Everything You Need to Know About SCADA Cyber Security

Where new tech trends go, cybercrime will follow. Cybercriminals looking for a quick buck (or a little chaos) are increasingly appearing in areas where they’re least expected; effectively turning previously unlikely cyber-victims into increasingly soft, easy targets.

Due to the Internet of Things (IoT) boom, criminals are increasingly using smart devices as an attack vector. And there’s one subgroup of IoT where cybercriminals are currently focusing a lot of attention: SCADA systems.

Internet-enabled SCADA (Supervisory Control and Data Acquisition) systems form an essential part of countless industrial and infrastructural processes. Therefore, a hacker’s tinkering can result in huge amounts of damage – not just for the organisation coming under fire, but potentially for the community at large.

What Are SCADA (Supervisory Control and Data Acquisition) Systems?

SCADA systems are digital systems that are used to automate, control, and monitor a variety of industrial and infrastructural processes in real-time. SCADA is a subset of what is called ICS (Industrial Control Systems), though the two terms are often used interchangeably.

SCADA technologies are widely implemented across manufacturing, the utilities sector (electricity, oil, gas, petrol), water processing, agriculture, pharmaceutical production, telecommunications, and much more.

To give a few general ideas of mechanisms that SCADA systems generally oversee, think pressure gauges, power consumption monitors, robotic actuators, conveyor belts, and so on.

Understandably, automating mission-critical activities through SCADA presents numerous cost and efficiency savings; chiefly relating to personnel, training, analysis, reaction times, and minimising downtime.

Examples of SCADA in Action

SCADA is used across a number of different applications – here are just a few:

• Manufacturing: controlling robotic actuators, industrial process control, managing parts lists and ordering.
• Oil & Natural Gas: remotely monitoring and controlling pumps, pipelines, refineries, etc.
• Water & Sewage: monitoring water flow, pipe pressures, reservoirs, and field devices.
• Utilities Distribution: monitoring and controlling lines, voltages, breakers, gathering smart meter data, etc.
• Pharmaceuticals: monitoring and maintaining drug batch consistency, refrigeration temperatures, and compliance reporting.

The Cyber Concerns of SCADA

As you can see, we pretty much rely on SCADA systems to live what we consider to be “a normal, modern life”. It all sounds very tech-forward and utopian until you realise how vulnerable SCADA systems can be from a cyber perspective.

Many SCADA devices connect to the internet in order to access cloud reporting systems or to communicate with other devices over long distances, making them technically IoT (Internet of Things) devices.

IoT technology – SCADA included – is generally quite hard to secure. This is because these devices are generally manufactured to be as straightforward as possible; they’re simply able to do the thing they’re made to do and nothing more.

Keeping a device’s code and functionality as streamlined as possible keeps costs low for manufacturers and buyers. Yet it also makes it impossible to implement the same kinds of cyber security controls, like antivirus software, that you would usually extend to “traditional” IT devices such as PCs and servers.

So, with that in mind, let’s explore the risks that SCADA systems bring to the table.

Hackers Can Use SCADA to Sneak in the Backdoor

Because SCADA systems aren’t usually able to operate modern cyber security controls – and are often considered outside of the IT department’s remit – they can serve as a tempting point of ingress into a network for a hacker on a mission.

The cybercriminal may not do anything to directly affect the SCADA system, they may simply use it as a stepping stone to access sensitive databases, steal intellectual property, spread malware, or even carry out reconnaissance on your network for a future attack.

SCADA Presents Opportunities to Saboteurs, Hacktivists, and Terrorists

Yet sometimes, affecting the internal operations of a SCADA system or device will be the hackers’ goal. With the right know-how, a cybercriminal could change a device’s instructions, render it temporarily unusable, or overload it with requests.

At best, this kind of attack could result in lost revenue, downtime, loss of reputation, and remediation costs. In other cases, an attacker may overload a device so much that it causes a fire or explosion – posing a threat to workers’ lives. At the very worst, a hacker could tamper with national utilities, water, or healthcare infrastructure, resulting in mass suffering.

Wide-reaching attacks like these can come from terrorist groups, politically driven “hacktivists”, or even foreign state actors.

