Article Preview
Top2. It Security For Scada
SCADA consists of many IT components, viz. servers, networking systems, databases, web-servers, SCADA software, operating systems etc. The SCADA system is also interfaced with Programmable Logic Controllers (PLCs) and Remote Terminal Units (RTUs). The PLCs and RTUs are, in turn, connected to sensors and actuators. PLCs and RTUs are also IT components, albeit as special-purpose computers with special-purpose software. SCADA systems depend upon networking for communicating the data to various components. LAN/WAN technologies are used to interconnect these components within a location, or across multiple locations. Web-servers are often used to make SCADA accessible on the Internet.
For support and remote maintenance, remote access is also enabled.
The same security issues that affect IT systems in general also affect SCADA. Bugs are present in the SCADA system software; and new ones are being discovered on an ongoing basis. Since, the SCADA software runs on computers, the security issues of the underlying operating system and any other software on the computers also become relevant. The use of networking, together with its inherent weaknesses in the communication protocols, is also relevant for the security of SCADA. Since, SCADA systems are to be accessed by people, issues related to password security and access rights become important. In order to share and move information between systems, USB thumb-drives or other removable media may be used; however, these increase the chance of a virus infection.
Finally, the use of networking also means that all vulnerabilities can be exploited remotely, and local access to the SCADA system is not mandatory. The use of Internet connectivity means that potentially, any hacker in the world can attack the SCADA system. All the above factors combine to increase substantially the SCADA attack surface. Some of the attacks that a SCADA system can face include the following: