Critical Threats to SCADA Security
SCADA security must be an obsessive focus for all utilities, especially those in the power sector. SCADA (Supervisory Control and Data Acquisition) is a type of Industrial Control System (ICS) that is typically used by electric utilities to monitor high voltage transmission systems, and because it interfaces with other organizational systems, it could serve as a backdoor entry point for a terrorist group or some other malicious entity.
How SCADA Security Could Become Compromised
SCADA, and ICS in general, are known to be prime targets for system hacking, and internet connectivity is the main vulnerability.
Due to the connectiveness of SCADA with other internal and even external systems, it is easier than it used to be for a malicious actor to gain backdoor access. In previous decades, ICS and SCADA were limited to the plant, but now the connectivity of these systems with other systems over internet networks increases the risk of an attack exponentially.
According to the Infosec Institute, there are multiple risks to ICS / SCADA security, including but not limited to:
- Malware, which can contaminate internal networks and systems via email attachments, removable computer media like thumb drives and CDs, and similar entry points.
- Insider attacks by employees, which can be either intentional or unintentional.
- Denial of service (DoS) attacks on internal networks, which can disrupt the real-time communication between systems.
- Third-party threats, i.e., risks associated with the outsourcing of system operations or support functions.
- Technical failures such as a system crash or runtime error, which can reduce protective barriers and temporarily open the backdoor to those who seek entry.
- Terrorism, especially against power grids and nuclear power plants.
Obviously, these risks are very real, and very dangerous. They could lead to unauthorized remote access to internal systems, physical damage, and even large-scale power outages. There is little doubt that ICS & SCADA security must be taken extremely seriously, and should be one of the cornerstones of any utility emergency preparedness effort.