SCADA (Supervisory Control and Data Acquisition) is not a specific technology, but rather a type of application that receives operating data about a system to control and optimise it.

The SCADA concept can be applied to a gamut of systems, which can range from tens to thousands of control loops depending on the application — be it a milling machine, a pipeline compressor, an HVAC (heating, ventilation and air conditioning) system or just about anything else.

However, it is also at the core of many critical infrastructure operations, such as power generation and electricity distribution, as well as water treatment and supply. It can also control primary systems in a manufacturing or logistics organisation. That is what makes SCADA systems such an attractive target for cyber criminals.

Increasingly connected

There is often a misconception that SCADA networks are secure because they are physically isolated or because they are disconnected from the internet.

This might have been the case many years ago when SCADA systems were secluded from other computer systems and designed to control and monitor industrial processes using proprietary serial protocols. However, these days, SCADA systems are increasingly connected to corporate networks and the internet — making them vulnerable to the same types of attacks we would usually see with IT security.

The Internet of Things (IoT) phenomenon has accelerated technology and forms an important capability in the management of systems that have traditionally been considered the domain of SCADA. Practitioners are now finding that by applying IoT on top of SCADA systems, there are options to enhance process control, thereby enabling a new generation of solutions.

Because SCADA plays such a central role in the control and monitoring of vital infrastructure and commercial processing plants, security is crucial. Compromise or destruction of these systems would disrupt production or could impact multiple areas of society and have far-reaching consequences. A disruption in manufacturing can have a ripple effect across multiple businesses from raw materials and parts to the supply chain and consumer. Equally, a blackout caused by a compromised electrical SCADA system could affect all the customers that receive electricity from that source.

One of the main threats to a modern SCADA system is unauthorised access to the control software. This could be physical human access or through software threats such as a virus infection. Packet access to the different network segments hosting SCADA devices is also another significant threat. In many cases, a lack of control protocol security means attackers could gain access to and control devices by sending commands over a network.

Access control and network monitoring

To protect systems, SCADA security should be approached in much the same way you would approach any other form of IT security.

Access control or authentication in SCADA networks and systems is vital, with privileged account management and control over third-party access playing a pivotal role in the overall security solution.

Most breaches involve compromised privileged credentials and bad actors gaining unlimited access to critical systems and data, which can have a major impact on security and compliance. Privileged Access Management (PAM) solutions such as those from One Identity enable the user to provide the full credential when necessary or limit access for least-privileged access — providing controlled access to systems for administration and programming.

Controlling third-party access is also essential for threat and vulnerability management, the protection of IoT devices and enabling safe remote access to critical environments. SCADAfence’s OT Remote Access Security is a solution that provides full visibility into remote access connections and allows security teams to track and detect unusual or malicious user activities.

Monitoring also plays a big part in securing SCADA systems — particularly for organisations that are adopting advanced IoT technologies. Non-intrusive, continuous network monitoring solutions such as the SCADAfence Platform provide visibility of security vulnerabilities and events that need to be addressed, helping to improve risk management and compliance reporting.

At Burning Tree, we help our customers to assess their security through the Capability Maturity Model and define recommendations for improvement using benchmarking. This allows us to establish a programme of work to improve security. If you would like to know more about how we can help strengthen your SCADA system’s security, please contact us today.