Connect with us

Hi, what are you looking for?



Putting SCADA Protection on the Radar

SCADA Security Systems

SCADA Networks are the Most Unprotected Networks of All and Now Attackers Have Them in Their Sights.

SCADA Security Systems

SCADA Networks are the Most Unprotected Networks of All and Now Attackers Have Them in Their Sights.

Recent high-profile compromises point to an urgent need to secure process control networks. Stuxnet, a purpose-built worm for attacking industrial control systems, led the way in showing just what can be done by a professional team. More recently, Duqu entered the threat landscape enabling attackers to steal data from manufacturers of industrial control systems and use that data to exploit entities using these systems.

Why are these networks under attack? Most large organizations are serious about security. They run specialized departments tasked with protecting two key networks: data center (servers) and office automation (workstations). These networks are essential for supporting the business processes throughout the organization. However a “third network,” the process control network, has yet to receive the same attention.

Often referred to as SCADA (supervisory control and data acquisition) networks due to their association with industrial processes, these networks connect equipment rather than computers and support systems rather than people. In sectors such as utilities, transportation, logistics, manufacturing and pharmaceuticals, these networks are critical to the operation of the organization. In utilities, they are so important as to be considered part of the national critical infrastructure. In logistics, they route millions of parcels a day. But in other companies this network operates behind the scenes, quietly mediating access to buildings, controlling heating and ventilation, elevators and data center cooling.

SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights. If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.

What makes these networks more vulnerable?

• Attacks are becoming more sophisticated as motives move away from amateur glory seeking, to politics in the form of ‘hactivism,’ espionage and nation-state aggression. Advanced persistent threats—the professionals—are driving a new level of stealthy and complex attacks that are difficult to discern let alone disarm.

Advertisement. Scroll to continue reading.

• Networks are becoming more connected as the business hungers for data to drive decision-making and suppliers Internet-enable everything in order to drive down support costs and increase customer retention.

• Designed in a different time, process control networks have been considered inherently safe and often do not include security basics. When released by systems vendors, patches are difficult to apply due to system availability requirements.

• The SCADA network is often ‘invisible’ and lacks the attention and investment to raise the level of security commensurate with increased threats.

• In most organizations process control engineers manage the process control network while the IT department runs the other networks. The two groups have separate mandates and priorities.

Given the typical separate of duties, when considering security solutions organizations should shift their “IT security” mindset to account for the unique requirements and priorities of process control engineers charged with managing the SCADA network. First, security tools should not interfere with closed loop processes that could pose a risk to control. Second, availability/uptime is the most important goal of the network. Third, regular password change policies could endanger a plant, locking engineers out of a system. And, fourth, security tools that require direct Internet access are not viable—many control networks are tightly firewalled from the Internet.

At the same time, process control networks have various areas of vulnerability that must be protected. The Human Machine Interface (HMI), process servers and historians are typically MS-Windows based and are potential entry points for any attacker coming in via the corporate network and using known exploits. The Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs) are often proprietary and require sophisticated knowledge of the control system in order to penetrate, as demonstrated by Stuxnet and Duqu.

The following guidelines should help organizations identify security solutions that respect the requirements and priorities of the process control network environment while enhancing protection. Specifically, organizations should consider solutions that can:

• Provide the flexibility to operate in passive mode or in-line without interrupting closed-loop processes, even in the event of a software, hardware or power failure

• Support a vast rule library and an open rule format in order to accept SCADA rule sets, rules provided by government agencies, other third-party rules and proprietary rules unique to an organization’s own network

• Control network usage by application, user and group as an ideal way of segregating control network zones for maximum flexibility

• Provide passive asset discovery, automatic impact assessment and rules tuning to take corrective action only on threats that are relevant to an organization’s specific network

• Offer centralized monitoring and management to unify critical network security functions, streamline administration and expedite response

Process control networks are mission critical and security is of paramount importance. Increasingly on the radar of sophisticated attackers, it’s time for the SCADA network to be on the radar of management and get the organizational attention, and protection, it deserves.

Related Reading: A New Cyber Security Model for SCADA

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.