February 20, 2019
As a rule, Supervisory Control Data Acquisition Systems (SCADA) usually liaise with Industrial Control Systems (ICS) to equip manufacturers with necessary monitoring and analysis tools in real time. The SCADA systems were first established in the 1960s. However, it has been noted that this system is mostly unable to cope with the ever-increasing cybercriminal threat. The criminal elements quickly evolve new methods using modern technology.
What is SCADA?
These are networks that combine both hardware and software. They are used to control and monitor industrial processes. With these, manufacturers log data, access devices and monitor remote and local processes.
Here is what you need to about Risk Assessment to SCADA Systems:
Notably, the manufacturing industry needs to focus on specific vital processes. These include cataloging of assets, risk identification, analysis, mitigation, and tolerance, continuous monitoring and decision-making. However, manufacturing compliance relates to systems specific to an industry. It means that such activities must be singularly focused.
What differences exist between traditional IT security risk and SCADA? For one, financial loss can usually occur due to business disruption as a result of IT risk. Tragically, SCADA risk can lead to both losses of life and production. Cyber Criminals know that SCADA systems control critical infrastructure. They, therefore, usually target them more than ordinary business systems.
As a rule, SCADA outages are unacceptable. Due to their importance, they require quality assurance rather than infield beta testing. Manufacturers cannot also engage in direct, traditional upgrades due to the operating systems and software used. SCADA calls for strict security updates since it is a specialized system with a longer lifespan.
12 Steps to Analyzing Risks in Manufacturing Industry:
It’s easy to understand the risks posed by raw materials. Through testing, manufacturers easily determine the environmental impact of a given chemical compound. When looking at SCADA security, due diligence is vital. You need to assess the upstream and downstream supply chain risk. It can be especially tricky to secure the systems when they are outdated and unique cybercriminal targets.
Identify all SCADA Connections
For effective analysis, it is essential for you to review the risk and necessity of each SCADA connection as outlined below.
- Internal local area and wide area networks
- Public internet
- Wireless network devices, including satellites
- Modem connection
- Supply chain connections (business partners, vendors, regulatory agencies).
Isolate SCADA Network
Network connections to SCADA networks are risky. It is prudent that you limit access to business networks during data transfer. Demilitarizing zones or data warehouses may be used. To ensure greater security, manufacturers need to rethink configurations used.
Even after this, risks exist. Penetration tests and vulnerability management by manufacturers remain necessary. To maintain essential security, manufacturers need to carry out firewall implementation, security detection, and other endpoint control measures and intrusion detection systems (IDS).
Harden SCADA networks:
A great defense-line is to remove or disable unnecessary services. Remember, SCADA control servers depend on commercial operating systems. Smart Cybercriminals can access these. No service or feature should be enabled on the network without a risk assessment.
Manufacturers must configure servers and field services whenever third-party vendors need to be engaged to manage these systems. The information security risk is usually involved when relying on the vendor-supplied default configuration. It’s essential that you require such vendors to declare all weaknesses that can lead to the cyber event well beforehand.
Implement Device and Security Systems:
Better security features may obtain in newer SCADA systems. Vendors often disable these for easier installation. No in-built security is found in older SCADA systems. Manufacturers need to review security devices in existing systems to boost security.
Create Strong Authentication Measures:
Disabling inbound access to modems, wireless and wired networks usually secures vendor connections. You can do this to enhance security.
System logging, network monitoring, and daily log audit boost security. Continuous intrusion monitoring and response protocols for SCADA systems need to be used for better cybersecurity.
Other security tools must be employed by manufacturers to identify active services, patch level, and vulnerability. You especially need to prioritize alerts in your company to affect this.
Physical address aids cybercriminal operations. Manufacturers need to address physical security issues associated with SCADA connections. Cables, exploitable radio and microwave links, computer terminals, and wireless network access points are critical to this.
How can you use the information above to ensure manufacturing compliance?
Several factors can help you do so. First, ensure you analyze risk and properly document risk mitigation strategies. Also, employ efficient workflow tools to coordinate information and management of tasks. Prioritize the tasks from alerts to vendor reviews, so everyone knows exactly when to act. Finally, you can find the right product that gives you a proper audit trail mechanism.
About the Author
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.