Seven years ago the FBI disclosed SCADA attacks in three US cities and from then the number of attacks has grown. This alarming growth rate following the attack seemed to submerge but there was a big incident in 2018 that targeted the GCHQ in the UK in an attempt to gain access to the UK energy sector. Such a report showed that it’s likely the perpetrators were able to gain entry. So what does this mean to us sitting at home wondering what SCADA is designed for?
The first thing to understand is that SCADA is short(acronym) for supervisory control and data acquisition. Generally speaking, the purpose is to control and operate industrial plant and monitor core systems and it could relate to gas or telecommunications such as VoIP phones – yes that does mean a hand in 4g coverage as well as the 5g thats coming after Brexit to the whole of the UK. Could you imagine picking up your shiny iPhone 11 Max Pro to find out you have no signal? And it doesn’t matter how good your phone is, no signal means lights out. This is in fact an extremely shortened version of what SCADA is but to give you an idea how powerful the systems are they can literally change the PH and chlorine levels in water it could even result in you not being able to use your phone.
Strangely enough, that’s exactly what happened in 2016 with the Rye Brooke, New York Dam Attack where hackers were successfully allowed to gain access. With a little knowledge and knowhow researchers could actually change the Chlorine levels in your water. A mind boggling and scary prospect which requires clearly securing and monitoring at all levels and patches where necessary to ensure problems do not resurface.
Scada systems are used to monitor other physical things and processes too. This can be the transfer of electricity, gas, oil, water, and even your traffic lights. These are all systems that we rely on in everyday life. The security of SCADA is paramount because without these basic everyday functions being monitored and kept working, it would impact on the way we live and society drastically. Could you imagine having no electric or heading to the petrol station to find you have no fuel. This could be a reality without a highly secure SCADA system. For a start there’s the inconvenience and then after that you start to think about the financial implications of this.
Threats don’t have to come in the form of software either. It was worked out that an attack from EMP (Electromagnetic Pulse) was a genuine threat and needed to be carefully assessed.
Sellers of SCADA have thought back though. Many Vendors have worked out firewall and VPN solutions that are highly specialised to monitor SCADA and risks from potential hackers or intruders in the system.
As we move into 2020 the noise around SCADA attacks has dispersed somewhat but critical software failure that would impact our day to day lives should not be forgotten.