9204

Where Can Vulnerabilities Be Found in SCADA Systems?

Morgana Siggins
Morgana Siggins
Monitoring Specialist

Supervisory Control and Data Acquisition systems, also known as SCADA systems, can be located at the heart of industrial processes in many different industries. Since SCADA systems allow for managing and control of critical equipment and processes, weaknesses that are not addressed can cause devastating consequences.

As a trusted SCADA solutions provider, we know how important it is to our clients to make sure that their system is properly protected. In order to help you as well, we'll take a look at some of the most common vulnerabilities that can be found in SCADA systems and how you can solve them.

Refreshing: What Are SCADA Systems?

If you don't work with SCADA yet, then it's important for you to start at the beginning. Getting to know the elements of SCADA systems and their roles will allow you to see where vulnerabilities are likely to exist.

SCADA systems are Industrial Control Systems (ICS) that gather information from equipment and industrial processes and provide supervisory-level control over them. These devices and processes are usually located over a wide geographical area.

These systems are based on the manager-slave structure. Meaning you will have a central master station and slave devices. These slave devices can be Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs).

Both PLCs and RTUs are deployed at the sites where the processes happen and where the equipment is located. They have sensors that will receive commands from and send information to the master station.

This gathered information will help you and your network technicians to make informed decisions based on real-time data. That's where the master station comes into play.

Also called Human Machine Interfaces (HMIs), central master stations will present to you the multiple functions and information collected from your sites by PLCs and RTUs. This will allow you to have an understandable display to review and control.

Because they have many functions, SCADA systems can be found in many different settings and industries. Some of them are:

SCADA can bring many benefits to many organizations, however, its vulnerabilities and potential threats are a problem for network technicians. Not only these issues can affect your bottom line, but they can also affect end users.

where SCADA is used
SCADA networks are used in many different industries, such as water/sewage, power, manufacturing and mass transit.

Finding Possible Threats in SCADA Systems

Finding where SCADA vulnerabilities can exist helps technicians to evaluate which mitigation methods will be better suited to prevent and neutralize attacks. This can be better said than done since SCADA comprehends multiple devices, sensors, and software - which only means more to keep in mind and protect.

Here are the main elements where threats can be found in:

HMI Master Station

HMIs offer you an interface to manage and control your multiple devices and processes. They help you make informed decisions that can also be carried on through this display.

Because of its capabilities and functions within the SCADA system, HMIs are an ideal target for malicious people that are trying to take over the control over your processes and to steal critical information.

SCADA HMI
A SCADA HMI, also referred to as a SCADA Master, can provide a number of helpful extensions for network alarm management. RTU data can be filtered, analyzed and monitored against operational standards. Out-of-range data can generate alerts to operators or maintenance personnel as required.

Web Interfaces

Many SCADA systems nowadays give technicians the option to access the monitoring system through web interfaces. They allow you to remotely connect to your system through the internet to help you control your PLCs and RTUs.

This can represent a big threat, though. Hacking applications through the internet is a common issue because computers (and phones) are riddled with vulnerabilities and networks that are easily penetrated. The internet is the first place where hackers go, simply because anyone can access it.

If they a find a breach in your system, hackers can steal your sensitive information, take control over your industrial processes, or even lead your techs to make wrong decisions that will negatively impact your network.

Communication Protocols

Protocols such as SNMP, DNP3, and Modbus are the mechanism responsible for the communication between your SCADA devices. In other words, a protocol is a language your devices will use to talk to each other.

It's important to keep in mind, though, that some protocols lack in terms of security features to defend your SCADA system from malicious intents. Hackers can take advantage of vulnerabilities in communication protocols to harm your systems by stealing or modifying the information sent from your RTUs or intentionally causing the malfunction of equipment.

Other SCADA Elements

There are other elements in place to help individual SCADA components to stay connected, active and working in real-time, such as individual sensors.

Some of these elements might not be well equipped to deal with threats surrounding many different companies. And that's because many of these components are not used for SCADA systems alone, instead, they are also part of other technologies and systems.

The Impact of SCADA Vulnerabilities

There have been many previous attacks against industrial facilities that have brought to light the impacts of vulnerabilities on SCADA systems.

The most well-known attack was done by the Stuxnet malware in 2010. It was a true wake-up call because it was the first known threat to specifically target SCADA systems with the intent to control networks.

In 2016, another malware known as CRASHOVERRIDE - or Industroyer - was the first malware designed to attack electric grids, causing power outages in Ukraine.

In 2018, the City of Atlanta and the Colorado Department of Transportation were hit with ransomware called SamSam. It caused outages, loss of important data, and also loss of money through extortion.

Cyberattacks like those continue to happen to this day. In fact, the interest in SCADA systems and industrial equipment is becoming more common as more remote monitoring systems can be found online. Also, the potential extortion through threatening organizations with downtime causes the curiosity in many hackers.

