with before purchasing the software (Hildick-Smith 17). Deception attacks proliferate from well-informed hackers who have information about the manufacturing and release of the software used by the industries, and hence, protecting the privacy of the software used in the system operations becomes an essential issue (Hildick-Smith 4). Proper maintenance of the operating system and the application security should prevail, the industry system operators must understand the complexities of the software, recent modifications, and perform strict regression testing.

Conclusion

The Supervisory Control and Data Acquisition (SCADA) system are one of the most integral subset systems of the Industrial Control Systems (ICS) that is responsible for monitoring and controlling information sharing across the systems. Since the control systems are interconnected and linked to each other, they are very important in the United States because they transmit crucial information. The SCADA system is vulnerable to cybercrime attacks on the software used in the control systems and the network segment supporting the SCADA devices. Due to the lack of proper risk assessment and security management protocols in the SCADA system, the modern system that entails computational capabilities remains proof to attacks from highly IT suave attackers. Protecting the physical environment of SCADA, separating, and making the SCADA IP network independent, proper vending of the operating system, and disconnecting unnecessary multiple connections to the SCADA network would reduce the security threats.

Works cited

Amin, Saurabh, Xavier Litrico, Shankar Sastry, and Alexandre Bayen. “Cyber Security of Water SCADA Systems: Analysis and Experimentation of Stealthy Deception Attacks.” Transactions on Control Systems Technology 20.10 (2012):1-8. Print.

Hildick-Smith, Andrew. “Security for Critical Infrastructure SCADA Systems.” SANS Institute (2005): 1-21. Print.

Kim, HyungJun. “Security and vulnerability of SCADA Systems over IP-Based Wireless Sensor Networks.” International Journal of Distributed Sensor Networks 1.1 (2012): 1-11. Print.