Over the years, we have seen a large scale increase in attacks on enterprise networks and so have the advancement in technology that helps thwart these attacks. But what about SCADA networks. Are they being targeted? Have the attacks increased or become sophisticated? Are there similar technological advancements that help secure SCADA systems? In this part of the article series, we will look at some of the primary security concerns and challenges faced by the SCADA network/system administrators and how to address them.
Let’s first understand some of the fundamentals of a SCADA system. A Supervisory Control and Data Acquisition system is used to monitor and control dispersed assets that run some of the critical infrastructure such as electric, water, oil and natural gas. The SCADA servers communicate with the Remote Terminal Units (RTU) / Programmable Logic Controllers (PLC) at the remote sites, which controls the operation of industrial equipments.
Earlier, SCADA networks were completely isolated and used proprietary control protocols running on specialized hardware and software. Since then, TCP/IP based systems have made its way into the SCADA environment. The use of new IT systems provides better connectivity across the SCADA network and remote access capabilities.
Security Concerns
Although this modernization has brought in improvements, it has also led to certain security concerns for the organizations managing the SCADA network. Some of these concerns include:
- Running proprietary software and communication protocol on TCP/IP based systems
- Maintaining isolation of the network although interconnected by Internet based technologies
- Ensuring high performance and reliability along with cyber security measures
Although the specialized hardware has been updated with the new TCP/IP based systems, most of the SCADA applications used for monitoring and control are still proprietary. This requires that the applications be installed and tested thoroughly on newer hardware and OS and identify the best configuration to run these applications.
Since the newer SCADA systems are interconnected with corporate networks, maintaining isolation is very important. This necessitates the design of a secure network architecture that provides the required isolation from the enterprise network without affecting the access to field devices.
As with any IT system, vulnerabilities are discovered over time and vendors keep coming up with new patches to address the vulnerabilities. Even though these patches are tested on normal IT systems, most vendors cannot determine the effect of these patches on IT systems running SCADA applications. Since availability and reliability are very essential to SCADA systems, it raises concerns for the SCADA system administrators to apply the patches. But at the same time, the IT systems cannot be left unpatched, as the cost of not updating could be much more significant. Hence, it is important for the administrators to test out the patches and identify any potential conflicts and resolve those using workarounds.
Managing Risks and Updates in a SCADA network
We are well aware of the benefits of the growth in technology. But can all of this technology be applicable in a SCADA network. Let’s look at some of the challenges presented by the SCADA systems and how it limits the use of new technologies.
First of all, any new technology has to address the aspect of not affecting the performance or reliability of the SCADA system as any disruption could cause significant damage both in terms of human safety and monetary value.
Secondly, the risk management strategy used in enterprise networks will not be as such applicable for the reason that the primary objectives of risk management in SCADA networks are very different. While we focus on vulnerability management and access controls in enterprise networks, maintaining functionality and productivity are the main objectives in SCADA networks.
The two significant enhancements in security mechanisms in recent years have been in encryption and logging. But since the SCADA applications have not kept up to that growth, it limits the use of such advancements on SCADA systems. Hence additional systems/tools may be needed to establish the required technical controls on the network. As for the use of encryption, it is important to ensure that it does not introduce any latency issues, as it may affect the operational performance of the system.
Another significant challenge is update management. Earlier we talked about updating the systems without causing any disruption. But as we all know several patches actually require closing all applications running on the system and sometimes even require a system reboot. So how do we handle updates of such nature? This requires a detailed planning where initially the updates are thoroughly tested on a test system; then the backup system is moved to production and finally the production system is updated.
In the next part of the article series, we will talk about specific threats and vulnerabilities affecting the SCADA systems and security best practices to mitigate them.
Wow what a great blog, i really enjoyed reading this, good luck in your work. Coronavirus disinfecting Syracuse NY
ReplyDelete