By Rakesh Viswanathan, Regional Director, India & SAARC, Cyberbit
Supervisory control and data acquisition (SCADA) networks today are considered the most critical component in terms of security in large scale industrial organizations, enterprises as well as nation’s infrastructure such power plants and grids, oil and gas terminals, water supply networks, communication and satellite networks and others.
What makes the security of SCADA networks and infrastructure, highly complex and unique is the fact that it’s a mix of physical components, IT systems and software applications, remote terminal units (RTU) and field based hardware assets. And that broadens the overall attack surface area and makes it more prone to multiple vulnerabilities that may be linked to each of those aspects.
SCADA networks perform the role and functions to monitor, analyze and control those infrastructures, IT systems, applications and computer hardware that connect to the communication networks across locations on a real-time basis. Alongside, it also oversees automated processes, devices and industrial equipment installed on-site as well as remotely.
Henceforth, no industrial organization or nation can afford any sort of disruption to SCADA networks and related infrastructure – be it through malfunctioning, system failures, software vulnerabilities, physical or cyberattacks and even data breach and hacking incidents. Such disruptions or halts could trigger massive financial losses to any organization, entire industry or even to the nation’s economy.
WannaCry, a very powerful new generation destructive multistage ransomware surfaced last May, which had carried out a massive cyberattack worldwide targeting SCADA systems of global companies like FedEx, Renault and Telefonica, along some hospitals in the UK, Ireland and Indonesia were affected due to this cyberattack. This ransomware exploited vulnerabilities found in Microsoft Windows XP operating system targeting large-scale computer network, estimated to be over 300,000 computers in more than 150 countries including India.
In the aftermath of WannaCry ransomware attack, many businesses including hospitals in several countries were severely affected and their operations were disrupted and remained shut down for a long period. According to cyber risk modeling firm Cyence, the potential costs caused by WannaCry ransomware attack is to the tune of $4 billion.
Certainly, this makes security of SCADA networks very crucial and a top priority for both private enterprises and government authorities. This also means that weaker links of SCADA networks need to be protected against threats and secured from being exposed, exploited, corrupted, manipulated, misused or even disrupted by internal or external factors.
So, what are these weaker links that may be vulnerable to security of SCADA networks? It can result from untrained staff, human errors while deploying and configuring the applications, systems and monitoring alerts, outdated unpatched operating systems and erroneous application codes to unsecured legacy hardware, unprotected endpoints and conduit devices, unattended network issues and system faults and more.
While SCADA networks are very complex in nature, the organization needs to ensure that the network usersare well trained with strong understanding on the security aspects along with functions and features. This helps in dealing with issues around software patches, application and operating system updates and most importantly, reading and understanding security alerts and taking proactive steps because humans are always the first line of defense in cybersecurity.
However, humans remain the biggest risk to security breaches as revealed in recent security reports. This shows that humans continue to be highly vulnerable and are the weakest link when it comes to security and pose insider threat to the organization. Therefore, imparting security related education to people and training to staff in organizations is considered as a part of the security strategy that many security experts are advocating and emphasizing today.
As said earlier, security of SCADA networks is highly complex and unique in nature. Like in any security related scenario, the basic rule of SCADA network security is also regular monitoring and security enhancements in terms of tools, processes and mechanism that includes the physical and software aspects.
In addition, the organization needs to ensure that the operating system, software applications and IT systems that are connected with the SCADA networks along with security layers comprising of firewalls, endpoint security, Intrusion Prevention System (IPS) and other components are having the latest patches, updates and malware and virus definition. This would provide a defense shield against cyberattacks and hacking incidents and protect the vital information, data and the systems without affecting the services and essentially keeping the security of SCADA networks intact to an extent.
However, one of the most effective way to check the security and effectiveness of these tools, systems and mechanism in the organization is by conducting regular penetration testing as well as employing the services of ethical hackers. This would actually test the security layers in a real-case scenario and gauge the preparedness of the organization against cyberattacks, unknown vulnerabilities and advance hacking techniques.
Interestingly, a research study found that the SCADA networks and Industrial Control Systems (ICS) used in large-scale industrial organizations require to be secured differently than normal office networks.
73 percent of networks of industrial organizations are vulnerable to hackers, testing, according to the Industrial Companies: Attack Vectors research report finding released by Positive Technologies.
“A lack of processes usually leaves covering the unaddressed parts of the cybersecurity processes solely to humans, and humans make mistakes. Moreover, unsecured architecture with unpatched or unpatchable environments and no monitoring mechanisms combine to form a perfect storm for ICS insecurity,” said Paolo Emiliani, Industry & SCADA Research Analyst – Positive Technologies.
The research data does indicate that security for SCADA systems and networks require different approach for these industrial large-scale organizations.
While the measures mentioned earlier are considered in today’s context as the default security mechanism or in simple terms a security hygiene that needs to be followed all the time. All these have to be monitored and maintained on a 24/7 basis to ensure that there are no technical glitches or loopholes that weakens the security layers and mechanism.
However, with the constant advancements and sophistication on the threat landscape front, it is inevitable for organizations to invest and enhance their security and defense systems and regularly upgrade their overall security posture with advanced security technology.
For instance, security experts are also advising organizations to leverage digital signatures and cryptography in order to refine and enhance the security, which would help to increase the security of SCADA networks and ICS to the next level. With these added layers of digital signatures and cryptography, breaching the security layers would not be more difficult. No security is fool proof, but the making the security mechanism more complex is one of the ways to enhance the security and defend it.
More so, organizations will have to come up with a well-defined documented strategic framework of responsibilities and security protocols that reduce the gaps between the SCADA and IT departments. In many cases of SCADA network security breaches, the attackers actually exploited those existing gaps between the SCADA department and the IT department in the organizations.
To make all these efforts and measures more effective, a mapping of each and every access point and devices of SCADA and IT departments is must. It allows the organization to keep a close watch on any attempts of unauthorized access and misuse. This would help in identifying any potential threats from within the organization.
In digital age, after all security is not just the responsibility of IT department but it’s a collective effort. in the organization.
