Last year, nearly 40 percent of industrial control systems worldwide experienced attacks from external sources, according to a Kaspaersky analysis. That’s a sobering statistic, especially when coupled with evidence that cyberattacks were involved in crippling power outages in the Ukraine in late 2015. The following year, closer to home, U.S. cybersecurity officials accused Iran of hacking into the control system for a New York dam. Its efforts were foiled only because a sluice gate had been manually disconnected from the control system while undergoing repairs.
As we grow increasingly reliant on digital control of mechanical devices and processes, the systems that control sensitive infrastructure come into the crosshairs of attackers seeking to cross the cyber-physical barrier and wage cyberattacks against the physical world. Industries ranging from coal mining to hydroelectric power generation depend on supervisory control and data acquisition (SCADA) systems to monitor safety and control production. Attackers who are able to take control of SCADA systems may find themselves in command of critical infrastructure systems.
Legacy Equipment Creates Risk
The unfortunate reality is that many of these SCADA systems are incredibly old by technology standards. It’s not unusual to find that the control systems governing sensitive equipment are decades old. These legacy systems were designed in an era when security was not a top concern and engineers expected the systems to reside on isolated networks where an attacker would have to gain physical access to a facility to connect.
Today, those same systems continue to control critical infrastructure processes, but they’ve now been connected to the internet to provide remote monitoring and control in environments with far-flung devices. Additionally, the outdated software and operating systems on those devices often contain critical unpatched security vulnerabilities.
Cybersecurity Programs Fill the Gap
Cybersecurity programs in organizations that operate SCADA environments must be carefully designed to control the risk to these sensitive systems. Security professionals may draw upon industry standard guidance, such as the Guide to Industrial Control Systems Security from the National Institute of Standards and Technology to help with the design of security controls, but they must tailor security solutions to meet the specific needs of their operating environment.
Most of the controls required to secure a SCADA environment are the same as those used to secure more general computing environments. Firewalls, anti-virus software and patch management tools should all be found on SCADA networks. However, designers should also implement specialized controls to isolate SCADA systems from other networked devices, reducing the risk of attack. For example, cybersecurity professionals should ensure that SCADA systems are placed on a segregated network accessible only by direct physical access or a secure virtual private network connection. In addition, any connections to that network should require strong, multifactor authentication and should be logged to a centralized monitoring system.
Organizations that develop a layered, defense-in-depth approach to SCADA security will be able to harden their systems against attack. This is absolutely critical in an era where attackers are actively seeking out opportunities to cross the cyber-physical barrier.
This blog post brought to you by: