Cybersecurity Report: SCADA System Threats and Mitigation Strategies
VerifiedAdded on 2022/07/28
|10
|1746
|26
Report
AI Summary
This report addresses the critical need for cybersecurity in SCADA (Supervisory Control and Data Acquisition) systems, particularly within water utilities. It begins by defining SCADA systems and highlighting their importance in controlling critical processes. The report then identifies various cyber thr...
Running head: CYBERSECURITY
Cybersecurity
Name of the Student
Name of the University
Author’s Note
Cybersecurity
Name of the Student
Name of the University
Author’s Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBERSECURITY 1
Executive Summary
This study identifies and discusses the countermeasures, which must have been implemented in
SCADA system of water utility for preventing the cyber attack. SCAD systems are quite
valuable because of the quality of control they offer in response to the certain critical conditions.
There can be multiple treats in the SCADA system such as malware, hackers and unaware
employee related to security can be the cause of risks to the system. This study identifies the
countermeasures for the water utility system. This study concludes that is very critical for
carrying out gap evaluation under industry regulations like compliance with SCADA rules.
Therefore, engage a committed support team from SCADA to will help the organization to
execute a detailed response strategy and use a smart, stable architecture.
Executive Summary
This study identifies and discusses the countermeasures, which must have been implemented in
SCADA system of water utility for preventing the cyber attack. SCAD systems are quite
valuable because of the quality of control they offer in response to the certain critical conditions.
There can be multiple treats in the SCADA system such as malware, hackers and unaware
employee related to security can be the cause of risks to the system. This study identifies the
countermeasures for the water utility system. This study concludes that is very critical for
carrying out gap evaluation under industry regulations like compliance with SCADA rules.
Therefore, engage a committed support team from SCADA to will help the organization to
execute a detailed response strategy and use a smart, stable architecture.
2CYBERSECURITY
Table of Contents
Introduction......................................................................................................................................3
Supervisory Control and Data Acquisition......................................................................................3
SCADA cyber security threats.........................................................................................................4
Countermeasures for preventing future cyber-attack......................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................8
Table of Contents
Introduction......................................................................................................................................3
Supervisory Control and Data Acquisition......................................................................................3
SCADA cyber security threats.........................................................................................................4
Countermeasures for preventing future cyber-attack......................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CYBERSECURITY
Introduction
Different types of threats are rising up on the regular basis in the digital world which is
powered by the social media networks, the cloud computing and multiple numbers of automated
processes. There is also a need to stay in touch with the ways for thwarting these cyber-attacks.
This is particularly the case for the SCADA (Supervisory Control and Data Acquisition) (Cruz et
al., 2016). The SCADA system is the integral component of activities on the water utility and
power grid operations. This study identifies and discusses the countermeasures, which must have
been implemented in SCADA system of water utility for preventing the cyber attack.
Supervisory Control and Data Acquisition
SCAD systems are quite valuable because of the quality of control they offer in response
to the certain critical conditions. They remove human error and they also simplify rising and
repetitive processes to improve efficiency and management. Because of the the critical nature of
the SCADA systems, several levels of protection needs to be implemented for protecting them
from intruders (Chen, Matthews & Tavner, 2015). Often the trusted insiders maliciously
circumvent certain numerous layers of protection. Protecting national infrastructure requires
several degrees of network security and adequate access controls. As stated in the case scenario,
the same employee was unable to reprogram the warning which notifies the operators of the
failure of the high-lift pump but also stopped others from accessing the SCADA network. This
may have been avoided if the administration needs independent authentication. Connection to
the critical alarm systems must be handled by a single person and various people should handle
connection to the critical system (Aborujilah et al., 2014). One of the conventional methods to
Introduction
Different types of threats are rising up on the regular basis in the digital world which is
powered by the social media networks, the cloud computing and multiple numbers of automated
processes. There is also a need to stay in touch with the ways for thwarting these cyber-attacks.
This is particularly the case for the SCADA (Supervisory Control and Data Acquisition) (Cruz et
al., 2016). The SCADA system is the integral component of activities on the water utility and
power grid operations. This study identifies and discusses the countermeasures, which must have
been implemented in SCADA system of water utility for preventing the cyber attack.
