Technology, over the past 50 years, has been able to completely transform how companies perform industrial processes. What started out as a spectacle of human labor is now a marvel of modern technology. Nowadays, almost every industry is susceptible to technological takeover. Many industrial processes, like water waste management and manufacturing have become almost entirely automated due to their high degree of predictable physical work. While convenient, this reliance on technology comes with increased cybersecurity risks, especially when they are connected to the internet. Systems that used to be secure like SCADA and DCS are now just as vulnerable, if not more so, to cyberattacks as the IoT devices of large corporations. This is why SCADA cybersecurity should be a top priority amongst industrial corporations and local governments.
What Is SCADA?
Supervisory Control and Data Acquisition, otherwise known as SCADA, is a software and hardware system that connects industrial controllers to one remotely manageable panel or device. For industrial processes, SCADA systems are incredibly important. In fact, they are solely responsible for communicating with the controllers that run and monitor the actual processes.
These controllers are microcomputers that have been programmed to control the manufacturing and industrial actions of large-scale machinery, such as assembly lines and robotic devices. Two of the more common SCADA-compatible controllers are programmable logic controllers (PLC) and remote terminal units (RTUs). These controllers interact directly with the sensors, HMIs, and end devices that coordinate factory activities. They also collect a large amount of live data, which can be utilized using SCADA.
In communicating with the controllers, the SCADA software gathers information from the industrial objects and machinery directly to a computer. From there, the SCADA system can process, analyze, and deliver live data reports that can help employees make decisions. Operators, those who manage the process, can access this information via a Human Machine Interface (HMI). These often feature graphical displays that showcase the information collected from the SCADA software. It also allows the operators to operate the controllers from a remote location, or wherever the HMIs are positioned.
SCADA systems’ ability to control, monitor, and record industrial processes from a remote location, while efficient, is also what makes them a huge target for bad actors. If a threat actor were to compromise the SCADA software via a targetable endpoint like an HMI, they would be able to have complete control over any and all automated operations. This is why SCADA data breaches are so dangerous, and why cybersecurity in SCADA is so important.
Why Cybersecurity is Integral to SCADA Systems
The more valuable the asset, the more likely it is to be targeted. The extent of SCADA’s operational control is what makes industrial processing so vulnerable to cyberattacks. If just the software is compromised via an HMI or local internet connection, then the plant’s operations could be completely compromised. This is particularly dangerous for facilities that support public goods such as water filtration. A hacker who has taken control of the SCADA in a water plant could potentially alter something like the concentration of chemicals used to treat the water supply. Theoretically, one bad actor could threaten the lives of thousands just by accessing an organization’s SCADA software. Unfortunately, this has already happened.
According to Verizon’s RISK team, a hacktivist group with ties to Syria compromised the Kemuri Water Company’s websiteand gained access to the operation of chemical valves via its SCADA software. Fortunately, they were unable to negatively impact the water, but they tried – twice. Had there been a stronger set of SCADA cybersecurity measures, they may not have gotten so close to poisoning the water. These threats to public safety are similar to the consequences of those of compromised operational technology. In fact, SCADA systems often control OT in addition to just PLCs and RTUs. Which, once again, emphasizes the necessity of cybersecurity in SCADA.
SCADA Cybersecurity Threats
Based on the potentially life-threatening consequences of poor SCADA security, you would think these systems are relatively well-guarded. Unfortunately, like automotive cybersecurity, these systems have only recently had to combat the threats of bad actors in significant quantities.
Internet Exposure
Technology always comes at a price. By connecting SCADA and ICS systems to the internet, companies have gained improved accessibility and efficiency at the cost of insecure backdoor connections. Just like in the case of Kemuri Water, malicious parties can take advantage of any internet access point.
Standardized Protocols
Many software developers will try to ‘standardize’ their SCADA systems to increase overall compatibility and synergy between controllers and SCADA. This standardization can often result in the public release of documents and information regarding their configuration settings. If a motivated threat actor were able to get their hands on this information, they could gain access to SCADA control just by sitting near the RTU site. With an RTU ‘test set’ and compatible radio, the threat actor could sit near the facility and send control commands as if they were coming from the central SCADA system.
Given the importance of SCADA cybersecurity, industrial organizations should consider employing the knowledge, skills, and resources of proven cybersecurity professionals. If you are looking to secure the safety of your plant operations and consumers, the assistance of a third-party cybersecurity firm may prove incredibly necessary, especially if you have no prior SCADA security experience.
“Anas Chbib is the Founder and CEO of AGT – Advanced German Technology, a leading cybersecurity firm. He’s worked with corporations, government agencies, law enforcement, and intelligence services across the globe combatting emerging cybersecurity threats and is a consultant at the largest Digital Forensics Lab in the EMEA region. In 2020 AGT was acknowledged with an MEA Business Award and as the Cyber Security Training Consultancy of the Year.
Anas holds a Business Administration and Computer Science degree from the University of Cologne.”
