When it comes to computer security, most people only think about desktops, laptops, and other user-level equipment. All too often, we forget about those important industrial processes that make so many good things possible. When you are running those large-scale industrial operations, you need to have a system that offers a good mixture of process control and tight security. SCADA (Supervisory Control And Data Acquisition) is an attempt to have both of these things in one package.
What Is A SCADA System?
This is basically a protocol that is used for industrial process management. Their purpose is to coordinate and control all the tasks that are done in that particular location. In some cases, they can be used to monitor many different locations in real-time. In fact, the ability of SCADA systems to efficiently monitor numerous locations over great distances is probably its main strength.
These systems have proven to be very efficient for use in a wide variety of industries. They allow for both direct control and automated management. Thus, the person in charge can choose exactly how automated or non-automated their processes will be. All networks that perform these functions are referred to as IC (industrial control), and all of them are quite similar. You might also choose to go with a PLC, DCS, or IACS system, and these will also have a specific set of strengths and weaknesses.
How Does A SCADA System Work?
It could be said that a SCADA system is divided into five different levels, with each one serving a specific purpose. At the top of the totem pole, you’ve got the main computer center that controls everything. Here, production is scheduled orders are given to all the other computers downstream. This is the one that is directly controlled by the boss.
The second level might be described as “upper-level management.” These are the coordinating computers that mainly act as monitors. The computers at this level do not have any real authority and cannot change much of anything. As such, they act as something of a security buffer between the first and second levels. Again, their main purpose is to monitor and catalog everything that happens on or to the network.
Next, you have the third level, which is the supervisory computers. Rather than acting as a “middle man” between two other sections, this one provides a direct interface for your floor supervisors. Thus, the people who actually manage your facilities and employees will have direct access to proper instructions at all times. This will include things like deadlines, production trends, relevant news, and all sorts of other things that your floor-level supervisors need to know and communicate.
The fourth level is probably the simplest, as it consists of the input/output devices at a specific location. This is what brings the network into the workplace and keeps it running smoothly. Any filtering or processing can be done here. Finally, you have the fifth level, which normally consists of terminals that any employee can access. Obviously, this level of access cannot be used to do anything really significant. From a security perspective, that’s how you want things to be.
How Long Has SCADA Been Around?
It might surprise you to know that the idea of SCADA has been around for longer than computers have been! This is a basic security concept, and thus, it can be applied in many different ways. When this system was first used in the 1960s, everything had to be done manually. You needed people to operate buttons and dials all day, which was effective, but also inefficient by today’s standards.
From the very beginning, industrial operations have needed a means of coordinating many processes at the same time. As you might imagine, that was very hard. As things got bigger and more complicated, there came to be an even greater need for remote industrial control systems. After being integrated with LAN systems starting in the 1990s, this framework became more popular and widespread than ever.
Are There Known Security Issues With SCADA?
Unfortunately, there seems to be a consensus on the fact that SCADA technology is a little bit more vulnerable than most. As you already know, this kind of system was designed long before the internet came along. As such, its designers probably didn’t realize just how many other systems would eventually be connected and involved.
SCADA was originally meant for the control of a single factory. Although it can certainly be expanded (and it has been), it was never meant to connect so many different computers at one time. Every one of those network connection points is like a door or a window…and cyber-attackers can potentially use any of them to get inside. Thus, you have a system with so many points of access that you could never hope to control all of them.
When an industrial process goes wrong, the consequences can be pretty disastrous. Imagine what could happen if a hacker took control of a nuclear uranium enrichment plant? Well, guess what? That actually happened! A piece of malware known as Stuxnet was used to infect the control computers at a uranium plant in Iran. While their government has not released any official death counts or damage figures, it is known that 984 centrifuges were destroyed, and we also know that the attack was carried out by a single employee with a portable USB drive.
SCADA systems are based on a good idea, so it’s not likely that they will go away anytime soon. In spite of their known security flaws, they still represent the most efficient way to control things on the shop floor. It is our hope that these systems will continue to develop until their inherent flaws are overcome, and we hope that this article will at least give you a better grasp of the situation. If you have enjoyed our work, and if you would like to learn a little bit more, please feel free to fill out the contact form below.