Introduction
With the developing technology, SCADA systems are frequently used in electricity, natural gas, water, transportation, pharmaceutical and chemical industry, paper industry, food and beverage industry, briefly in the production industry. These systems, which are very important in terms of the frequency of use and the continued operation of the production industry, have been the target of cyber attacks.
In attacks on SCADA systems, attackers can gain unauthorized access, and they can change and disrupt the operation and function of SCADA systems with different interventions.
Let’s examine SCADA Systems and Security in detail.
What is SCADA System?
The term SCADA consists of the first letters of the English words “Supervisory Control and Data Acquisition”. SCADA systems were first used in the 1960s, it is now a system used in almost all industrial facilities and production facilities. SCADA, which stands for Central Control and Data Collection System, is a system that performs the task of controlling, monitoring and storing historical data of all units through devices such as central computer, mobile phone or tablet. With network connections provided using a single device, control and monitoring can be done with more than one computer and portable device.
In short, SCADA is the general name of a system that can be controlled and controlled from computers, communication devices, sensors or other devices, which are remote control and observation systems.
Usage Areas of SCADA Systems
- Water Systems
- Wastewater Systems
- Electricity Generation, Transmission and Distribution Systems
- Oil and Gas Systems
- Food Production Systems
- Air pollution control
- Traffic control
- Automotive industry
- Chemical industry
- Building automation
- Process facilities
The Importance of SCADA Systems
SCADA systems are an indispensable component of the industry, the most important feature of which is automation. It allows an organization to scrutinize and predict the most appropriate solution to existing conditions. These answers are automatically executed each time, ensuring continuity in the system. Relying on machine control to monitor processes in the system virtually eliminates human error. More importantly, it increases productivity by automating common, tedious, routine tasks once performed by a human. It isolates the management of critical machine failures in real time and minimizes the possibility of controllable environmental disaster.
In addition, SCADA systems are critical as they make operability continuous by providing convenience in situations where the organization does not have enough manpower to perform infrastructure control and monitoring actions.
SCADA Attacks in the Past
Every business or institution that deals with SCADA systems, from small businesses to large enterprises, is a critical target in attacks against SCADA systems. The attack will have a significant impact and damage on both the economy and society.
The hazard elements for SCADA systems are listed below.
Hacker: Malicious individuals or groups have the potential to bring the SCADA network to a standstill. By gaining access to critical SCADA components, hackers can launch attacks that can lead to cyber warfare causing service disruptions.
Malware: Malware such as viruses, spyware, and ransomware can put SCADA systems at risk.
Employees: Internal threats can be just as devastating as external threats. SCADA security can also occur as a result of human errors or as a result of an employee who is dissatisfied with the organization, he works for deliberately trying to sabotage the system.
Below are some SCADA attacks in the past, you can review them.
-
Stuxnet
Stuxnet is a type of wormware that emerged in 2010, thought to be behind the US and Israel, and is used to disrupt Iran’s nuclear work. This worm software has affected other countries, even the USA, along with Iran. However, Iran was the most affected by this attack.
Stuxnet, which is the wake-up call for SCADA systems in the world, is considered the first known threat to target SCAD systems.
Stuxnet consists of three phases; Prevent Stuxnet from being detected by creating a worm that executes all procedures related to the main payload function of the attack, a link file that automatically runs replicated copies of the worm, and a rootkit component responsible for hiding all malicious files and processes.
Stuxnet is usually infected to the target environment via an infected USB flash drive. The worm then spreads over the network and the Siemens Step7 software is scanned on the computers controlling the PLC. If it cannot spread over the network and cannot find the Step7 software on the computer controlling the PLC, Stuxnet cannot ensure its persistence in the computer. If both conditions are met, Stuxnet injects the infected rootkit into the PLC and Step7 software and modifies the codes and returns normal system values to the users by issuing unexpected commands to the PLC.
-
BlackEnergy3
Blackenergy3 is malware designed to target Ukraine’s electrical system in 2014. Blackergy3 was originally a DDoS attack malware, then the attacker redesigned the malware to gain access to Ukraine-based systems.
BlackEnergy 3 was Microsoft Office malware that exploited an existing vulnerability in OLE wrapper 2 (CVE-2014-4114) in Microsoft Office 2013. Microsoft has classified this vulnerability as MS14-060.
The attack was used to disrupt the Human Machine Interface (HMI) and then take control of the electrical grid. During Russia's operation in eastern Ukraine, the attackers cut off most of Ukraine's electricity.
Cyber Security in SCADA Systems
SCADA security is a broad term used to describe the protection of SCADA networks. This system; Networks consist of computer hardware and applications. It is used to control and monitor vital infrastructure in countries.
Due to the critical role of SCADA networks, various measures are taken by government and private companies to ensure the security of these systems.
SCADA security is a term that describes measures taken to protect SCADA networks and discuss vulnerabilities (i.e. common SCADA security issues).
General headings are listed below to ensure security for SCADA systems and to be prepared for possible threats.
-
Map All Existing Systems
Anywhere your system connects to the Internet and internal networks should be documented. Every piece of hardware, software, and application must be part of a map of the overall SCADA network. Anyone who has access to the software, hardware and applications in this system infrastructure should also be documented. The documents created should be constantly monitored and kept up to date.
Knowing all data entry and exit points is essential to identify potential access points for malware and hackers.
-
Institute Monitoring and Detection
Many SCADA networks still do not have the necessary monitoring and detection systems. Because of this shortcoming, the system is incredibly vulnerable to attacks and malware.
Once all connections and devices in the system infrastructure have been documented, monitoring and detection is the next crucial step.
-
Precautions for Network Security
Security controls, report monitoring, and standard protocols must be installed and used by anyone with access to the SCADA network. Vulnerability and risk assessments must be adapted to the ever-changing threat landscape and must be performed continuously for rapid detection of vulnerabilities.
As a result;
SCADA systems are responsible for controlling many critical services that modern society actively uses, including electrical power distribution, water treatment, natural gas and oil pipelines, hydroelectric dams, traffic lights, train switching systems and building controls.
The critical importance of the SCADA system indicates that it will be the target of aggressive cyber attacks.
While SCADA / ICS systems constitute the most important structure of the country’s economies, they are also the structures where cyber security is the weakest. We can say that in any cold conflict, aggressors will definitely be the first target. By damaging industrial enterprises, attackers may aim to disrupt the target country’s economy and initiate an active Cyber War.
Although most of the SCADA attacks that took place are not fully explained, there are attacks in the past that pose a great threat as we mentioned above.
The security of SCADA systems is very critical, especially at this time when cyber security comes to the fore. Based on what has been said, we can say that the tests of the systems should be carried out regularly and they should be followed with awareness.
We must keep our critical systems that provide work automation secure by keeping systems and studies up-to-date.
