Supervisory control and data acquisition (SCADA) is system software and elements of hardware used by industrial organizations such a fabrication, manufacturing, production and development to perform several functions (1). The functions performed by the software are those that are related to process control. The software monitors gather and process data in real time. It is also used in controlling the processes in the industry either locally or remotely. The functions of the software, however, depend on the industry that is used. In oil and gas, it is used to monitor the production process as well as pumping and storage. It also monitors and controls the pipeline and petrochemical stations. The software is also used in transmitting and distributing power.
SCADA Vulnerabilities
Because the systems are used in critical sectors, it is vulnerable and attracts threats from different actors. In the past, these threats were minimal because the systems were independent and they were controlled by the vendor (2). Additionally, the systems were not connected to any other network, and the network protocol was proprietary thereby limiting the number of people who could access the systems. People such as hackers and developers are the one who knew of SCADA and its installations. Things have however changed because the systems are distributed widely and are connected to other networks which increases vulnerability (3). The other factor that has contributed to system vulnerability is the availability of an internet connection. The systems depend on the open protocol to access the internet which makes it easier for cyber attackers to have access to the system. The risks of an attack on the network are no longer targeted on acquisition but rather on the presentation layer.
Possible Risks
One of the risks of the SCADA system is unauthorized access which may be made by a human being intentionally or a virus infection. Since the system is used to gather, process and store information, a person may maliciously gain access to the system and obtain the data which is crucial to the company (4). For the virus infection, a malicious software multiplies and attacks the software thereby affecting its nom way of functioning. The risk of a virus attack on the system is costly to the company because they can destroy data thus rendering the system useless. If the company depends entirely on the software to monitor, gather and process the data then it will not have any data if the virus attacks the software.
The second SCADA risk is packet access on the network where the software is hosted. This mainly occurs if the system protocol does not have cryptographic security which protects the data stored in the system from unauthorized access. It is necessary to evaluate the authentication of the system as well as the design of the protocols. The system has lately been threatened by cyber-attacks hence the rising need to assess whether it is worth for a company.
Security Risks
SCADA security describes the process of protecting the networks which comprise of the software and the computer hardware that are integrated to monitor and perform various functions in industries (5). One of the security issues associated with the SCADA system is the threat of malware which includes viruses which affect infrastructure productivity (6). The second security risk is the hackers who access the network to get information that they will use for terrorist attacks. A hacker had access to the command of the SCADA system that controls the floodgates of Roosevelt Dam. This shows why there is increased concern on system security because unauthorized access can lead to massive damage which could not have taken place if carried out physically. The SCADA system also faces a security risk from the error caused by human beings. Employees are a common source of SCADA network issues. This may be as a result of inadequate training on how to handle the system. Apart from inadequate training, the system has other weaknesses such as loopholes in the development of the app.
The second issue is the inability to detect the problem before hackers access the system (7). This system can be more secure if one can monitor the performance and ensure that it is operating all the time correctly. Lack of maintenance is another issue that renders the system insecure hence the need to update the software frequently. During the updating process, functionality and security can be improved. Also, the bugs that exist in the software that occur during the programming can be dealt with when updating the system.
Consequences for a Company That Plans To Implement A SCADA System
A company that plans to implement SCADA system should be aware that cyber threats are on the rise and strategize on how they can handle any cases of risks that are likely to arise (8). One of the consequences that they are likely to face is system failure or breaches which will affect their returns (9). In the case of the system failure in the pipeline, for example, the consequences will not only be felt by the company but also the community and the country. The second consequence that a company aspiring to use the SCADA system may face is the loss of data especially when there is a virus attack. This will is likely to negatively impact the company especially if they did not have a backup of the data.
Cited References
Boyer SA. SCADA supervisory control and data acquisition. The Instrumentation, Systems and Automation Society, 2018.
Cárdenas AA., Saurabh A, Zong-Syun L, Yu-Lun H, Chi-Yen H, Shankar S. “Attacks against process control systems: risk assessment, detection, and response.” In Proceedings of the 6th ACM symposium on information, computer and communications security, pp. 355-366. ACM, 2011.
Fernandez, JD, Andres EF. “SCADA systems: vulnerabilities and remediation.” Journal of Computing Sciences in Colleges 20, no. 4 (2005): 160-168.
Igure VM, Sean AL, Ronald DW. “Security issues in SCADA networks.” computers & security25, no. 7 (2006): 498-506.
Kilman D, Jason S. “Framework for SCADA security policy.” Sandia National Laboratories report SAND2005-1002C (2005).
Macaulay T, Bryan LS. Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach Publications, 2016.
Zhivich M, Robert K. Cunningham. “The real cost of software errors.” IEEE Security & Privacy 7, no. 2 (2009): 87-90.