 |
| SCADA – The Heart Of Distribution Management System (DMS) - On photo: Fima UAB - Dedicated control systems and SCADA (Supervisory Control and Data Acquisition) as well as DMS (Distribution Management System) type of systems are offered for electricity, water and gas supply companies, as well as telecommunication operators and manufacturing companies. |
IMPORTANT INFORMATION RELATED TO THE MINDANAO BLACKOUT THAT COULD POSSIBLY EXPLAIN IT. THE ENTIRE GRID IS AT RISK BECAUSE SABOTAGE FROM WITHIN IS QUITE PLAUSIBLE. MUST READ AND SHARE.
Supervisory Control And Data Acquisition (or SCADA) is a type of industrial control system (ICS) that is computer-controlled to monitor and control industrial processes in the physical world.
SCADA systems are significantly important systems used in national infrastructures such as electric grids, water supplies and pipelines.
However, SCADA systems may have security vulnerabilities, so the systems should be evaluated to identify risks and solutions implemented to mitigate those risks.
SECURITY ISSUES
SCADA systems that tie together decentralized facilities such as power, oil, and gas pipelines and water distribution and wastewater collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure.
The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems, office networks, and the Internet has made them more vulnerable to types of network attacks that are relatively common in computer security.
The security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to cyber attacks such as those used to control and monitor, e.g., the transmission of electricity, flows of gas and oil in pipelines, water distribution, traffic lights and other systems used by modern society.
A blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source.
There are many threat vectors to a modern SCADA system. One is the threat of unauthorized access to the control software, whether it be human access or changes induced intentionally or accidentally by virus infections and other software threats residing on the control host machine.
Another is the threat of packet access to the network segments hosting SCADA devices. In many cases, the control protocol lacks any form of cryptographic security, allowing an attacker to control a SCADA device by sending commands over a network.
SCADA users have assumed that having a VPN offered sufficient protection, unaware that security can be trivially bypassed with physical access to SCADA-related network jacks and switches.
SCADA systems are vulnerable to EMP insult. The large numbers and widespread reliance on such systems by all of the Nation’s critical infrastructures represent a systemic threat to their continued operation following an EMP event.
Additionally, the necessity to reboot, repair, or replace large numbers of geographically widely dispersed systems will considerably impede the Nation’s recovery from such an assault.
In electric and gas utility SCADA systems, the vulnerability of the large installed base of wired and wireless serial communications links is addressed in some cases by applying bump-in-the-wire devices that employ authentication and Advanced Encryption Standard encryption rather than replacing all existing nodes.
In June 2010, anti-virus security company VirusBlokAda reported the first detection of malware that attacks SCADA systems (Siemens' WinCC/PCS 7 systems) running on Windows operating systems.
The malware is called Stuxnet and uses four zero-day attacks to install a rootkit which in turn logs into the SCADA's database and steals design and control files.
The malware is also capable of changing the control system and hiding those changes. The malware was found on 14 systems, the majority of which were located in Iran.
In October 2013 National Geographic released a docudrama titled, "American Blackout" which dealt with a large scale cyber attack on SCADA and the United State's electrical grid."
No comments:
Post a Comment