SCADA security against a range of cyber attacks is mission-critical to protect a vast range of infrastructure, both public and private.
Supervisory Control And Data Acquisition (SCADA) is a control system architecture consisting of computers, networked data connections, and graphical user interfaces for overseeing equipment and processes at a high level.
Using SCADA, both large and small systems may be constructed. Depending on the application, these systems might include anywhere from tens and thousands of control loops. Industrial, infrastructure, and facility-based processes are some examples of processes.
Manufacturing, process control, power generation, fabrication, and refining are examples of industrial processes that may operate in continuous, batch, repetitive, or discrete modes.
Public or private infrastructure procedures include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electric power transmission, and wind farms.
Processes associated with structures, such as buildings, airports, ships, and space stations. They monitor and regulate heating, ventilation, and air conditioning (HVAC) systems, access, and energy usage.
However, SCADA systems may contain security flaws; therefore, the systems should be examined to identify risks and adopt solutions to mitigate those risks.
There is usually a structural format as per the following sections:
This is the heart of the SCADA system, collecting process data and transmitting control directives to field-connected equipment. It contains the HMI software running on operator workstations and the computer and software responsible for interfacing with the field connection controllers, which are RTUs and PLCs. In smaller SCADA systems, the supervisory computer may be a single PC, in which case the HMI is incorporated into this computer. In larger SCADA systems, the master station may consist of several HMIs housed on client computers, multiple servers for data acquisition, distributed software applications, and sites for disaster recovery.
Remote terminal units, often known as (RTUs), connect process sensors and actuators to the supervisory computer system over a network. RTUs typically adhere to the IEC 61131-3 standard for programming and offer automation via ladder logic, a function block diagram, or a number of additional languages. It is fairly uncommon to find RTUs functioning on a modest solar power system, using radio, GSM, or satellite for communications, and being ruggedized to withstand temperatures ranging from -20C to +70C or even -40C to +85C without external heating or cooling equipment.
Also known as PLCs, these are networked to the supervisory system and connected to the process’ sensors and actuators. PLCs often have a high-speed link to the SCADA system in factory automation. In remote applications, such as a major water treatment plant, PLCs may connect directly to SCADA over a wireless link or, more often, utilize an RTU for the administration of communications. PLCs are purpose-built for control and served as the basis for the IEC 61131-3 programming languages. For remote sites with a large number of inputs and outputs, PLCs are frequently utilized instead of RTUs due to budgetary considerations.
This component connects the supervisory computer system to the RTUs and PLCs via industry-standard or manufacturer-specific protocols. Both RTUs and PLCs regulate the process autonomously in near-real time using the most recent command from the supervisory system. The failure of the communications network does not necessarily halt the plant process controls, and the operator can resume monitoring and control once connections are restored. Some mission-critical systems will have twin redundant data highways, which are frequently cabled via several paths.
The human-machine interface (HMI) is the supervisory system’s operator window. It displays plant information to operating people as mimic diagrams, which are schematic representations of the controlled plant, and alarm and event tracking pages. The HMI is connected to the SCADA supervisory computer in order to give real-time data for the mimic diagrams, alarm displays, and trending graphs. In several implementations, the HMI serves as the operator’s graphical user interface, collects all data from external devices, generates reports, and performs warning and notification functions.
The HMI is utilized for plant supervision, with operators delivering commands via mouse pointers, keyboards, and touch screens. For instance, a pump symbol can indicate to the operator that the pump is operating, while a flow meter symbol can indicate how much fluid is being pumped via the pipe. With a click of the mouse or tap on the display, the user can deactivate the pump from the simulation. The HMI will display the fluid flow rate in the pipe decreasing in real time.
The management of alarms is a crucial component of the majority of SCADA setups. The system determines whether an alert event has happened by determining whether certain alarm requirements are met. After detecting an alarm occurrence, one or more actions are conducted (such as the activation of one or more alarm indicators, and perhaps the generation of email or text messages so that management or remote SCADA operators are informed). In many instances, a SCADA operator may be required to acknowledge the alarm event; this may deactivate certain alarm signs, while others remain active until the alarm circumstances are cleared.
Alarm indicators include a siren, a pop-up box on a screen, or a colored or flashing area on a screen (similar to the “fuel tank empty” light in a car); in each case, the alarm indicator’s purpose is to draw the operator’s attention to the part of the system that is “in alarm” so that the operator can take the appropriate action.
SCADA systems that connect decentralized facilities such as power, oil, and gas pipelines, water distribution, and wastewater collecting systems are open, resilient, and readily operated and repaired, but not necessarily secure. The transition from proprietary technology to more standardized and open solutions, along with an increase in the number of connections between SCADA systems, office networks, and the Internet, has increased their susceptibility to relatively common types of network assaults.
