Supervisory Control And Data Acquisition (SCADA) have equiped our industries for decades, without really worrying about their vulnerability. But the recent cases such as DuQu (see more) put the light on the security issues of these systems. As a matter of fact, if the SCADA systems have not really evolved since they appeared, the IT environment has entered a new era, especially in terms of security. Fortunately, different best practices can reduce their vulnerability and improve SCADA networks security.
Protect a SCADA network from the internet threats
SCADA systems are not prevented from the internet threats. If they are not directly exposed to the web, the presence of managed services to operate the system involves automatically a web environment. Consequently, if the connexion is not secured, worms can enter the system through the breach.
To overcome this situation, it is recommended to use a mapping tool to investigate the SCADA network connectivity It is important to make sure that the tools used to do so are compliant with the use in SCADA environment unless it can knock down some SCADA components.
Secure your desktop environmnent
Today’s SCADA systems widely use operating systems and browsers that are used in desktop environments. It is easy for hackers to create exploits to propagate their worms. The solution is rather easy but as simple as it is, it needs to be done. A scan of your IT and SCADA networks will show the vulnerabilities. Simple patch them rapidly.
The non-patched question
A large number of SCADA systems have not had their OS patched for a long time. Unfortunately, their is very few literature and assistance from SCADA vendors regarding this question. We recommend to ask your SCADA vendor to clearly provide a step by step guidance for patching the OS underlying your system.
Very frequently, « data presentation and control » software has a very basic authentification and authorization. A hacker can very easily crack it and penetrate a SCADA environment. We recommended to configure the authentication per user and to use authorization and loggign controls. A token based authentication can be added.
The datacommunication threat
SCADA protocols were created before the internet era and are not adapted to the web environment. It is almost impossible to manipulate these « old » protocols and upgrading them may requied to invest in new components. The best solution is to identify of you are using the latest protocols or not. If you do, just make sure that they are configured to use the new features. It you don’t and if upgrades are not available, evaluate if there is a way to use a secure channel for communication.
Assess remote sites connected to the SCADA network
Any location that is connected to the SCADA network is a potential target for attacks. The solution is to conduct a physical security survey and inventory access points at each facility that has a connection to the SCADA system. It is recommended to identify and assess any source of information including remote telephone, computer network, etc. that could be tapped, as well as radio and microwave links that are exploitable, computer terminals that could be accessed and wireless local area network access points. Furthermore, all single points of failure should be identified and eliminated.
Involve top management
Top management should establish clear directions regarding its expectations in terms of cyber security performance. It is crucial to communicate them to their co-workers throughout the organization. It is also essential to provide a structure for implementing a cyber security program. It is recommended to empower individuals so they are held responsible for their performances related to cyber security, including IT managers, system administrators, technicians and users.
Nellsoft can help you secure your SCADA systems and help you prevent your organisation from external attacks. If you are a SCADA administrator, please contact our team, we’d be please to assist you with the securisation of your network.
« Pentest, a critical tool for IT system hacking assessment