Supervisory Control and Data Acquisition or SCADA another term used in relation is "Industrial Control System" ICS. SCADA systems are designed to operate with several different communication methods including modems, WANS and various networking equipments. A great complexity of devices and information exist in SCADA systems. Most SCADA systems minimally contain the following :
1. Control Server
2. Remote Terminal Unit (RTU)
3. Human-Machine Interface (HMI)
4. Programmable Logic Controller (PLC)
5. Input/output (IO) Server
6. Data Historian
Unique design of SCADA systems, and the critical infrastructures that they are a new focus of attacks . Organizations responsible for implementing or protecting SCADA systems should be aware of the following:
1. Network Perimeter Vulnerabilities
2. Protocol Vulnerabilities throughout the stack
3. Data Base Insecurities
4. Session Hijacking and Man -in-the-middle attacks
5. Operating System and Server weaknesses
6. Device and Vendor "Backdoors"
To overcome given SCADA security threats, Organizations should look for formal Training on Securing SCADA systems for their existing and future employees to implement the following :
The policy has to cover remote access requirements, if they are permitted under which circumstances and for how much time. Also it is recommended to state the requirements for use of secure protocols – IEC61850 or DNP3 secure authentication.
Firewalls can help for DOS, but are rarely deployed consistently in control systems and are not effective if required bandwidth is exhausted. Field bus systems or wireless links are relatively easy to saturate to point where latency and jitter become unacceptable. Also where firewalls or other active security components are deployed, these make good targets for effecting DOS.
The primary needs of ICSs are situational awareness, multizone protection, native support for industrial system solutions, and compliance. To address these needs from an architectural perspective a combination of dynamic white listing, security information and event management (SIEM), intrusion prevention systems (IPS), and database activity monitoring (DAM) should be used. However if some intrusion detection systems (signature or anomaly based) will be deployed without proper monitoring it will be waste of time. Even Snort has some SCADA specific rules but there is no value in them if nobody monitors them in real time. By the way Stuxnet was supposed to be discovered as extreme anomaly on the network but it wasn’t.
Trend made a good report on ICSs link where recommends:
- Disable Internet access to your trusted resources, where possible.
- Make sure your trusted resources have the latest patches and that you diligently monitor when new patches/fixes are released.
- Use real-time anti-malware protection and real-time network scanning locally on trusted hosts and where applicable. (Some PLC systems cannot support anti-malware products because of the fragile nature of ICS protocols.)
- Require user name/password combinations for all systems, including those that are not deemed “trustworthy.
- Set appropriately secure login credentials. Do not rely on defaults Implement two-factor authentication on all trusted systems for any user account.
- Disable remote protocols that are insecure like Telnet
- Disable all protocols that communicate inbound to your trusted resources but are not critical to business functionality
- Control contractor access. Many ICS/SCADA networks utilize remote contractors, and controlling how they access trusted resources is imperative
- Utilize SSL/TLS for all communications to web-based ICS/SCADA systems
- Utilize network segmentation to secure resources like VES systems, ICS, and SCADA devices. See a great write-up on network segmentation at
- Control access to trusted devices. For instance, for access to a segmented network, use a bastion host with access control lists (ACLs) for ingress/egress access.
- Improve logging in on trusted environments in addition to passing logs to SIEM devices for third-party backup/analysis.
- Develop a threat modeling system for your organization. Understand who’s attacking you and why.