X
Število kibernetskih napadov se je v zadnjem letu podvojilo. Vas zanima, kako se jim lahko izognete? Postanite del naše skupnosti.
In the last year, the number of cyberattacks doubled compared to the year before. Do you want to repel potential threats? Join our community.
  • Skip to primary navigation
  • Skip to main content
  • Skip to footer
Carbonsec – Cybersecurity Consultancy Services Company

Carbonsec - Cybersecurity Consultancy Services Company

Cybersecurity services for businesses to be hackerproof, because it sucks to waste unnecessary time dealing with cyber criminals instead of focusing on business.

  • Services
    • DDoS test
    • Penetration test
    • Red Teaming
    • ICS Security
    • Cybersecurity Consulting
    • Secure Static Code Review
  • Solutions
    • Pentera Automated Penetration Testing Solution
    • Breach and Attack Simulation (BAS)
    • Simulated phishing attacks
    • Free Tools
  • Training
    • Security Awareness Training
    • Security for Developers
    • Purple Team Coaching
  • News
    • News
    • Blog
  • Company
    • About Us
    • Leadership Team
    • Careers
    • Partners
  • Contact
  • SLO
  • Email
  • Facebook
  • LinkedIn

SCADA security – managing risks and vulnerabilities

SCADA security correlates with uninterrupted supply chain of essential goods. It should be as hacker-proof as possible.

17. February, 2022 by Carbonsec Team

SCADA security has become a burning issue in the light of recent cyber attacks.

SCADA and other industrial control systems were considered relatively safe environments until recently. They were installed in air-gapped networks without direct internet access. Nevertheless, the first attack on the SCADA network was carried out in 1982 on Siberian Pipelines. Today, the devices running SCADA systems are connected to other IT systems and can be just as vulnerable as any other internet-connected device.

However, there is a vast difference between devices that run a SCADA system and devices with “regular” systems. SCADA controls critical infrastructure – either in manufacturing companies or at the national level: power plants, supply chains, production of essential goods, etc. Even a brief failure of such a system can have critical consequences for the entire community or even society. Therefore, it is crucial that the cyber security of SCADA systems is as controlled and managed as possible.

Why is SCADA vulnerable?

Notwithstanding the above, industrial control systems are probably the most secured information systems. They are implemented as a separate network protected by a firewall and other safety devices. Why can they still be the target of an attack?

You can imagine an industrial control system network is just like any network that connects to the internet. Much like your company’s IT network is connected to your supplier’s IT network. But the SCADA network is a dead end, which is its advantage.

Risk factors in the SCADA network are system components (PCL, RTU, MTU), which often run on older operating systems, where no upgrades and security updates are available. If the attackers bypass the firewall or other security devices on the perimeter, they can access the system’s core and abuse it. They can shut down the system, change how it works, steal data, etc.

Industrial control systems have seen the increase in commercial components as well as IP connectivity

Cloud has made things different …

The core of modern industrial control systems is IoT which brings SCADA to the cloud. Such deployments raise cyber security issues at installation. They pose security policy issues, information leakage, and make tracking potential attackers much more difficult. Furthermore, installing from the cloud can potentially leave more backdoors open behind than installing “on-premise”. These are all challenges that managers or security officers need to discuss and address accordingly before deciding on a cloud solution. 

It is the backdoors challenge that is very problematic when combining the traditional and cloud SCADA systems. Why? As mentioned above, SCADA runs on old systems that no longer allow for security patches. This is not even a problem as long as this system is closed in its “territory” and isolated from the internet world. However, the moment we connect it to cloud technology, it becomes highly vulnerable and exposed to the same attack vectors as the perimeter of the organization’s information system.

Considering all the above, the appropriate addressing of SCADA security should and probably is high on the priority scale of each operator.

Security management of SCADA systems

As Yadav and Paul state in the article Architecture and security of SCADA systems *, SCADA appears in many vital industries, such as agriculture, chemical industry, transport, civil engineering, healthcare, the research sector, and, of course, the energy sector. The latter includes everything from hydroelectric power plants and nuclear power plants to distribution. Any interruptions in these industries affect the life of an entire country or even a region, so they need to be carefully planned.

The system’s security integrity and smooth operation are crucial for several reasons, such as preventing the company’s financial losses and environmental disasters and protecting our lives.

SCADA systems control transport
SCADA systems monitor and control services that are embedded in our every-day life

The security of the SCADA system should be managed at two levels: in the production environment and the test environment. In the production environment, we constantly check where an attack could occur and the consequent interruption of operation (monitoring of vulnerabilities); in what way the attack could be carried out (what are possible attack vectors), and at the same time with IPS/IDS solutions that protect the system.

We perform actual system testing in a parallel test environment. A digital twin can prove an efficient solution for managing security in a production environment. Digital twins of SCADA systems already exist to monitor and improve the performance of equally configured environments. Architecturally identical systems are connected to the digital twins, which send performance reports to the twins. Based on the collected data, the digital twin can predict complications or deviations from the regular operation and pass the information to the systems where the problem has not yet been encountered. This provides excellent support to operators who can prepare the configuration in advance and avoid disruptions.

Testing with SCADA testbeds

The “twin system” can also be used for penetration testing. Many organizations with SCADA systems already use test or development environments in which they pre-test changes to be implemented in the production environment. Penetration tests are also usually performed in a test environment to prevent service outages.

Testing SCADA systems requires specific expertise and knowledge of system architecture. All possible attack vectors must be identified according to the safety devices installed and the devices in the control system itself. The penetration test requires preparation according to the specifics of the system, industry standards, directives, and recommendations.

SCADA controls energy sector
Our lives depend on energy sector and the security of SCADA systems

An additional specific of testing industrial control systems is that the tests are usually performed in a demo environment. Production environments must function as smoothly as possible; any disruption, let alone intrusion, can have severe consequences for the supply chain of essential life goods or even be life-threatening. Testing of the production environment is usually carried out as white-box testing, where pentesters review the configuration of the network and associated security devices, identify potentially hazardous areas and security holes.

Actual penetration testing is performed in a test environment that resembles the production environment as much as possible. The penetration test findings can be implemented in the production environment with all required precautions. The risks of such changes must be taken into account. If possible, perform these changes and reconfigurations when the system is stopped.

Improving SCADA security 

The goal of the penetration test is not only to determine the condition, but to improve it. A high-quality and professionally prepared report contains recommendations for mitigating vulnerabilities and enhancing the security of the SCADA system. The wish of the ethical hacker is that all the recommendations are taken into account, and the validation pentest is conducted. When all is said and done, the new configuration is ready for transfer to the production environment.

Looking forward to read more on SCADA pentest

* Yadav, G., and Paul, K. (2021): Architecture and security of SCADA systems. International Journal of Critical Infrastructure Protection 34.

Blog,  News pentesting,  SCADA security

Let’s work together

Get in touch with us and send some basic info about your project.

Get Quote

Footer

ABOUT

Cybersecurity services for businesses to be hackerproof, because it sucks to waste time dealing with cyber criminals instead of focusing on business.

  • Email
  • Facebook
  • LinkedIn

CONTACT

CARBONSEC Ltd.
Hacquetova ulica 8
1000 Ljubljana
Slovenia

info@carbonsec.com

QUICK LINKS

  • Join our community.
  • Blog
  • Terms & Conditions
  • Privacy Policy
  • Cookies

SERVICES

  • DDoS test
  • Penetration test
  • Red Teaming
  • ICS Security
  • Cybersecurity Consulting
  • Secure Static Code Review
  • Training

Copyright © 2022 Carbonsec · Created by mod.si

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT