Effectiveness of SCADA System Security Used Within Critical Infrastructure

TL;DR

This paper examines the security challenges of SCADA systems in critical infrastructure, highlighting that increased interconnectivity raises risks but isolated systems also face vulnerabilities due to internal controller and protocol issues.

Contribution

It provides an analysis of global SCADA attacks, emphasizing that both interconnected and isolated systems are vulnerable due to internal security flaws.

Findings

Interconnectivity increases security risks in SCADA systems.

Isolated critical infrastructures remain vulnerable internally.

Major incidents in Iran and Ukraine illustrate these vulnerabilities.

Abstract

Since the 1960s Supervisory Control and Data Acquisition (SCADA) systems have been used within industry. Referred to as critical infrastructure (CI), key installations such as power stations, water treatment and energy grids are controlled using SCADA. Existing literature reveals inherent security risks to CI and suggests this stems from the rise of interconnected networks, leading to the hypothesis that the rise of interconnectivity between corporate networks and SCADA system networks pose security risks to CI. The results from studies into previous global attacks involving SCADA and CI, with focus on two highly serious incidents in Iran and Ukraine, reveal that although interconnectivity is a major factor, isolated CIs are still highly vulnerable to attack due to risks within the SCADA controllers and protocols.