SCADA & IoT Malware Exists… And It’s a Growing Threat

In their Mid-2020 Cyber Threat Report, SonicWall warn that IoT malware threats are on the rise, showing a year-on-year increase since 2018 and a 50% increase in the first half of 2020 alone.

However, malware designed to attack SCADA systems is far from new.

2010’s Stuxnet worm used Windows malware as a springboard to compromise the systems in charge of Iran’s SCADA-operated nuclear centrifuges. The errant instructions caused the centrifuges to overload and effectively tear themselves apart – reportedly ruining nearly a fifth of the country’s nuclear centrifuges.

The Industroyer/CrashOverride malware framework is thought to have enabled the 2016 attacks on Ukraine’s power grid. That is opposed to the 2015 attacks on Ukraine’s power grid that used BlackEnergy 3 malware.

Obviously we’re not going to get into the politics behind these attacks – or indeed any of the reasons why people carry out attacks like these – but it’s only a matter of time before something like this happens again, regardless of scale.

SCADA Requires a Huge Mindset Shift

SCADA suffers from a very particular problem. Because SCADA devices are commonly viewed as operational, functional tools, they’re often considered alongside the mechanical plant or factory floor machinery, rather than the IT devices they rightly are.

This often leads to a schism in cyber security training and awareness. Operatives who use SCADA systems on the factory/plant floor or in the field often don’t receive the same levels of cyber security training as their office-based counterparts.

Without the right attitude to cyber-awareness, factory/plant/field management can slip into a mindset of “I don’t care about the technical details as long as it works”. But as we’ve discussed, hackers don’t have to mess with the operations of a SCADA device in order to cause a major cyber security incident.

However, when operational staff are given the right training about SCADA cyber-awareness, they become better empowered to keep the rest of the organisation safe; avoiding potentially costly mistakes like phishing, sharing credentials, and shadow IT threats.

How Can I Secure My SCADA Systems?

Keeping your SCADA and IoT systems secure may be simpler than you think. Every organisation’s situation is different, but here are a few general tips you can use to stay as safe as possible.

• If your SCADA/ICS devices connect to anything external – the internet, an external VPN, or a WAN, never connect them to the open internet. Always make sure your firewall, Intrusion Prevention Systems, and Network Security Monitoring systems are placed in between the internet and any IoT devices so they can monitor the devices’ traffic.
• Upgrade your firewall every 5 years, even if it seems to be working fine. Also, look into other defences like Intrusion Prevention Systems, Deep Packet Inspection, and Sandboxing.
• Invest in regular penetration testing and robust, real-time network security monitoring to shine a light on any potential security flaws throughout your organisation.
• Take an inventory of all your IoT hardware and carry out periodic spot checks, keeping an eye out for any strange behaviour.
• Reboot your ICS/SCADA devices every now and again – especially if they’re behaving unexpectedly. This can clear any malicious code from the device’s memory.
• Keep any software or apps that talk to SCADA/ICS devices updated wherever possible and discuss ongoing maintenance and upkeep with your supplier. If they need to maintain an online connection with your network SCADA devices (usually for maintenance and monitoring), ask them how they secure these communications and how they protect their own internal systems/networks from cyberattacks.
• Maintain strong access security – enable Multi-Factor Authentication on all ICS/SCADA logins, change default access credentials, and use complex passwords rather than 4- or 6-digit pin numbers.
• Provide good cyber-awareness training to all of your staff, regardless of their role. Remember that office personnel will likely need coaching on slightly different points than your operational plant/factory/field staff due to the different ways that they interact with the internet.
• Aim to embed cyber-awareness training within the onboarding process for new operational staff so they are aware of the cyber risks of your particular SCADA setup.

And one last tip – a bit of self-awareness goes a long way in cyber security. If you’re a small factory serving SME clients, you’re less likely to attract attention from terrorists or state actors looking to carry out a large-scale attack. However, you could still attract independent cybercriminals who see you as “low hanging fruit” or an “easy win”.

On the other hand, larger factories and plants who serve large areas of public and private infrastructure may attract attention from both smaller, independent criminal groups and from larger political actors.

Concerned about your own ICS and SCADA risks? The Just Firewalls team are here to help – and for free! Get in touch today and claim your free, no-obligation cyber health check with one of our experienced technicians; simply call 0808 1644414 or request a call back today.