|
Executive Summary
Supervisory Control and Data Acquisition (SCADA) systems are used for remote monitoring and control in the delivery of essential services/products such as electricity, natural gas, water, waste treatment and transportation. This makes SCADA systems an integral part of a nation's critical infrastructure. They are also crucial to the continuity of business. This paper identifies emerging electronic threats to the security of SCADA systems and some issues you should be aware of to protect your SCADA systems.
What are the security issues with SCADA systems?
Traditionally SCADA systems were designed around reliability and safety. Security was not a consideration. However, security of these systems is increasingly becoming an issue due to:
- increasing reliance on public telecommunications networks to link previously separate SCADA systems is making them more accessible to electronic attacks;
- increasing use of published open standards and protocols, in particular Internet technologies, expose SCADA systems to Internet vulnerabilities;
- the interconnection of SCADA systems to corporate networks may make them accessible to undesirable entities;
- lack of mechanisms in many SCADA systems to provide confidentiality of communications means that intercepted communications may be easily read; and
- lack of authentication in many SCADA systems may result in a system user's identity not being accurately confirmed.
Where do the threats come from?
Threats to SCADA may come not only in the form of terrorism, but from general internet threats (e.g. worms and viruses), recreational hackers, errors resulting from training programs or even disgruntled employees.
What questions should you ask your Chief Information Officer (CIO) to ensure that
your SCADA security is robust?
- What processes are in place to identify security risks from cyber incidents in our SCADA system?
- What strategies have been put in place to manage these risks?
- How regularly are vulnerability assessments undertaken of our SCADA system?
- How well do the IT and the Engineering departments communicate?
- What assessments are undertaken of the training needs of our IT personnel involved with SCADA security?
- What measures have been put in place to ensure that our network design takes account of SCADA security?
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Next »
DISCLAIMER: |
| To the extent permitted by law, this document is provided without any liability or warranty. Accordingly it is to be used only for the purposes specified and the reliability of any assessment or evaluation arising from it are matters for the independent judgement of users. The document is intended as a general guide only and users should seek professional advice as to their specific risks and needs. |
|
