It is probable that few people have ever heard of the acronym “SCADA.” Yet Supervisory Control and Data Acquisition make our modern world functional. Scores of machines, tools, technologies, utilities, vehicles, et cetera rely on SCADA. SCADA vulnerabilities directly affect safety-critical systems and embedded software that maintain the everyday technologies we typically take for granted. A white paper published by Thales for the average, unaware consumer of the world concerning technologies relying on System Control and Data Acquisition, one of a variety of SCADA security solutions out there, goes into great detail explaining this challenge. The greatest threat of late is the lack of SCADA cyber security. Many of our technologies were developed before hacking became such a common and consequential threat to the viability of the systems upon which we rely daily.
Guide to Industrial Control Systems (ICS) Security, published by the National Institute of Standards and Technology (NIST), reiterates the pressing issue: “SCADA and industrial protocols, such as EtherNet/IP, Modbus/TCP, IEC 61850, ICCP and DNP315, are critical for communications to most control devices. Unfortunately, many of these protocols were designed without security built in and typically don’t need any authentication execute commands on a remotely located control device. These protocols should only be allowed within the control network and not allowed to cross into the corporate network”(section 5.8.11). This is so alarming because of the implications. There is an enormous level of consequence for such a security breach. Since SCADA systems keep the technologies going that make readily available our most basic and necessary resources, hackers able to compromise those systems. They thereby compromise infrastructure. When these elements of infrastructure are compromised, our very way of life becomes threatened and under attack. Deception keeps industries lulled into a false sense of security. The physical machinery looks secure on the outside. There is little to no indication of malfunction. Everything seems well and in order. Current events and research, however, has shown that a compromised SCADA system could still be in play. Since repetition is the name of the game for these systems, a cyber security breach can cause untold damage, even to systems disconnected from the internet.
SCADA systems have taken a more central place in the conversation about national security in developed countries. American Blackout, a docudrama by National Geographic Explorer, is one example of how the world is raising awareness of this most crucial issue.