Scada Cyber Security- Safeguarding Critical Industrial Systems

What is SCADA cyber security?

SCADA cyber security refers to cybersecurity of Supervisory Control and Data Acquisition systems. These  cyber attacks on SCADA that can not only damage the system itself, but also lead to consequential damages to plant and equipment, as well as cause hardship to people due to contaminated water supplies, or failure of the electrical supply to homes, industries and businesses, or shortages of critical items such as gasoline (that brought the attention of the government to the incident in the wake of the Colonial Pipeline cyber attack).

 

What is a SCADA ?

SCADA is a an acronym for Supervisory Control and Data Acquisition System.

In earlier days SCADA systems were used to have a single overview of a large distributed network of data acquisition and controller units that were spread out over a large geographical area.

For example, a cross country pipeline typically has a large number of places where data is sought to be collected about parameters such as pressure of the fluid at that point in the pipeline, temperature of the fluid at that point and so on. Additionally if the location is a pumping station or a place where multiple pipelines meet then there could be some controls for the pumps, valves and other equipment that routes the fluid through the various pipelines.

These sensors and actuators are connected to Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs) in different architectures, which are then themselves networked to send this data to several local control rooms (which may be unmanned)  and a central control room (which will be manned).

This entire network is referred to as a SCADA. The Supervisory word indicates that the actual control is being carried out by logic that resides inside these remote PLCs and RTUs and the SCADA system gives an overview of what is happening.

 

Are there any other types of SCADA?

These days even a single PLC connected to a PC or similar type of HMI (Human Machine Interface) is being called as SCADA by some vendors. So these SCADA systems, typically consist of a nice graphical interface software, that shows the plant/equipment or pipeline in the form of a graphic display with the values of all the different parameters such as temperature, pressure, flow, etc.

 

Are there different SCADA architectures?

Absolutely. There are several different permutations and combinations of devices, hardware and software that makes a modern SCADA. Bu irrespective of the exact architecture, any SCADA consists of the following three classes of devices and software

1) Graphical User Interface: This GUI software is used with standard computer hardware to display nice graphics of the plant/equipment/pipeline, trends, logs, alarms and other data that is used by the operators.

2) Programmable Logic Controller: A PLC is used to take in inputs from field devices such as sensors and transmitters and relay commands via outputs,  to actuated valves, motors, etc to control the process. Either the same PLC sends this data to the remote PC unit described above or, multiple PLCs may be connected to a single RTU (Remote Terminal Unit) that sends the data to the remote  PC

3) Field Devices: The actual sensors, instruments, transmitters,  actuators, motors, etc., used  to gather data about and control the equipment are known as field devices.

The Threat of SCADA Cyber Attacks

Cyber security is one of the main concerns for many organizations and individuals. Numerous attacks on systems that control critical infrastructure have caused a great deal of concern in recent years. For example, the recent attacks on critical pipeline systems such as one that made the Colonial Pipeline network shut down and the water treatment plant SCADA attack that occurred in Oldsmar, FL have renewed the focus  on SCADA cyber security again.

Note that the SCADA system of Colonial Pipeline was not directly attacked, the SCADA had to be shut down to troubleshoot and isolate the problems in Colonial Pipelines business IT systems. However it could have just as easily been attacked directly.

In the Oldsmar incident, the attackers could modify the dosing pump deliveries to add much higher amounts of chemicals than normal, which could have poisoned the city water supply.

Water supply cyber security

In other recent incidents, attackers could shut down an electrical grid in Ukraine in winter, leading to chaos.

Why are SCADA systems vulnerable to cyber attacks?

This is because most SCADA systems are old ones and developed many years back when computers and mobile phones connected to the internet were not common. The amount of knowledge in the public domain and easily accesible about computers and SCADA  was not so much .Therefore it was not easily available to potential hackers, cyber criminals and other bad actors too. It was certainly not because the systems were robust, basically it was more about “security by obscurity”-if no one knows that you exist, how can you get attacked?

Today the number of people having knowledge and skills in computers, hacking and other areas has increased exponentially. Couple this with the obsequiousness of computers, mobile phones and tablets, that can be used to access anything on the internet. Now combine this with the lack of knowledge of industrial cybersecurity and SCADA cyber security amongst the people that maintain these systems. Also combine this with the emergence of several gangs of criminals that make good money via ransomware attacks, some nation states that encourage attacks on their perceived rivals and the reluctance of SCADA owners and operators to harden their systems-it is perfect recipe for several more attacks.

 

What can you do to protect your SCADA from cyber attacks?

Firstly you should arm yourself with knowledge about SCADA Cyber Security by taking at least one course on the subject. An excellent course that will help you learn everything about SCADA cyber security is the Abhisam Industrial Cybersecurity course    that leads to the CICP (Certified Industrial CYbersecurity Professional designation).

This course includes a lot of modules that explain the various types of steps that you can take, the relevant parts of ISA /IEC 62443 standard that may be useful to you, some advanced ICS Cyber security training  modules ( using tools like SHODAN and MITRE, case studies of actual cyber attacks) and much more.

The course is not just focused on SCADA cyber security only, it covers all types of ICS cyber security such as that for DCS (Distributed Control Systems) , PLCs and SIS (Safety Instrumented Systems).

Developed by experts in the industrial automation and cyber security domains, this is the best course out there.

Armed with this knowledge you can start protecting your SCADA from possible attacks. When you take the associated exam and obtain your certification from Abhisam as a  CICP-Certified Industrial Cybersecurity Professional, you can talk with authority to your bosses and colleagues regarding the subject. This helps you not only get the needed resources from your company (such as an enhanced budget to implement these upgrades), but also position you as a competent person in your professional community.

Since you also earn an electronic badge of Industrial Cybersecurity professional from Abhisam that you can share on LinkedIn, your visibility goes up manifold.