SCADA Cyber Security Threats and Countermeasures: Ultimate Checklist

SCADA systems adoption is growing at an annual growth rate of 6.6%. It is, therefore, essential for organisations to understand potential SCADA cyber security threats, as well as the best practices to implement to their business. Which is why we at ELEKS have compiled a guide on threats to recognise, and the SCADA cybersecurity best practices to implement.

Supervisory Control and Data Acquisition (SCADA) is a system of software and hardware elements allowing industrial organisations to gather and monitor real-time data. SCADA can also control industrial processes (locally or remotely), record events into a log file and directly network with devices like valves, motors, pumps, and sensors. SCADA systems often manage Industrial Control Systems (ICS).

Industrial Control Systems (ICS) are typically used in such industries as electric power, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods). SCADA systems are often found in the industrial control sectors and are generally applied to manage dispersed assets using centralised data acquisition and supervisory control.

SCADA provides revolutionary data for organisations. For instance, a SCADA system can quickly notify an operator if a batch or product is showing an unusually high number of errors. This notification of an error allows the operator to resolve the issues and prevent further problems and loss of the product.

Such SCADA systems are essential for industrial organisations. They help maintain efficiency, communicate system issues so that it can help alleviate downtime, and the real-time data it produces can be used to formulate smarter decisions.

Industry Control Systems have become widely used in the manufacturing industry, and Transparency Market Research predicts the global ICS market will grow from $58 billion in 2014 to a huge $81 billion by 2021. In the same vein, SCADA systems are growing at an annual growth rate of 6.6%.

Due to this increase in demand and use of SCADA and ICS, it is crucial to have the best SCADA cyber security measures in place, especially since a large number of government agencies and organisations have encountered significant security challenges. Such issues include providing new technologies and partners with a high level of access into an organisation’s systems, introducing the potential for outside hackers who can infiltrate their control systems.

The data clearly shows that industrial control systems continue to be soft targets for adversaries. According to CyberX 2019 Global ICS & IIoT Risk Report:

• 40% of industrial sites have at least one direct connection to the public internet
• 53% of sites have obsolete Windows systems such as Windows XP
• 69% of sites have plain-text passwords traversing their ICS networks
• 57% of sites aren’t running anti-virus protections that update signatures automatically
• 16% of sites have at least one Wireless Access Point
• 84% of industrial sites have at least one remotely accessible device

NIST Special Publication 800–82 Guide to Industrial Control Systems (ICS) Security states that possible incidents an ICS may face include the following:

• 
  

  Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation. Unauthorised changes to instructions, commands, or alarm thresholds, which could damage, disable, or shut down equipment, create environmental impacts, and endanger human life.

• Inaccurate information sent to system operators, either to disguise unauthorised changes or to cause the operators to initiate inappropriate actions, which could have various adverse effects.
• ICS software or configuration settings modified, or ICS software infected with malware, which could have multiple negative effects.
• Interference with the operation of equipment protection systems, which could endanger costly and difficult-to-replace equipment.
• Interference with the operation of safety systems, which could endanger human life.

Control systems can face threats from numerous sources, including hostile governments, terrorist groups, disgruntled employees, malicious intruders, accidents and natural disasters as well as malicious or accidental actions coming from insiders. It’s crucial for businesses to keep the following threats and vulnerabilities in mind:

1. Hackers. The usual suspects behind cyber-crime, hackers can be malevolent individuals or groups intent to gain access to your business’s systems so that they can gather sensitive data. Hackers can hold sensitive data for ransom, or they may wish to disrupt business operations. Hackers can also be part of a government’s plan for political cyber warfare.
2. Security-unaware employees. Employees can cause unintentional human errors. Poor training or carelessness from an employee are the usual culprits. Poor and limited training can increase the weaknesses of your SCADA cybersecurity.
3. Malware. Typically, malware is not used to harm SCADA systems, but it still possesses the ability to cause harm to a business’s infrastructure through spyware and viruses. Teach employees not to click unsafe web pages and not to open any unusual emails.
4. Lack of software and hardware maintenance. Software and hardware become outdated, so it is imperative for businesses to update their systems periodically. Not only does this improve the functionality of SCADA systems, but it also advances SCADA security.

How to build a robust SCADA cyber security strategy — un ultimate checklist

The baseline security strategy to be employed to industrial control networks include the following essential steps:

1. Map all of your current systems. Document everywhere your system connects to on the internet and internal networks. Knowing all points of entry and exist makes identifying potential access points for security threats much easier to monitor. Pieces of hardware, firmware, software, and apps also need to be included in this map, as well as anyone who has access to your business’s systems.
2. Implement monitoring and detection systems. SCADA networks without monitoring and detection systems in place are vulnerable to cyber-attacks and malware. Consider using SCADA security services such as security monitoring so that any potential attacks are detected and addressed as quickly as possible, limiting the amount of damage done.
3. Have network security protocols. Security needs constant attention and tweaks. You cannot put up a firewall and expect it to last for years on end. Implement constant security checks, create security reports and have standard protocols in place for employees to abide by. Risk assessments should be conducted on an ongoing basis, with security measures adapted at an ever-changing rate.

To sum everything up, here’s a checklist to help you develop and implement a comprehensive and robust protection strategy:

• Harden the perimeter –prevent unauthorised access or changes to your system and its components, remove unnecessary features and functions and patch the vulnerabilities you are aware of.
• Restrict logical and physical access to the ICS network and oversee any network activity to detect any security events and incidents.
• Monitor remote access solutions to prevent malware and inappropriate network traffic.
• Implement security controls such as intrusion detection software, antivirus software and file integrity checking software, where technically feasible, to prevent, deter, detect, and mitigate the introduction, exposure, and propagation of malicious software to, within, and from the ICS.
• Ensure that critical components are redundant and are on redundant networks.

“Its also crucial to perform gap assessment according to the industry regulations including NERC CIP, NIST 800–82 and ISA/IEC 62443”, says Iurii Garasym, the Director of Corporate Security at ELEKS. “To do this properly, consider enlisting help with SCADA security compliance. Engage a dedicated SCADA security team to help you prepare an in-depth defence plan and employ a smart, secure architecture. Be sure to evaluate and constantly monitor the weaknesses in the overall network performing risk assessment, security testing, penetration testing, threat hunting and vulnerability scanning.”

Every company needs to keep their SCADA security in check. Cyber-attacks can be the end to many companies, which is why we understand the importance of implementing SCADA security best practices to your business model.

Contact us for a review of your enterprise’s SCADA security. We endeavour to guide you towards up-to-code SCADA systems.

Originally published at eleks.com on November 29, 2018.