Protecting SCADA Networks in an Evolving Threat Landscape
As cyberattacks become more frequent and sophisticated, organizations with SCADA networks must periodically update their environments to stay secure amid a threat landscape that continues to shift and expand.
IN THIS ARTICLE
Overview of SCADA Network Security
Security Challenges for SCADA Networks
Best Practices for Upgrading SCADA Software and Systems
How CDW Can Help
Supervisory control and data acquisition networks play a crucial role in monitoring and managing physical assets, including critical infrastructure, across a variety of industries. The technology plays a big role for energy providers, oil and gas companies, and water and wastewater management organizations. Yet SCADA networks also are employed in other sectors that require the ability to monitor and control physical assets in real time.
Industries such as manufacturing, transportation and telecommunications and even smart cities have come to rely heavily on SCADA networks, which enable organizations to track and control critical infrastructure. Among other benefits, an effective SCADA network can help to:
- Improve operational efficiency
- Enhance process controls
- Boost safety
- Detect problems
- Ensure optimal performance
- Enable compliance with government regulations
- Enable data-driven decision-making based on up-to-the-minute information
Although SCADA networks are often considered “legacy” infrastructure, these systems have evolved substantially in recent years, and many now incorporate Internet of Things (IoT) and edge computing technology. This allows for greater connectivity, scalability and remote accessibility, which combine to enhance the capabilities and flexibility of SCADA systems. However, the integration of these newer technologies can also introduce new complexities and potential security risks.
In fact, despite their considerable benefits, SCADA networks have unique vulnerabilities that make them susceptible to cyberattacks. Simply by virtue of connecting operational technology, SCADA networks expose an entirely different attack surface from that of traditional IT networks. In some cases, hackers have leveraged intrusions into OT or IT systems to hop from one to the other. Not only do SCADA networks incorporate a delicate mix of interconnected devices, sensors and controllers but they also often rely on older systems and protocols that may use outdated security mechanisms or lack robust encryption.
Additionally, SCADA networks often operate in critical environments where disruptions can have severe consequences. This makes them attractive targets for various threat actors — including malicious insiders, hacktivists, cybercriminals and even state-sponsored entities — and makes the impact of a successful attack potentially disastrous. To defend against these evolving threats, organizations must adopt a proactive and multilayered approach to their SCADA network security.
Attractive Targets
Because SCADA networks often connect critical infrastructure, they can be targeted by malicious actors looking to create harm and score a financial windfall.
Unique Vulnerabilities
The advanced age of most SCADA networks, as well as their integration of sensors and physical devices, makes them susceptible to different types of cyberattacks than traditional networks.
Evolving Threats
New tools, services and training are needed to combat evolving cyberthreats to the IoT and edge computing systems on which modern SCADA networks rely.
In recent years, the consequences of successful cyberattacks have grown more severe, and it has become more difficult for organizations to protect themselves. Organizations that maintain SCADA networks face an additional set of challenges as they strive to keep their systems safe from attack.
LEGACY DESIGN
When many SCADA networks were originally built, they were designed to be closed networks, completely segregated from external connections and operating within a tightly controlled environment. However, with the rapid advancement of technology and the emergence of IoT and mobile devices, these previously closed networks have become increasingly connected, leading to a fundamental shift in the security landscape. This presents significant cybersecurity challenges for operators. Because modern SCADA environments connect OT and IT networks with one another, an intrusion into one network can be used to launch an attack on the other, which broadens the attack surface and increases the risks facing SCADA systems.
LACK OF SECURITY FEATURES
Compounding matters, many SCADA networks incorporate software and hardware that lack the security components and features needed to sufficiently defend against modern attacks, such as robust authentication systems, encryption protocols and intrusion detection capabilities. While a full upgrade of a SCADA network will significantly improve an organization’s cybersecurity posture, security teams may instead opt to implement individual solutions through a defense-in-depth approach focused on layered security measures. For instance, organizations might deploy network segmentation to isolate critical assets, employ firewalls to monitor and control network traffic, and use intrusion detection and prevention systems to identify and respond to threats.
INSUFFICIENT RESOURCES
Finally, a lack of resources can make it impossible for organizations to fully address the challenges above. This limitation can present itself in a number of ways. Some organizations may lack the funds to dedicate a substantial budget to updating their SCADA cybersecurity measures. Others may lack internal staffers capable of managing such an upgrade. Still others may simply lack the leadership buy-in necessary for the organization to dedicate significant time and money to an area that has been consistently deprioritized. Working with an external partner can help organizations solve these problems. While executives may be unsure that their internal teams are capable of handling a major SCADA security overhaul, a trusted partner can put together a detailed scope of work, manage implementation, and keep the project on time and under budget.
OT Security: By the Numbers
13%
Just 13 percent of OT security professionals have achieved centralized visibility into all of their organizations’ OT activities.
93%
Ninety-three percent of organizations experienced an intrusion over the previous year, and 78 percent experienced three or more.
21%
Investments in OT security are projected to have a compound annual growth rate of 21 percent per year through 2027, more than the 16 percent projected CAGR for all cybersecurity investments.
15%
Only 15 percent of global OT security professionals say that their organizations’ CISOs are responsible for OT security.
13%
Just 13 percent of organizations use security incident response time as their top measure of success for OT leaders.
67%
Sixty-seven percent of global OT security professionals say they are more concerned about ransomware than other types of intrusions.
Source: Fortinet, 2022 State of Operational Technology and Cybersecurity Report, June 2022
The overall cybersecurity landscape has shifted dramatically in recent years, with security professionals reporting an increase in both the volume and sophistication of threats facing their organizations. This means that those launching attacks on SCADA networks are almost certainly leveraging techniques and tools that are more advanced than the ones available when these networks were set up. In particular, the emergence of advanced persistent threats and the increasing prevalence of ransomware and industrial espionage pose substantial risks to SCADA networks.
To defend against these evolving threats, organizations must adopt a proactive and multilayered approach to their SCADA network security. This includes:
- Regular risk assessments and vulnerability scanning
- Robust access controls and user authentication mechanisms
- Secure network segmentation
- Real-time network traffic monitoring
Additionally, organizations should prioritize regular patching and updating of SCADA systems and conduct ongoing security awareness training for their employees.
All organizations should take these common considerations into account when updating and upgrading software and hardware to adapt to modern cybersecurity needs.
ASSESSMENT
Before planning any major changes to a cybersecurity strategy, leaders must learn where their organizations currently stand through an engagement such as a gap analysis. In a 2022 Fortinet report, 17 percent of global OT security professionals said that security analysis, monitoring and assessment tools were the single most important solution for cybersecurity. Twelve percent rated vulnerability assessment and management scanning as most important.
TESTING
It is also important for organizations to test their SCADA security systems against simulated real-world threats. Through penetration testing or red team exercises, leaders can better understand just how vulnerable their systems are and how much damage can be inflicted by a determined, sophisticated attacker.
MONITORING
Effective real-time monitoring is a hallmark of any comprehensive cybersecurity strategy. According to Fortinet, top-tier organizations (those that reported zero intrusions over the previous year) are
32 percent more likely than bottom-tier organizations to monitor and track OT security through security operations centers.
DETECTION AND RESPONSE
It is critical that organizations adopt detection and response tools and implement and manage them appropriately. Too often, organizations either put tools in detection-only mode or get rid of them entirely due to alert fatigue, accidental blocking of legitimate users or performance degradation.
RECOVERY
When a breach occurs, business continuity and disaster recovery suddenly become mission-critical concerns. Many organizations rely on trusted outside partners for services that improve their BC and DR postures, not only through sophisticated data backup architectures but also via comprehensive recovery playbooks that outline the exact steps an organization should take in the event of a successful attack.
DATA GOVERNANCE
Effective data governance solutions can help organizations better organize, manage and protect sensitive information, leading to automated audits, streamlined data capture and improved workflows. When leveraged effectively, SCADA data from utility organizations can help leaders make better decisions and prioritize maintenance projects.
COMPLIANCE AND AUDITING
Many organizations operating SCADA systems must comply with additional data safety regulations, such as those issued by the North American Electric Reliability Corporation. It is important for organizations to set up processes and procedures to ensure ongoing compliance.
STATE LICENSING REQUIREMENTS
Data safety regulations are sometimes incorporated into state licensing requirements for energy providers, water companies and other utilities. While these will vary among regions, it is important for leaders to have a thorough understanding of any effects that cybersecurity may have on their state licensing process and to proactively adopt solutions and processes to address them.
Threats from All Sides
The unique nature of SCADA networks has made them a target for attack by a number of potential sources, including employees, malware, hackers and terrorists.
SCADA networks are an attractive target for terrorists or hostile nation-states. These actors recognize the critical importance of infrastructure and may seek to exploit vulnerabilities for strategic purposes.
Internal users can pose a risk to SCADA networks, either through inadvertent actions (such as clicking on phishing emails or failing to follow established security protocols) or due to malicious intent.
The proliferation of increasingly sophisticated malware presents a serious risk to SCADA networks. Threats such as ransomware, Trojans and worms can cause significant damage and disruption, including operational outages and data breaches.
Hackers can employ advanced techniques to manipulate critical infrastructure operations or steal valuable data — leading to financial losses, service disruptions or threats to public safety.
Many organizations turn to a trusted third-party partner for help devising and implementing effective SCADA security strategies. CDW’s solution architects have decades of experience helping energy and utility companies — as well as organizations across industries — to design, deploy and manage security solutions for OT infrastructure.
Risk Assessment and Gap Analysis
By working with a partner such as CDW to conduct a security assessment of their SCADA systems, leaders can attain a clear understanding of their vulnerabilities, remove blind spots and reveal new opportunities to improve their security posture. A thorough assessment process often will include a physical security audit, a risk analysis of network-connected applications, a standards-based operational framework gap analysis and a compliance assessment. It may also include an evaluation of the working relationship between IT and OT teams, and of routine processes such as patch management.
Vulnerability Management Planning
After assessment and testing, CDW’s experts can help organizations come up with comprehensive plans to address existing vulnerabilities and harden their systems against attack. Traditional vulnerability management platforms that conduct network scans can actually be a poor fit for SCADA networks, where connected equipment can react badly to a ping or a scan. In these instances, CDW will use a passive scanning system to detect which systems are talking to each other, which firmware versions different systems are running and what code they are running — without interfering with SCADA operations.
Design, Monitoring and Recovery
CDW’s experts provide vendor-agnostic advice about tools and best practices, and they also can implement new solutions on behalf of organizations. These tools and practices may include:
- Application control
- Password management
- Network access control
- Next-generation firewalls
- Multifactor authentication tools
- Security information and event management systems
Based on deep experience working with companies, CDW’s engineers can optimize advanced security features based on an organization’s specific needs.
For organizations that lack the internal staff to manage and monitor security solutions over time, CDW and its partners offer services to help manage their systems, stay vigilant and maintain compliance while easing the burden on their IT staff. Such services may include application monitoring and vulnerability management. By consistently monitoring applications, organizations can minimize the traffic running on their networks, preventing unwanted applications from being introduced.
Even the strongest systems are not enough on their own to prevent security breaches. Governance also is critical in helping to minimize risks associated with human error, insider threats and social engineering attacks. CDW can help organizations devise policies that will keep OT and IT networks safe, as well as incident response playbooks that can guide leaders through crucial steps in the event of a breach.
Story by Joel Vargas, Pedro Serrano
