Five steps to SCADA security
Supervisory control and data acquisition systems have generally not been accounted for within the network security scheme.
The attack by the Stuxnet virus against Iran in 2010 raised awareness of the vulnerability of industrial systems known as SCADA (supervisory control and data acquisition), which have been widely implemented across a range of industries for many years. The Stuxnet virus illustrated the urgent need to apply modern security techniques, like those deployed in an enterprise network, to SCADA environments.
SCADA environments consist of industrial control and management systems - usually deployed on a large scale - that monitor, manage and administer critical infrastructures in various fields of transport, nuclear, electricity, gas, and water.
Unlike a company's conventional IT network, a SCADA environment provides interconnection between proprietary industrial systems, such as robots, valves, thermal or chemical sensors, command and control systems, and HMI (human machine interface) systems, rather than desktops. While SCADA is mainly deployed in enterprises, it is increasingly being found in private households as well.
Designed for longevity and at a time when cyber crime specifically targeting the industrial sector was not widespread, SCADA systems have not been taken into account within the network security scheme. Because of the isolated nature of industrial systems and the non-existence of interconnection to an IP network, security was not initially considered to be necessary.
SCADA architectures have evolved, and now robots, measurements systems, command and control tools and remote maintenance systems are all interconnected via a conventional IP network. The problem is not the use of IP itself, but rather that they are administered by potentially vulnerable environments, as the HMI interface platform, which is typically equipped with an un-patched Windows operating system.
Considered highly sensitive, these environments generally do not have operating system patches or updates applied for fear of disrupting the industrial system. This fear prevails over the fear of potential IT attacks.
Identified as critical, SCADA environments are paradoxically less secure and have become a potential target for cyber criminals. Once compromised, a hacker would have full control over the system, as seen with Stuxnet, the first discovered worm that spies on and reprograms industrial systems. This worm exploited Windows Zero Day vulnerabilities - vulnerabilities for which a patch had not yet been developed - and went on to affect thousands of IT systems and one uranium enrichment plant.
SCADA environments are paradoxically less secure and have become a potential target for cyber criminals.
It took a case of an attack the scale of Stuxnet to raise awareness of the potential damage from cyber threats to the industry sector. While traditional computer attacks usually cause non-material damage, Stuxnet brought the destructive and real capacity of advanced worms and viruses to affect corporate data, but also water management systems, chemical product production and energy infrastructures.
As a result, industrial companiesare starting to integrate security measures into their systems. Much more is needed before SCADA systems can be considered secure. As a first step, companies deploying SCADA must consider them as part of their overall IT infrastructure, apply the same security measures and techniques that they do for their internal IT infrastructure, and get the support from their senior executives for the related additional IT budgets and resources.
There are important steps that should be taken to ensure the security of a SCADA environment, considered as sensitive:
1. Regular updates
Applying software patches on a regular basis to the SCADA operation system, applications and components is an essential step to avoid security breaches due to vulnerabilities already known by security vendors.
2. Partition and isolate the SCADA network
Isolate the SCADA network from any other corporate network. To that end, the use of DMZs or bastions will allow the company to segment the SCADA architecture. The HMI network will be separated from robots and measuring devices, supervisory systems, remote control units and communications infrastructures, allowing each environment to be confined and protected from bouncing attacks.
3. Protocol validation
After having partitioned and segregated the different elements of SCADA architecture, the next step is to apply protocol validation and control related to its various components. Thus, it is necessary to inspect the MODBUS protocol to be sure it is neither misused nor an attack vector.
4. Segregate administrators from users
In addition to the segmentation of the network, it is crucial to segregate users from administrators and provide different access levels between the two groups.
5. Get an overall view of the network
The need for a correlation and event management tool is essential. It is critical that the network administrator has the ability to fully understand the security state of the entire network, and for instance, know at the same time the robot state, the HMI patch level and its relation to a specific user or component of the architecture.
The generation of security alerts is equally important. By understanding what is happening in the network, the administrator gets the ability to correctly react to network events and take appropriate action.
The implementation of these steps, although sometimes cumbersome, will ensure there is a comprehensive security strategy throughout the network, and provide an in-depth defence with a security layer at all levels, even at PLC units, for a precise control of exchanges and communications between the SCADA environment and the network infrastructure.
With attacks becoming more sophisticated, like advanced persistent threats, it is critical that industrial organisations realise that integrated security in their SCADA environments is essential if these networks are to continue to function as they were designed to do.