What is the #1 way to ensure a secure SCADA system? Utilize mitigation techniques! Thankfully, tailored techniques exist to counter each and every type of attack. Keep reading to discover what they are!
Is security a necessary consideration when creating SCADA systems?
Supervisory Control and Data Acquisition (SCADA) systems are used to control, monitor and analyze practically every industrial process in society. These industrial control systems (ICS) help our daily lives flow smoothly. Petrochemicals, water, manufacture, utility systems and much more rely upon the relationship between ICS and SCADA systems. In other words, our entire infrastructure depends upon ICS and SCADA systems. When considering the prevalence of hacks and attacks upon today’s infrastructure, creating secure SCADA systems is no longer novel, but necessary.
What are these “mitigation techniques,” and how do they stop attacks?
Beyond reducing risk, security systems are designed with mitigation techniques tailored to counter every type of attack. Whether an outside source seeks to gain intelligence, access a system, or utilize other attack venues, hacking has met its match.
One of the most basic mitigation techniques is password defense. This technique comes in handy when countering dictionary and brute force attacks. Using strong passwords and remembering to change factory default passwords thwart malicious missions in their tracks. Sounds simple enough; however, studies reveal hacking is often linked to unchanged factory default passwords.
What makes a “strong” password?
Why, that’s, “El3m3nt@ry, my d3@r W@t$on!”
As exemplified, include numbers, symbols and alternate case letters to decrease the chances of a dictionary or brute force attack.
Similarly, brute force can easily be subverted by choosing uncommon PIN combinations. For example, “3159” would be more difficult for an algorithm to discover than something basic, like “0044” or “2580” (this latter being consecutive, vertical keys upon a keypad).
Authentication serves data modification and data injection defenses, as well as man-in-the-middle attacks. To animate the former, one authentication method found in IPsec is the Hash-based Message Authentication Code (HMAC). Using a key and hash function, a message authentication code generates. The data’s authenticity and integrity is then verified by an HMAC. The contents of the data determine the authentication code. Hence, if the data has changed, then the authentication code doesn’t line up from source to destination, alarming that the data is not authentic.
Firewalls are yet another common mitigation technique. Firewalls permit or prohibit traffic to IEDs (Intelligent Electronic Devices), relays, and more. A firewall uses a set of rules to analyze packets, determining if data is allowed to transfer to the device. Many different firewalls exist.
When passwords are intercepted or data transmission replayed, this is considered a replay attack. How to mitigate? IPsec offers a solution. A sequence number is increased with each sent packet. Hence, any message apprehended with a non-sequential number is dismissed.
Telephone communication is typically established over infrastructure (which isn’t under the utility’s control). That is because phone circuits are usually offered by local phone companies. This runs the risk of unauthorized access via war-dialing software. Hence, modems are easily identified by hackers. Though war-dialing prevention is not possible, disconnecting modems when not in use is a profoundly effective protective measure.
Calling an operations center to request modem access, whitelisting inbound numbers and enabling call-back features also enhance dial-in security.
Further, Ethernet is on the rise as systems such as Synchronous Optical Network (SONET) emerge. This is a movement within utility companies to provide virtual private networks (VPNs) for their customers.
Some mitigation techniques require a team. This includes a Distributed Denial-of-Service (DDoS) attack. A DDoS attack takes teamwork because traffic overwhelms from several devices. Typical denial-of-service attacks simply require a filter and rejection of the source IP address.
While mitigation techniques are necessary, equally important is vulnerability awareness and maintenance. Computer systems, particularly, are at high risk because they potentially manage equipment. Hence, discovering vulnerabilities is a constant quest; and, in response, patches are issued.
Cyberattacks typically target known vulnerabilities. In recent years, patches often existed for vulnerable areas prior to cyberattack outbreaks. From this is learned that periodic inventory of all computers on a system can prevent the exploitation of an unpatched device. Potential vulnerabilities are easily mended by automated patch-management tools.
Encryption is a mitigation back-up plan. When other mitigation protocols aren’t provided, this secure wrapper is used to encapsulate communication. Additional action, such as placing an encryption wrapper around serial protocols, protects non-secure systems.
What role does Network Intrusion Detection play in security systems?
IDS plays a crucial role in security systems. Network intrusion detection systems perceive intruders. Furthermore, IDS monitors outgoing and incoming communication on a network between devices. Even more, it records. IDS records vast amounts of information: from OS fingerprinting and port scans, to unauthorized access and other attack techniques.
An indispensable asset, IDS even detects policy violations.
This is vital, because vulnerability sometimes stems from scenarios other than malice. Mistakes happen. Opening a system for repair, for example, can leave it vulnerable long after the repair-tech is gone. IDS detects such policy violations.
Noting a final performance point, IDS can also scrutinize traffic on ICS or SCADA networks according to a predefined rule. A rule-based IDS inspects packets and offers alerts according to instructions contained within the rule.
The good guys know this, and the bad guys know this.
Protecting physical assets and mitigating the threat of availability loss is crucial to our society and its economy.
Therefore, SCADA and security must ever be synonymous.
Worried that your SCADA system isn't as secure as it could be? Contact us below to check for you!