Supervisory Control and Data Acquisition (SCADA) systems, integral in various industries, streamline control, ensure compliance, and enhance monitoring by aggregating data from various sources such as sensors, controls, and IIoT devices. There are significant benefits of SCADA solutions, but they are also vulnerable to a range of cybersecurity attacks—especially for legacy systems that were not built with SCADA cyber security in mind.

Considering that SCADA systems are common in critical infrastructure, security must be front and center. A recent attack on a SCADA system powering critical infrastructure at a Google-owned facility launched multiple attacks over several months. Hackers were able to switch off substations and deployed malware to disrupt the environment and remove traces of the attack.  A November 2023 attack targeted Israeli-made PLCs across the globe. UK and U.S. water systems have been infiltrated as well.

Joint Alert About SCADA Cyber Security

Cyber-attacks are common enough that the Department of Energy, the National Security Agency, the FBI, and the Cybersecurity and Infrastructure Security Agency recently put out a rare joint alert about threat actors targeting industrial control systems (ICS) and SCADA systems. The systems’ modular architecture and multiple endpoints allow cyber criminals to conduct highly automated exploits, scanning for attack vectors and misconfigurations.

SCADA Solutions for Secure Operation

Especially for legacy systems, operators need to deploy modern SCADA cyber security practices to reduce the odds of a successful cyber-attack.

Implementing Access Controls and Authentication

One priority is to limit access to the SCADA network and components. Companies should require multi-factor authentication (MFA) to verify all user and device identities before granting access. Rather than just passwords, which can be lost or stolen, MFA ensures individuals authenticate through an additional factor like a one-time code sent to their phone. Expanding MFA across human and machine accounts prevents unauthorized access from compromised credentials.

In addition, SCADA operators need to implement role-based access controls (RBAC) restricting individuals to only the data or controls necessary for their role. Granular access tiers based on responsibilities prevent damage from malicious insiders outside their scope.

For example, engineers may require sensor statistics but should be blocked from directly manipulating pipeline valves without authorization. Integrating such attribute-based access controls into the SCADA cyber security architecture takes advantage of built-in system authorization features while reducing potential malicious activity.

The recent Colonial Pipeline ransomware attack demonstrates how such controls could have reduced impact. A lack of multi-factor authentication reportedly enabled attackers to infiltrate the corporate side with a single compromised password before pivoting to OT systems. From there, they deployed ransomware payload across nodes.

Hardening and Securing Configurations

In parallel with access improvements, hardening and properly configuring SCADA infrastructure closes security gaps.

Organizations must promptly patch and upgrade devices to eliminate published vulnerabilities from being targeted. Attackers routinely access systems via outdated software or common vendor passwords. A shocking number of attacks succeed by using default passwords that have never been changed. Development of custom images and running configurations tailored for security best practices provide protection as well. Tools can automatically enforce policies by blocking outdated software or mandating security measures such as preapproved encryption strengths across the environment.

Additional steps like instituting micro segmentation to isolate various SCADA zones into separate virtual networks provide containment and prevent lateral movement from functions to core industrial control networks—limiting the blast radius of any attack.

Detecting Threats Through Monitoring

Alongside proactive controls, organizations must implement SCADA cyber security monitoring capabilities to quickly identify and mitigate threats. Centralized logging combined with analytics solutions checks network traffic and endpoint events for suspicious anomalies indicative of attack reconnaissance stages or lateral movement.

Attacks on a Florida water treatment plant triggered the ICS to increase the amount of sodium hydroxide to deadly levels. Fortunately, it was caught by an alert supervisor, who was able to reverse the changes.

Building Organizational Readiness

Technology controls require organizational readiness. Facilities should have robust incident response plans with detailed playbooks to provide staff with step-by-step procedures during a crisis for coordinated action. When an attack occurs, time is critical to avoid widespread disruption and potentially dangerous situations.

CISA also recommends backing up the logic and configurations on any PLCs to enable fast recovery, and getting familiar with factory reset processes in the event of ransomware.

Keep Your SCADA Solutions Secure

Robust SCADA solutions can help maximize efficiency, reduce overhead costs, and streamline operations. But cyber security must be built in and actively monitored to keep operations safe.

Pacific Blue Engineering designs, builds, and integrates secure, centralized monitoring and control for industrial equipment—creating a comprehensive SCADA system for your unique environment. Whether you need a turn-key system, modernization, or integration with legacy equipment, Pacific Blue Engineering can help.

Contact Pacific Blue Engineering today at (657) 201-8603 or request a consultation online to discuss a custom SCADA solution.