SCADA systems and their vulnerabilities
If anything goes wrong with them, the consequences can be great and can affect thousands upon thousands people.
This is exactly the reason why their vulnerabilities represent such a big concern.
But before we continue with vulnerabilities, let us look at Scada itself.
What is a SCADA system?
Scada or supervisory control and data acquisition system was created to provide a high-level supervisory management using not only computers and graphical user interfaces but also programmable logic controllers and discrete PID controllers within a plant.
It was deliberately created to be open and easily operated, so that it could be easily repaired as well.
This possibility of Scada systems to be “open” is precisely the reason why it now experiences so many vulnerabilities.
hey are vulnerable to common cyber attacks and allow attackers to takeover advanced production systems running SCADA.
Your thermostat is something that you have a control over and is not easily accessible to anyone to temper with it, i.e. you keep your door locked.
Let’s now assume that you added a wireless element to your thermostat so that you could control it using your computer, which is quite convenient as it allows you to control your thermostat not only when you are at home but when you are, let’s say, at work.
This wireless element to an otherwise offline system has exposed your thermostat to all sorts of attacks.
Namely, as it is wireless, there is a chance for someone else to take control over your thermostat, turning the heat off when you least expect it, or when you are not at home, so that you end up with frozen pipes in the middle of winter and with a huge bill from a plumber.
All they need is a laptop and your network address.
The study showed just how easy it is for a cyber criminal to target these open VSATs, and through them, the entire Scada system.
Let’s now look at some of the vulnerabilities that Scada systems have.
Common SCADA System Vulnerabilities
The main reason why Scada systems are so prone to vulnerabilities is a lack of monitoring.
As most Scada systems lack an active network system, they often fail to detect suspicious activities or to provide a proper reaction when a cyber attack does happen.
As systems become more and more advanced, they develop more vulnerabilities. In order to keep everything under control, consistent updates of both hardware and software need to be conducted, which can be inconvenient, especially when there is no proper system in place. This is why updates are often overlooked.
This shows a lack of knowledge about devices that can be paired with Scada systems, as it is assumed that all devices have equal reporting capabilities.