SCADA Controls
PCS
SCADA systems are a type of Process Control Systems (PCS), which are complex systems that execute defined tasks as a part of an industrial production process. PCS are the main control framework for other critical infrastructures. The selected PCS monitors and supervises remote sensors which are deployed near the critical infrastructure. This process allows the PCS to manage automation operations and record sensitive data measurements. Each of the two types of PCS are differentiated by their geographical distribution. SCADA, which stands for supervisory control and data acquisition, is a distributed network over a large geographic location where a series of industrial automation services are enacted to control the performance and continuity of other critical infrastructures. The other PCS, Distributed Control Systems (DCS), have the same functionality as SCADA systems but serve areas that are geographically closer to manufacturing operations and industrial facilities. SCADA systems provide a method for security professionals to manage and make appropriate changes to critical infrastructures in according to the policies and strategies outlined by upper management at companies that mange CI.
SCADA on Networks
The first SCADA systems were implemented in ways that are drastically different than today’s, many cybersecurity analysts believe the old method of implementation to be the more secure between the two options. Initially, SCADA systems were implemented in monolithic, or centralized systems, which is often referred to as a closed system. The SCADA systems were not connected to the internet and did not provide accessibility to outside networks, focusing exclusively on the critical infrastructure’s location. The centralized concept significantly reduced the prospect of cyberattacks. In order to bring new innovations to the SCADA systems managing critical infrastructures around the country, security professionals began to adopt the distributed system concept as a more effective method than the centralized concept due to its ability to manage critical infrastructures more efficiently, provide stronger analytics, enable more remote management and troubleshooting of problems. Even though the distributed system concept made improvements in the use of SCADA controls across all critical infrastructure sectors, its implementation has made SCADA systems more vulnerable for cyberattacks to administrative systems that cause significant damages to the physical properties of the critical structures as well as a negative impact to populations within countries. The SCADA vulnerabilities primarily exist under to distributed system concept due to its removal of SCADA controls from closed systems to internet-connected ones that make the overall critical infrastructures more open to cyber-criminal activity that takes place on the open web. Today, SCADA has evolved to more networked systems that rely on wireless internet, ISPs and mobile capabilities; the new innovations are also not as secure as implementing SCADA controls on a closed system.
Policies
SCADA systems are very important to the creation and implementation of cybersecurity policies and strategy that control critical infrastructures. Due to the interdependency of all 16 critical infrastructures, it would be safe to assert that SCADA controls play a significant role in managing effective operations for the CI that they control and all interconnected Cis that depend on maintaining effective use. Since the new SCADA systems are connected to the internet and depend on ISPs and wireless technologies, their effective use has become a complex issue for cybersecurity professionals to solve. Even though they present challenges, cybersecurity professionals implement policies and strategies regarding SCADA controls in order to modernize operational processes, ensure automation and real-time control. The new SCADA systems present new challenges in protecting critical infrastructure and networks managed by individuals, governments and corporations. SCADA systems are the foundational technologies that provide support and maintenance to critical infrastructures and its associated interdependent CIs.
History
This history of SCADA control implementation has defined three generations of the technology’s development: monolithic or centralized system, distributed system, and networked system. Each generation has its own strengths and weaknesses. It could be argued that even though each new generation brings innovations to SCADA controls, they also make them more susceptible to cyberattack. However, many cybersecurity professionals would assert that the later generations implements more efficient use of SCADA systems and thereby are worth the investment even though they are open to cyberattacks in ways the first generation were not.
Vulnerabilities
Lack of communication among security professionals who handle SCADA systems can lead to potential vulnerabilities within the distributed and networked systems. Adopting more effective communication can lead to fewer vulnerabilities presenting themselves during the management of critical infrastructures. There is also a need to incorporate more cryptography in order to enhance SCADA protocols and provide more security to networks. Since there is a lack of Federal policies mandating the implementation of certain technologies to enhance SCADA systems, it is up to private companies to make the necessary investments in firewalls and intrusion detection prevention systems in order to add an extra layer of security for SCADA systems. Lack of policies also mean that companies and governments are not mandated to label security classifications of their critical infrastructures operation; therefore, it can be challenging to pinpoint which parts of a SCADA system should be prioritized first due to the critical nature of the alterations made during cyberattack. The evolution of Smart Systems within the power grid, along with the Internet of Things have made the process of securing SCADA systems even more complex. Due to a lack of oversight, vulnerabilities can present themselves as SCADA systems on a networked system opens itself up to potential intrusion due to its ability to communicate with other networks. Since most of the internet traffic comes from industrial communication protocols, SCADA systems are open to the vulnerabilities that are present within protocols that can negatively impact the operation of SCADA control, thereby damaging critical infrastructures and potentially putting populations at risk.
Interdependency Model
In order to protect Critical Information Infrastructure and other CIs, I think it is important for cybersecurity policy-makers and corporations to adopt the interdependency model when coming up with strategies and policies for implementation to address the security of critical infrastructures. Even though the economic model may be more pressing for business professionals to implement due to their need to generate company revenue, I would assert that national security should take precedent over economics in nearly every circumstance. In order for the nation to provide resources like water and energy to users, security professionals must use SCADA controls and other technologies to effectively manage and maintain critical infrastructure’s physical and virtual properties. This process becomes imperative due to the interdependency among the 16 critical infrastructures, as an attack on one could have a significant impact on several others. I think that companies and governments should invest more resources in discovering the best approach for managing a SCADA system; would it be more efficient to bring SCADA controls back to monolithic systems? More research could find answers to that question, particularly if there are ways to make SCADA controls more efficient using the monolithic method in ways similar to the networked systems. Due to Moore’s law, it would be safe to assert that technology in regards to SCADA controls will continue to advance over time, and that the networked model is probably here to stay for the foreseeable future. I would recommend for the Federal government to invest more resources into monitoring the traffic that is crossing networks SCADA systems are used on as a prevention measure and also adopt particular policies and strategies that mandate how companies and governments should implement, maintain and upgrade SCADA controls according to a national standard that researchers have proven will lead to fewer vulnerabilities, thereby promoting more security of critical infrastructures.