What is SCADA?

A Supervisory Control and Data Acquisition (SCADA) system is an automated control system which is used primarily in Critical Infrastructure.  This includes such areas as:

*Energy;

*Gas and Oil;

*Water;

*The Electricity Grid;

*Nuclear Facilities;

*Power Plants;

*Food and Agricultural Processors.

Because of the gravity of these applications, a SCADA System will be on the target list for the Cyberattacker.  For example, multiple cities across the United States can be impacted, with multiple outages occurring at gas stations, electrical power plants, water supply lines, etc.  In other words, our lives will come to a complete halt. 

The Security Issues of SCADA

Here is why SCADA Systems are so vulnerable:

*Outdated Technologies:

Many of the SCADA Systems that are in use today have been deployed several years ago.  Back then, Cybersecurity was barely an issue, so more consideration was given to physical security controls.  The major concern now is that the SCADA system will be used as a point of entry to launch an attack on a Critical Infrastructure.

*Open Visibility:

Because SCADA Systems were deployed so long ago, the actual physical layout as to where they would reside within a business was not taken into consideration.  As a result of this, many systems are in open, and because of that, there are greater chances of an Insider Attack. There is a growing awareness in this aspect, and businesses that make use of SCADA are trying to put advanced physical controls in place to protect it.  But the main problem is that these newer technologies have to be added onto the existing legacy security system which is in place.  There can be interoperability issues with this, thus creating more gaps and weaknesses in an already fragile environment.

*Network Integration:

SCADA Systems were designed to operate by themselves, meaning any future integration into other technologies was not even considered.  With the advent of the Internet of Things (IoT), everything is now interconnected with each other, even the SCADA systems . Once again, there are interoperability issues that are coming out, and this increased interlinking is also expanding the attack surface for the Cyberattacker.

In fact, people are now just starting to understand the magnitude of the above-mentioned threats, as exemplified by a recent survey that was conducted by Forrester.  Here is what was discovered:

*6/10 of respondents that use a SCADA System have experienced some sort of security breach;

*Risks posed by external third parties are a huge fear now.  For example, 6/10 businesses give high level access to their vendors and/or suppliers;

*75% of the respondents are very concerned with the Cyberthreats that are posed by Malware;

*70% of the businesses polled are just as much or even more concerned about Insider Attacks, and the leakage of confidential information and data;

*They are also other fears of what the impacts of a SCADA security breach could bring.  For example:

*63% of the respondents are worried about the repercussions on employees;

*58% of those polled are gravely concerned that their bottom line will be seriously impacted;

*63% are worried about downtime, and the time it would take to recover.

(SOURCE:  https://www.fortinet.com/demand/gated/WP-Independent-Study-Pinpoints-Significant-Scada-ICS-Cybersecurity-Risks.html?utm_source=blog&utm_campaign=2018-q2-forrester-report-ot).

In fact, just recently, one of the customers of Schneider Electric experienced a Cyberattack on their SCADA System.  In this instance, the Cyberattacker(s) took complete advantage of a vulnerability within the firmware that was used, and from there was able to launch a zero-day privilege escalation attack.  This allowed them to gain control of the entire emergency shutdown process.  More details about it can be found here

Another example of a Cyberattack on a SCADA System took place in December 2015, in the Ukraine.  230,000 people were left without electrical power for hours on end, which totally disrupted all forms of normal activity in just a matter of minutes.  Also, a year after this Cyberattack occurred, the Pivichna substation near Kiev was also breached.  This caused another power blackout for an extended period of time.

Other attacks on SCADA Systems include the following:

*In March of 2018, a Cyberattack disrupted the power lines that fed into the natural gas pipelines all across the United States;

*In June of 2016, Malware was discovered on the IT/Network Infrastructure of a major energy company based in Europe.  This led to covert backdoors being created in the SCADA System with the end result being that entire European Energy Grid could have been shut down;

*In March of 2016, it was discovered that the Command and Control system of the water dam based out of Rye Brook, NY was impacted.  This was simply done by breaching the SCADA System with normal, everyday Smartphones.

How To Address the Security Issues of a SCADA System

*Correctly ascertain all of the connections to the SCADA System.  This is like conducting a Risk Assessment for an IT/Network Infrastructure.

*Based on the above, if there are any connections that are deemed to be unnecessary, disconnect them all at once.  This is like disabling service ports when they are not being used.

*For the connections that are remaining, make sure that they are hardened to the greatest extent possible.

*Although SCADA Systems have been built with proprietary technologies that are not designed to co mingle with others, do not further implement any proprietary protocols.  It is crucial at this point everything works together.

*If possible, run a Penetration Test or even a Threat Hunting Test to see if there are any hidden backdoors in the system.  Remember, the Cyberattacker of today is looking for these all the time as an easy and covert way to get entry.

*It is important to deploy Firewalls, Network Intrusion Devices, and Routers, etc.  surrounding the SCADA System so that you can be notified, in real time of any potential security breaches that may be happening. Also, make use of a 24 X 7 X 365 Incident Monitoring tool.

*On a regular basis, conduct risk assessments and audits to all internal and remote devices that are connected to the SCADA System.

*Like a Penetration Test, formulate a “Red Team” so that you can tear down the walls of defense to ascertain where all known and unknown vulnerabilities and gaps lie at.  From there, then it is absolutely crucial that these are remedied as quickly as possible.

*Again, just as you would for your IT/Network Infrastructure, it is important to define to roles and responsibilities as to whom will actually “protect” the SCADA System.  For example, this will include those individuals that are responsible for downloading and deploying the security patches and upgrades, responding to a Cyberattack that is targeted towards it, and bringing the system back up and running after the threat vector has been mitigated.

*Create, deploy, and strictly enforce a data backup policy, as a well as an Incident Response/ Disaster Recovery (IR/DR) Plan, and make sure that these are practiced on a routine basis.  For example, data should be backed up on a daily basis (perhaps even every few hours), and the IR/DR Plan should be rehearsed on a quarterly basis.