For instance, the United States Computer Emergency Readiness Team (US-CERT) issued a vulnerability advisory warning that unauthenticated users could download sensitive configuration information, including password hashes, from an Inductive Automation Ignition system using a standard attack type that leverages Tomcat Embedded Web server access. Jerry Brown, a security researcher, issued a similar advice concerning a buffer overflow flaw in a Wonderware InBatchClient ActiveX object. Both providers made patches available prior to the public disclosure of a vulnerability. Standard patching techniques and needing VPN access for secure connectivity were recommended as mitigations. As a result, the security of some SCADA-based systems has been called into doubt due to their perceived susceptibility to cyber attacks.
Security researchers are especially concerned about:
- Lack of security and authentication consideration in the design, deployment, and operation of some existing SCADA networks.
- The notion that SCADA systems can achieve security through obscurity by employing specialized protocols and proprietary interfaces.
- The misconception that SCADA networks are safe because they are physically protected.
- The misconception that SCADA networks are secure as they are disconnected from the Internet.
SCADA systems are used to control and monitor physical processes, such as the transmission of electricity, the transit of gas and oil through pipelines, the distribution of water, and the operation of traffic lights, which form the foundation of modern society. The importance of the security of modern SCADA systems derives from the fact that compromise or destruction of these systems would have far-reaching effects on numerous aspects of civilization. For instance, a blackout induced by a compromised electrical SCADA system would result in monetary losses for all consumers receiving power from that source. Uncertain is the effect that security will have on legacy SCADA and new deployments.
There are numerous attack routes against current SCADA systems. One is the risk of unauthorized access to the control software, whether it is human access or changes caused purposefully or unintentionally by virus infections and other software threats present on the control host machine. Another risk is packet access to the network segments that host SCADA devices. In many instances, the control protocol lacks cryptographic security, allowing an attacker to manipulate a SCADA equipment by transmitting orders over the network. In many instances, SCADA users believed that a VPN provided adequate security, ignorant that security can be easily circumvented with physical access to SCADA-related network jacks and switches. Industrial control companies recommend tackling SCADA security in the same manner as Information Security, with a defense-in-depth strategy and common IT practices.
Public health and safety may depend on the reliable operation of SCADA systems in our contemporary infrastructure. As a result, attacks on these systems may pose a direct or indirect risk to public health and safety.
Such an attack has already occurred on the sewage control system of the Maroochy Shire Council in Queensland, Australia. In January 2000, shortly after a contractor installed a SCADA system, system components began to malfunction. Pumps failed to operate as required, and alerts were not reported. Critically, sewage polluted an open surface-water drainage ditch and ran 500 meters to a tidal canal, flooding a local park.
The SCADA system was guiding the opening of sewage valves while the design protocol called for them to remain closed. This was initially assumed to be a system bug. Monitoring the system logs revealed that the failures were caused by cyberattacks.
Before the perpetrator was discovered, investigators documented 46 unique instances of harmful outside influence. An ex-employee of the company that had implemented the SCADA system launched the attacks. The former employee hoped to be hired full-time by the utility to maintain the system.
In April 2008, the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack released a report titled Critical Infrastructures that emphasized the extreme vulnerability of SCADA systems to an electromagnetic pulse (EMP) incident. After testing and analysis, the Commission reached the following conclusion:
“SCADA systems are susceptible to EMP attacks. All of the nation’s vital infrastructures rely heavily on such systems, which poses a systemic threat to their continuing operation in the aftermath of an EMP. In addition, the need to restart, repair, or replace a large number of geographically scattered systems will significantly hinder the nation’s ability to recover from such an attack.”
Numerous vendors of SCADA and control products have developed lines of specialist industrial firewall and VPN solutions for TCP/IP-based SCADA networks as well as external SCADA monitoring and recording equipment to address the hazards posed by illegal access. ISA’s WG4 working group began formalizing SCADA security requirements in 2007. WG4 “deals specifically with the unique technical requirements, measurements, and other features required to evaluate and assure the security resilience and performance of industrial automation and control systems devices.”
The rising interest in SCADA vulnerabilities has led to vulnerability researchers identifying flaws in commercial SCADA software and presenting more generic offensive SCADA approaches to the wider security community. In some cases, the vulnerability of the large installed base of wired and wireless serial communications links in electric and gas utility SCADA systems is addressed by applying bump-in-the-wire devices that employ authentication and Advanced Encryption Standard encryption as opposed to replacing all existing nodes.
To be expanded…
Last Updated on Tuesday, November 28, 2023 by Shayne Jones