What is SCADA?
- January 23, 2020
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Hacking, Industrial Control System Security, Posts with image, Power Grid, Power Grid
We’re answering your question, “What is SCADA?”
It stands for “supervisory control and data acquisition.”
But what does it actually do — and why do you care?
SCADA in Space
You’d have a tough time living and working on a space station without SCADA.
SCADA is a computer system that runs industrial machines, like the heating unit, to keep you from freezing in space.
The oxygen supply to help you breathe. The hatch doors to let you in and out.
SCADA collects data from different parts of the system and funnels it to your screen so you can monitor and control what’s going on.
Oxygen low? SCADA can send you an alert.
Space station fuel near empty? SCADA’s on top of it.
Then you can fix the problem, sometimes with just the touch of a screen.
It’s not just space stations.
You rely on SCADA for many things — water, electricity, gas and traffic lights. You’ll find SCADA in factories, power plants, airports and office buildings, too.
SCADA at Risk
But there’s a problem. SCADA was not necessarily designed to be secure.
Without protection, cyber attackers can get in and mess with the important things you depend on, including big equipment and power plants — and can hurt or even kill people at work or nearby.
In 2015 and ’16, attackers took over the SCADA in a power system in Ukraine and shut off electricity in winter.
Now, many companies are working harder to protect their supervisory control and data acquisition systems, so the “data” they “acquire” is real — not fake data from a cyber invader trying to manipulate the critical infrastructure serving millions of people.
How do you protect your SCADA?
In the past, some people using SCADA systems thought that no one would bother hacking them because it was too difficult or specialized, or that air-gapping their systems would solve the problem.
But events have shown otherwise.
Air gaps can be jumped. And nation-stations are already infiltrating each other’s critical infrastructure.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned the country in March 2018 that Russian government cyber attackers were targeting industrial control systems and SCADA infrastructure in the areas of energy, nuclear, commercial facilities, water, aviation, and critical manufacturing.
The warning said attackers did a multi-stage attack, including gaining remote access into energy sector networks, doing recon and collecting information on industrial control systems.
DHS recommends seven strategies to protect industrial control systems, which includes SCADA.
They include reducing your attack surface area by separating the industrial control system network from untrusted systems like the Internet, limiting remote access, implementing multi-factor authentication, and using good patch management.
See more “What is?” questions at Archer News:
Main image: LEGO factory. Image: LewisTsePuiLung/iStock