What raises the urgency of fixing vulnerabilities in SCADA systems, even more, is the possible success of future cyberattacks with worse consequences than what has happened in the past. The impact of these attacks can include:

These are impacts relatively easy to be caused by cybercriminal groups for whatever motivation and have to be avoided by organizations and government agencies.

How to Defend Your SCADA Against Attacks

Fortunately, most of the weak points that we talked about before have already been addressed by many vendors.

At the end of the day, the battle against SCADA attacks means that you need to always be on the watch for new vulnerabilities and address them as soon as possible. Aside from managing potential threats, you should also maintain security measures that will be able to defend your system against cyber attacks - especially if you work with critical services, such as public safety communications and energy.

There are some best practices that organizations can put into place in order to secure their systems. They are:

Implement the security features provided by your devices

Many older SCADA systems have little to no security features. If that's your case, it's important to check with your vendor for firmware upgrades that will provide security features. Newer SCADA devices are shipped with basic security features, which are usually disabled to ensure an easier installation process.

Before buying your system, make sure to determine whether security features are present. Also, set all security features to provide the maximum level of protection possible.

Implement internal and external intrusion detection systems with 24x7 monitoring

In order to be able to effectively respond to cyberattacks, it's critical to have an intrusion strategy planned. This way your network technicians will be notified about malicious activity coming from internal or external sources.

An intrusion detection system monitoring is essential 24x7. Alerts can be easily sent out via email or text messages. Also, incident response procedures must be in place to allow an efficient response to any security breach.

Make sure your SCADA system allows you to log all daily activities.

Manage authorizations and user accounts

Constantly monitoring and managing who has authorized and access to certain capabilities of your SCADA system can help reduce open doors to both cyber and physical threats.

Identify all connections to your SCADA system

Conduct a thorough risk analysis to evaluate the risk and necessity of each connection to your SCADA network. Take a look at how well these connections are protected. Identify and assess the following types of connections:

Knowing all points of data entry and exit is critical to identifying all potential access points for malware and hacks.

Use appropriate security measures between the SCADA network and the corporate network

Even though safety in all your company's networks are important and should be equally protected, a good practice is to isolate the SCADA network from other network connections as much as possible. Any connection to another network introduces security risks.

Even though direct connections with other networks usually allow important information to be passed efficiently and conveniently, insecure or unprotected connections are simply not worth the risk. Isolation of your SCADA system must be an important goal to provide needed protection.

Don't rely on proprietary protocols to protect your system

Some SCADA systems use proprietary protocols for communication between RTUs and master station. However, often the security of your systems is based uniquely on how secure your protocols are. The bad news is proprietary protocols don't provide much of a "real" security.

So, don't depend on proprietary protocols or factory default configuration settings to protect your network. Also, make sure your vendor disclose any backdoor or vendor interface to your SCADA systems and expect them to provide a system that is capable of being fully secured.

Have system backups and disaster recovery plans

Come up with a disaster recovery plan that allows for quick recovery from any emergency (including but not only cyberattacks). System backups are an important part of any plan and make a rapid reconstruction of the network possible.

Remember to make sure your personnel is familiar with your plan so they know which actions should be taken during a cybersecurity incident.

What To Do Next?

It takes a carefully designed combination of security policies and effective controls to properly secure your SCADA system. However, you can't defend your system if you don't have capable devices.

Your devices should be equipped to give you the best security features possible and to meet all your network needs. Most of the time, an off-the-shelf device will not be able to provide you with both. You need a perfect-fit solution.

SCADA manufacturer
Manufacturers who build RTUs and other monitoring gear themselves can make changes for you if needed.

That's what we have been doing for the last 30 years. We custom design devices that will attend all your specific requirements, while also making sure we can give you the highest level of security possible. If you would like to know more about how you fully protect your SCADA system without losing capabilities, just talk to us - we can help you.

Learn More

DPS is here to help.

1-800-693-0351

Have a specific question? Ask our team of expert engineers and get a specific answer!

Ask an Expert DPS Telecom Get a Fast Answer!

Click here for more information.

Get the Alarm Fundamentals White Paper

Download our free Monitoring Fundamentals Tutorial.

An introduction to Monitoring Fundamentals strictly from the perspective of telecom network alarm management.

Download Alarm Fundamentals White Paper Download White Paper

Click here for more information.

Learn the Easy Way

Sign up for the next DPS Factory Training!

DPS Factory Training

Whether you're new to our equipment or you've used it for years, DPS factory training is the best way to get more from your monitoring.

Reserve Your Seat Today

Click here for more information.

Having trouble finding the perfect solution?

Get Help

No other network on the planet is exactly like yours. We manufacture hundreds of product variations per year that are customized to our clients' exact spec, all while providing training, tech support, and upgrade availability.

Send us a quick online message about what you're trying to accomplish. We'll give you a call and work with you to design a perfect-fit solution for your network.

Hours: Monday - Friday
7:00 a.m. - 6:00 p.m. PST
Tech Support: (559) 454-1600 / support@dpstele.com
Sales: Domestic: (800) 693-0351
International: 1+ (559) 454-1600