A look back at SCADA security in 2015

Deborah Galea, manager, OPSWAT

It should come as no surprise that Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) that control key functions in critical infrastructure are especially at risk of cyber attack. If saboteurs manage to compromise critical infrastructure services, a country’s economy and military defenses can be severely hampered.

In addition, since organisations that operate critical infrastructure often own valuable intellectual property, this information can be a target for foreign state actors trying to steal intellectual property to advance their economies or to win competitive bids, says Deborah Galea, manager, OPSWAT.

So what is the current state of SCADA Security? In the past year we have seen some disturbing news that highlights the growing risk of SCADA attacks:

  • December 2014 – SCADA attack causes physical damage: In late 2014, an unnamed German Steel Mill suffered extensive damage from a cyber attack. The attackers were able to disrupt the control system and prevent a blast furnace from being shut down, resulting in ‘massive’ damage.
  • March 2015 – Energy sector hit the hardest: A report by the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) found that it received 245 cyber incident reports from asset owners and industry partners in the fiscal year of 2014. The largest number of these incidents occurred in the energy sector with 79 incidents.
  • April 2015 – Number of SCADA attacks doubles: According to the 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014, the number of attacks on SCADA systems doubled compared to the previous year. Most of these attacks occurred in Finland, the United Kingdom, and the United States. This is probably due to the fact that in these countries SCADA systems are more likely to be connected to the internet.
  • October 2015 – Nuclear industry especially at risk: Chatham House, a UK think-tank, reported that the risk of a cyber attack on nuclear infrastructure is growing. The trend towards the digitisation of SCADA systems is increasing the vulnerability of nuclear facilities, and many are inadequately prepared. Even where facilities are air-gapped, this safeguard can be breached with nothing more than a flash drive.
  • November 2015 – SCADA Security priority for US military: At the recent CyberCon 2015 conference, LTG Alan Lynn, DISA (Defense Information Systems Agency) director, said: “We recognise the enemy will use the Internet to recruit, to take down SCADA systems. In short, we expect a cyberattack as a prelude to war.”

How can SCADA Security be improved?

It is clear that SCADA security needs to be improved. The most common method used to protect SCADA and ICS systems is ‘air-gapping’ the control systems and completely disconnecting them from the internet and the corporate network. This has the advantage that attackers are not able to access the system from the outside, but also severely hampers productivity. In addition, this creates a new attack vector in the form of portable media. Since portable media such as USB devices, CDs and DVDs are often the only way to transfer data into a secure facility, they become the new attack vector for hackers. Not only can USB sticks contain malware, they can also be booby-trapped. Microsoft recently revealed a vulnerability in Windows which could allow an attacker to execute malicious code from a booby-trapped USB. Given these problems, how can SCADA Security be improved?

The following three technologies can be used to bolster the security in SCADA and ICS systems:

  1. Portable Media Security: By extensively scanning any portable media such as USB sticks, CDs and DVDs for malware before they are allowed to connect to the secure network, as well as applying security policies to limit allowed file types and media devices, the portable media attack vector can be significantly minimised.
  2. Data Diode: By making use of a data diode or one-way gateway to connect lower security networks to higher security networks, data transfer is only possible either in or out of the secure network, not vice versa. This significantly improves productivity by providing limited connectivity, while still maintaining the integrity of the secure network since data can only be transferred in one direction.
  3. Secure File Transfer: Secure file transfer can be used to safely send data into the secure network. For instance, after scanning portable media for any malware, the files can be sent into the secure network with secure file transfer, avoiding the need to bring portable media into the secure area. This not only improves productivity but also avoids the risk of booby-trapped USB devices being connected to the secure network.Picture1
    There is no doubt that in 2016 cyber security will be one of the top concerns for SCADA and ICS operators. By ensuring that security is planned into the system from the beginning rather than being added on as an afterthought, SCADA security can be strengthened and attacks can be countered.

The author of this blog is Deborah Galea, manager, OPSWAT.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES

Make the Intelligent Choice: Embed X103 in Smart City Outdoor Devices

Posted on: April 25, 2024

The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart city” embraces this end goal by digitalizing community services where we live and work, such as traffic and transportation, water and power, and other crucial

Read more
top-view-hand-holding smartphone internet communication network

Industrial IoT adoption fuels growth in private cellular networks

Posted on: April 25, 2024

Mission-critical use cases are driving private IoT connection growth in key industrial markets like manufacturing, logistics and transportation. Industrial IoT (IIoT) customers are eager to digitalise critical use cases with high-powered, dedicated networks, making these industries leaders in private 4G and 5G adoption. According to a new report from global technology intelligence firm ABI Research,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more