Over the last several years, we’ve seen utilities increasingly become a target for cybercrime. On Friday, February 5th, an unidentified assailant remotely accessed a computer that is a part of the SCADA system at the City of Oldsmar’s water treatment plant. In an attempt to poison the city’s water supply, the assailant briefly increased the amount of sodium hydroxide by a factor of more than 100. Thankfully, a supervisor noticed this increase and immediately reversed it, causing no harm to the water supply.
While beneficial to utilities, SCADA systems open the operation up to many cyber threats when the proper protocols and security are not in place. In 2019, we wrote the following article for the Tennessee Association of Utility District’s publication, Tennessee Utility News, outlining benefits, threats, and best practices for protecting SCADA systems.
Have questions? Need help securing your system?
That’s what we’re here for! Reach out, and we’ll be happy to help!
Making Data Work for You:
SCADA for Utilities
Throughout the utility sector, SCADA (Supervisory Control and Data Acquisition) systems are becoming more and more prevalent. SCADA systems are a type of industrial control system that enables utilities to easily collect useful data, monitor operations, and automate many processes. For the utility industry, SCADA systems can have many different applications. SCADA systems can give operators and administrators instant access to information that was previously unavailable or difficult to obtain. SCADA systems can be used to monitor and control pump stations, monitor water in tanks and reservoirs, perform remote shut-offs and turn-ons, collect data for regulatory and financial reporting, among many other useful applications. These networks are not a one size fits all solution, however. They may be small or complex, only address one small portion of operations or encompass them all. SCADA systems are becoming essential to water and wastewater system operations, monitoring, maintenance, and planning.
The heart of SCADA is the data it generates.
SCADA systems are typically made up of field equipment, data collection equipment, communication networks, and software. Field equipment such as sensors or relays allow the utility to monitor and automate their system through the creation or consumption of data. This data is communicated via fixed or wireless communication networks through the use of Remote Telemetry Units (RTUs) or Programmable Logic Controllers (PLCs) that are connected to the sensors or relays in the field. In most cases, these RTUs or PLCs perform real-time, continuous data collection, giving the utility easy access to data that enables operators to create and maintain a high level of control.
We’ve established that SCADA systems communicate data, but where is this data going? How is it being turned into action? The final piece of any SCADA system is a host platform. The host platform is comprised of hardware such as servers or a cloud solution as well as software. It is here where the actual benefit of a SCADA system comes to fruition. It is here where data is received, integrated, analyzed, and turned into actionable items. The large amounts of data that are generated by SCADA systems can be onerous and overwhelming. Having software and solutions that ensure that this data is processed properly, organized, and stored is essential to the performance of the SCADA system.
Protecting SCADA data and connected systems.
Just as SCADA continues to increase in popularity, so does the threat posed by outside sources. Over the years, we’ve heard mention of the threat posed by terrorists, hackers, and less than satisfied customers and employees. How do you protect your system from these outside threats and ensure that you avoid any loss of service?
The threat of cyber-attacks and cyber warfare is growing each day, and we see every day that utilities are not taking the necessary steps to protect their network. This topic is one that is constantly being discussed, but many times, no changes are being implemented. The two most common reasons are that many utilities do not grasp the reality that it could happen to them or the cost seems prohibitive to protect and monitor their system.
Threats to SCADA systems include but are not limited to:
Employee Error: Employees are a common cause of network security issues. While it is possible to suffer the wrath of a disgruntled employee, most commonly, network security issues caused by employees are unintentional and can many times be attributed to poor training, carelessness, or a combination of both. With proper training for employees and an active culture of vigilance, you can help your organization reduce issues caused by employee error.
Malware: Malware includes viruses, spyware, and an array of other malicious programs. These programs may not necessarily target SCADA, but because the SCADA network is not separated or protected, they are able to traverse over the entire network, thusly affecting the SCADA system.
Hackers: Intentional, malicious individuals or groups that are intent on gaining access to the network. These hackers could also use this data against you. By manipulating data or gaining complete control of your SCADA systems, serious harm can be caused to services, customers, and the entire operation.
"Using a combination of security policies and controls to adequately secure today’s systems is critical to your organization’s operation"
So what can you do:
The first step utilities need to take is documentation of your network connections to the internet. Any and all internal networks must be properly documented. All hardware, software, firmware, and applications need to be part of that documentation. All users, including outside vendors that have access to these systems, should also be documented. It is vital that utilities create and maintain accurate and thorough documentation of all connections to, pieces of, and access to their network.
In most cases, SCADA systems lack adequate monitoring and detection systems, making them vulnerable to attacks from external and internal sources. Setting up monitoring and detection controls is the next step in protecting your SCADA system. There are many different types of monitoring and detection software on the market. Selecting the software that is best for your particular operation can be a difficult task. We suggest that you work closely with network professionals to evaluate your specific network needs.
Once you have documented and set up adequate monitoring and detection systems, you can then begin to segment the network. Segmenting the network should be used to separate other business systems that are running on the same network as the SCADA system. Due to the fact that attacks are increasingly exploiting both physical and cyber vulnerabilities, it is important to align physical security and cybersecurity processes. Application whitelisting, firewalls, and gateways are all ways to build a defensive perimeter around your SCADA systems.
Security is also something that is in continual motion. Rules, security checks, report monitoring, and standardized processes must be instituted and utilized by everyone who has access to the SCADA system and all other connected networks. Regular evaluations must also be performed for vulnerability, risk, and all assets in general. These assessments should be conducted on a regular basis to verify that security measures are adapting to the changing threats on the IT landscape.
Using a combination of security policies and controls to adequately secure today’s systems is critical to your organization’s operation. Understanding common weaknesses, creating and implementing an action plan to bring security to an acceptable level, and employing standardized processes will minimize the risk posed by an increasingly hostile Internet environment.