Supervisory Control and Data Acquisition
SCAD systems are quite valuable because of the quality of control they offer in response
to the certain critical conditions. They remove human error and they also simplify rising and
repetitive processes to improve efficiency and management. Because of the the critical nature of
the SCADA systems, several levels of protection needs to be implemented for protecting them
from intruders (Chen, Matthews & Tavner, 2015). Often the trusted insiders maliciously
circumvent certain numerous layers of protection. Protecting national infrastructure requires
several degrees of network security and adequate access controls. As stated in the case scenario,
the same employee was unable to reprogram the warning which notifies the operators of the
failure of the high-lift pump but also stopped others from accessing the SCADA network. This
may have been avoided if the administration needs independent authentication. Connection to
the critical alarm systems must be handled by a single person and various people should handle
connection to the critical system (Aborujilah et al., 2014). One of the conventional methods to
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CYBERSECURITY
separate the connections to different service operations is by implementing an internal firewall
that would limit the employee to the facilities that the employee is allowed to access on the
network. The factor can be accomplished while implementing the intrusion detection system for
preventing the internal attack.
SCADA cyber security threats
Control systems may face risks from various sources like hostile regimes,
government organizations, terrorist groups, unauthorized intruders, accidents as well as natural
disasters including accidental or destructive actions by insiders. Keeping in mind the following
risks and vulnerabilities is important for businesses:
Hackers: The common suspects behind cybercrime, hackers may be malicious people
and they focused on obtaining access to the infrastructure of the company so that personal data
can be obtained (Lamba et al., 2017). Hackers may retain confidential information or records or
may want to interfere with the business operations. Cybercriminals can be part of a government
cyber warfare plan by a nation.
Security unaware workers: Employees may make unintentional human mistakes. Poor
workplace training or carelessness is the typical offenders. Poor with limited training will add to
the SCADA cyber security vulnerabilities.
Malware: Malware is not usually used to damage SCADA networks but it also retains the
potential to affect the resources of a company by spyware as well as viruses.
Lack of maintenance of the hardware and software: Software and hardware get old and
companies need to upgrade their applications periodically.
separate the connections to different service operations is by implementing an internal firewall
that would limit the employee to the facilities that the employee is allowed to access on the
network. The factor can be accomplished while implementing the intrusion detection system for
preventing the internal attack.
SCADA cyber security threats
Control systems may face risks from various sources like hostile regimes,
government organizations, terrorist groups, unauthorized intruders, accidents as well as natural
disasters including accidental or destructive actions by insiders. Keeping in mind the following
risks and vulnerabilities is important for businesses:
Hackers: The common suspects behind cybercrime, hackers may be malicious people
and they focused on obtaining access to the infrastructure of the company so that personal data
can be obtained (Lamba et al., 2017). Hackers may retain confidential information or records or
may want to interfere with the business operations. Cybercriminals can be part of a government
cyber warfare plan by a nation.
Security unaware workers: Employees may make unintentional human mistakes. Poor
workplace training or carelessness is the typical offenders. Poor with limited training will add to
the SCADA cyber security vulnerabilities.
Malware: Malware is not usually used to damage SCADA networks but it also retains the
potential to affect the resources of a company by spyware as well as viruses.
Lack of maintenance of the hardware and software: Software and hardware get old and
companies need to upgrade their applications periodically.
5CYBERSECURITY
Some more risks and vulnerabilities can occur in the business are:
Blocked or interrupted information flow across ICS networks that can disrupt service of
ICS.
Unauthorized modifications to commands, instructions, or warning levels that could
damage, shut down or activate machinery, cause environmental effect and put human life
at risk (Nazir, Patel & Patel, 2017).
Incorrect information sent to the system operators, either to mask unwanted modifications
or to allow improper activities for being taken by the operators, which could have
numerous adverse consequences.
