Potential threats

The management systems of industry, manufacturing and providing utility services such as electricity, oil, water, etc. are operated by electrical-electronic, mechanical, hydraulic equipment and other specialized equipment.

Due to the industry’s specificity, these systems are operated 24/7 continuously and automatically, they have a self-control mechanism under pre-setup hypothetical situations. As a result, normally these systems are operated and monitored by specialized computer systems called controllers and sensors. Integrated with management systems, they provide SCADA (Supervisory Control And Data Acquisition) solutions that enable efficient data collection and analysis and help automatically control specialized equipment in these systems like pumps, valves, and relays.

SCADA: Supervisory Control And Data Acquisition.

Used in systems requiring high reliability, continuous operation in tough industrial environments, not easy to replace and install, the devices in SCADA solution must ensure that they can be sustainable and persistent over a long period, from 5 years or even more than 10 years.

With the importance and impact on the community and society, organizations that provide public services, urban traffic control systems, became targets of attack and were recently attacked by several cyber crimes, data stealing and service denial,… Of course, we did know about this most through Hollywood series and movies, but it actually happened in reality.

In Vietnam, if we look from outside, we can see that hackers attacked and took control of the screen display system at the airport. But actually, customer database system of aviation is still ensured to be completely safe or not?

With this reality, in addition to ensuring the continuous supply of social services, data integrity, and precision in air/road traffic control, the prerequisite is that we thoroughly solving security concerns of SCADA systems, which are characterized by enduring operation, use of devices, systems and technologies dating back 5-10 years. Meanwhile, in the world, technology is being researched, developed and applied at galloping speed. It is such an unequal battle.

Characteristics of SCADA network and security requirements

Although the design and manufacture of SCADA controllers as well as management system setting device are customized following requirements of users and the system, they remain inseparable from the fact that they are used on the basis of workstations which are installed customizable standard operating systems (Windows/Linux or Unix), along with software applications, communication protocols, and common sign-on.

So, while it may sound different, SCADA systems will encounter many issues similar to common IT systems, vulnerabilities, differences between tested products, backdoors, lack of authentication and encryption, not updating patches and weak password storage will allow attackers to gain access to the system. As a result, the device might be crashed or stopped, the attackers may interfere with important processes controlled by these devices, such as opening and closing valves, disorganizing the traffic control system.

However, because of the function, SCADA network is physically separate from IT networks of businesses/organizations, or uses the same IT networks (LAN and WAN) but encrypts their SCADA network traffic on a shared infrastructure. And, both networks have exchanged for retrieving data information as well as sending operation requests between them.

Aside from the factor that it’s a network connected to an IT network, SCADA devices and networks have different characteristics compared with IT devices and networks:

  • Set up in locations that are not suitable for manually installation (towers, oil rigs, active robots, power/water/oil plants, traffic lights), environmental requirements higher than common IT systems (e.g: outdoor, extreme heat, high acid/alkaline environment, shaking) or specific input/output requirements.
  • Uses standard operating systems, but is customized/embedded to be compatible with the system, but with little regard for security.
  • Software is custom-designed, prioritizing the readiness and persistence of the system, so they are updated or fixed less frequently, due to limited access or fear of consequences when they have to interrupt to upgrade system.
  • Use proprietary or special protocols such as MODBUS, DNP3.

Security service providers with extensive experience in protecting IT networks from the potential threats which keep increasing in high speed, from operating system defects, application software vulnerabilities or incompatibility between hardware-software to firmware, continuous optimization, development of processes that allow for the establishment of a system that operates almost safely.

The reuse of knowledge, continuous research, application of technology developed over the years can build a safety system while saving time and costs. It is only possible when they can achieve necessary condition which is to understand and evaluate the differences between SCADA and IT environment before applying specialized security practices and technologies as a part of the solution.

SCADA network system security (Part 2)

Song Phuong

Related posts: