The term critical infrastructure is regularly a topic of discussion within the topic of cybersecurity. In the case of most critical infrastructure, there is a reliance on operational technology known as Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems. Operational technology is not a term that is familiar to many individuals, so a good definition of operational technology is a system that has limited computing power and is designed to perform a specific function with little or no physical access by humans.
ICS and SCADA systems are everywhere. These devices provide the ability to automate control over things like the temperature of an office building, or the time that lights should turn on automatically. ICS and SCADA devices also play an important role in the automation and control of critical infrastructure like power, water, and gas. These systems often have limited capabilities in updating the software due to the potential impact it could have on system function. This presents a specific challenge from the cybersecurity perspective. Many of the operational technology (OT) systems connect to a control computer that may be running an obsolete operating system. Thryft (2018) shared that three quarters of the control computers ran obsolete versions of Microsoft Windows.
This obviously raises a certain level of concern about the security of our ICS and SCADA systems. Given open source and internet-based tools that can enable hackers to discover ICS devices that are not secure, the need for adequate ICS and SCADA security becomes apparent. Unlike traditional information technology systems, OT must have a different approach leveraged to effectively secure the devices. It is necessary that these devices receive proper security but must also properly function which presents unique challenges to the device operators. Resources such as the Department of Homeland Security and the ICS-CERT provide operators the ability to learn more about securing ICS and SCADA devices and also alerting them of known vulnerabilities. Additionally, having a cybersecurity engineering firm to support the efforts provides benefit to the various critical infrastructure areas and can ensure that the systems are configured in a way that prevents attackers from using the ICS or SCADA system as a pivot point to gain additional access to the network. If you need additional information about SCADA and ICS feel free to contact Cyber Strike Solutions, LLC for assistance.
Thryft, A. R. (2018, April 02). What’s Needed to Secure the Industrial IoT. Retrieved from https://www.eetimes.com/document.asp?doc_id=1333145