Changed ICS device or setup parameters, or malware-infected ICS software which may
have many negative effects
Countermeasures for preventing future cyber-attack
Followings can be some countermeasures for the SCADA system to prevent the cyber
attack in future.
Map all the current networks
The organization must create a report on the internal networks and internet anywhere the
system links to. Understanding the presence of the entry points will make it easier to track
possible access points for the cyber security threats (Cherdantseva et al., 2016). The map also
contains pieces of firmware, hardware, devices, and software, as well as the workers who have
access to the systems of the organization.
Implement the monitoring and identification systems
Some more risks and vulnerabilities can occur in the business are:
Blocked or interrupted information flow across ICS networks that can disrupt service of
ICS.
Unauthorized modifications to commands, instructions, or warning levels that could
damage, shut down or activate machinery, cause environmental effect and put human life
at risk (Nazir, Patel & Patel, 2017).
Incorrect information sent to the system operators, either to mask unwanted modifications
or to allow improper activities for being taken by the operators, which could have
numerous adverse consequences.
Changed ICS device or setup parameters, or malware-infected ICS software which may
have many negative effects
Countermeasures for preventing future cyber-attack
Followings can be some countermeasures for the SCADA system to prevent the cyber
attack in future.
Map all the current networks
The organization must create a report on the internal networks and internet anywhere the
system links to. Understanding the presence of the entry points will make it easier to track
possible access points for the cyber security threats (Cherdantseva et al., 2016). The map also
contains pieces of firmware, hardware, devices, and software, as well as the workers who have
access to the systems of the organization.
Implement the monitoring and identification systems
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CYBERSECURITY
Networks of SCADA are risky to the cyber-attacks as well as malware in place detection
and monitoring systems. The organization must try using SCADA security tools like security
monitoring to identify and resolve any potential threats as soon as possible, thus reducing the
amount of harm caused (Korman et al., 2017). Implement security controls like antivirus,
intrusion detection software as well as file integrity checking the software, where technologically
possible, for deterring, tracking, and minimizing the implementation, exposure as well
as proliferation of the malicious software to, inside and from the ICS. The employee should
monitor the remote access solution to prevent inappropriate network traffic and malware.
Provide authentication keys to the network
Safety requires tweaks and daily focus. The organization cannot set up a firewall, and
then expect it to disappear for years. The organization should Implement regular security audits,
generate security records, and develop standard procedures for workers to comply with. Risk
evaluations should be carried out on a continuous basis, with protective steps adjusted at the
ever-changing rate (Zhang, Xiang & Wang, 2014). The employee should prevent unwanted
access or changes to the device or system and its modules, disable redundant functionality and
address vulnerabilities. The employee should restrict the logical and physical access to the
network and should monitor all network operation for detecting all security threats and events.
Conclusion
This can be concluded from the study that it is very critical for carrying out gap
evaluation under industry regulations like compliance with SCADA rules. Therefore, engage a
committed support team from SCADA to will help the organization to execute a detailed
response strategy and use a smart, stable architecture. The company must be sure that the
Networks of SCADA are risky to the cyber-attacks as well as malware in place detection
and monitoring systems. The organization must try using SCADA security tools like security
monitoring to identify and resolve any potential threats as soon as possible, thus reducing the
amount of harm caused (Korman et al., 2017). Implement security controls like antivirus,
intrusion detection software as well as file integrity checking the software, where technologically
possible, for deterring, tracking, and minimizing the implementation, exposure as well
as proliferation of the malicious software to, inside and from the ICS. The employee should
monitor the remote access solution to prevent inappropriate network traffic and malware.
Provide authentication keys to the network
Safety requires tweaks and daily focus. The organization cannot set up a firewall, and
then expect it to disappear for years. The organization should Implement regular security audits,
generate security records, and develop standard procedures for workers to comply with. Risk
evaluations should be carried out on a continuous basis, with protective steps adjusted at the
ever-changing rate (Zhang, Xiang & Wang, 2014). The employee should prevent unwanted
access or changes to the device or system and its modules, disable redundant functionality and
address vulnerabilities. The employee should restrict the logical and physical access to the
network and should monitor all network operation for detecting all security threats and events.
Conclusion
This can be concluded from the study that it is very critical for carrying out gap
evaluation under industry regulations like compliance with SCADA rules. Therefore, engage a
committed support team from SCADA to will help the organization to execute a detailed
response strategy and use a smart, stable architecture. The company must be sure that the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CYBERSECURITY
vulnerabilities in the overall network are continuously assessed and tracked conducting risk
management, compliance monitoring, penetration checking, attack detection as well as
vulnerability scanning. Following the suggested countermeasures for preventing the cyber
security attack, the employee can prevent the future attack in the SCADA system very
effectively.
vulnerabilities in the overall network are continuously assessed and tracked conducting risk
management, compliance monitoring, penetration checking, attack detection as well as
vulnerability scanning. Following the suggested countermeasures for preventing the cyber
security attack, the employee can prevent the future attack in the SCADA system very
effectively.
8CYBERSECURITY
References
Aborujilah, A., Shahzad, A., Irfan, M., & Musa, S. (2014). A new cloud based supervisory
control and data acquisition implementation to enhance the level of security using
testbed.
Chen, B., Matthews, P. C., & Tavner, P. J. (2015). Automated on-line fault prognosis for wind
turbine pitch systems using supervisory control and data acquisition. IET Renewable
Power Generation, 9(5), 503-513.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, 1-27.
Cruz, T., Rosa, L., Proença, J., Maglaras, L., Aubigny, M., Lev, L., ... & Simoes, P. (2016). A
cybersecurity detection framework for supervisory control and data acquisition
systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246.
Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., & Lagerström, R. (2017,
April). Analyzing the effectiveness of attack countermeasures in a SCADA system.
In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart
Grids (pp. 73-78).
Lamba, A., Singh, S., Balvinder, S., Dutta, N., & Rela, S. (2017). Mitigating Cyber Security
Threats of Industrial Control Systems (Scada & Dcs). In 3rd International Conference on
Emerging Technologies in Engineering, Biomedical, Medical and Science (ETEBMS–
July 2017).
References
Aborujilah, A., Shahzad, A., Irfan, M., & Musa, S. (2014). A new cloud based supervisory
control and data acquisition implementation to enhance the level of security using
testbed.
Chen, B., Matthews, P. C., & Tavner, P. J. (2015). Automated on-line fault prognosis for wind
turbine pitch systems using supervisory control and data acquisition. IET Renewable
Power Generation, 9(5), 503-513.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016).
A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, 1-27.
Cruz, T., Rosa, L., Proença, J., Maglaras, L., Aubigny, M., Lev, L., ... & Simoes, P. (2016). A
cybersecurity detection framework for supervisory control and data acquisition
systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246.
Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A., & Lagerström, R. (2017,
April). Analyzing the effectiveness of attack countermeasures in a SCADA system.
In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart
Grids (pp. 73-78).
Lamba, A., Singh, S., Balvinder, S., Dutta, N., & Rela, S. (2017). Mitigating Cyber Security
Threats of Industrial Control Systems (Scada & Dcs). In 3rd International Conference on
Emerging Technologies in Engineering, Biomedical, Medical and Science (ETEBMS–
July 2017).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CYBERSECURITY
Nazir, S., Patel, S., & Patel, D. (2017). Assessing and augmenting SCADA cyber security: A
survey of techniques. Computers & Security, 70, 436-454.
Zhang, Y., Xiang, Y., & Wang, L. (2014, July). Reliability analysis of power grids with cyber
vulnerability in scada system. In 2014 IEEE PES General Meeting| Conference &
Exposition (pp. 1-5). IEEE.
Nazir, S., Patel, S., & Patel, D. (2017). Assessing and augmenting SCADA cyber security: A
survey of techniques. Computers & Security, 70, 436-454.
Zhang, Y., Xiang, Y., & Wang, L. (2014, July). Reliability analysis of power grids with cyber
vulnerability in scada system. In 2014 IEEE PES General Meeting| Conference &
Exposition (pp. 1-5). IEEE.
1 out of 10
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.