Introduction
Industrial control system (ICS) including its components (SCADA, PLCs, and RTUs etc.) are typically used in industries such as electrical, water and wastewater, oil and natural gas, chemical, transportation, pharmaceutical, pulp and paper, food and beverage etc.
SCADA (Supervisory Control and Data Acquisition) generally refers to an industrial control system for a given process. These processes are often of mission critical nature and usually exist as of industrial, infrastructure or facility-based nature
Challenges and threats to ICS systems
ICS systems were originally designed to meet performance, reliability, safety, and flexibility requirements. In most cases, they were physically isolated from outside networks and based on proprietary hardware, software, and communication protocols that lacked the secure communication capabilities; the need for cyber security measures within these systems was not anticipated.
However, in today’s ever-connected real-time business environments, the earlier “air gap” does not exist.
Common threat agents for these ICS systems are:
- Attackers
- Bot-network operators
- Criminal groups
- Malicious Insiders
- Spyware/malware authors
- Terrorists
- Industrial/State sponsored spies
Vulnerabilities in ICS systems
These vulnerabilities can be classified into broadly three groups:
- Policy and Procedure Vulnerabilities
- Platform Vulnerabilities
- Network Vulnerabilities
Policy and Procedure Vulnerabilities
These vulnerabilities are introduced into the ICS due to incomplete, inappropriate, or non-existent security documentation, including policy and procedures.
Platform Vulnerabilities
These vulnerabilities can occur due to flaws, misconfiguration, or poor maintenance of hardware, operating systems, and ICS applications.
Network Vulnerabilities
These vulnerabilities in ICS may occur from flaws, misconfiguration, or poor administration of ICS networks and their connections with other networks.
How we can help you?
Our team of experts follow a step by step procedure to do a thorough security assessment of your mission critical SCADA systems to find out how vulnerable they are against external attacks done by malicious users and how much they are compliant against the security standards such as ICS-CERT, DoE (Department of Energy), DHS (Department of Homeland Security), NIST SP 800-82 Rev 1, NIST SP 800-53 Rev 4, TR99.00.02 and ENISA guidelines for ICS systems, National ICS Security Standard, Qatar etc. We use the following tools for our assessment process such as AuditPro (our in-house developed Auditing tool), Nmap, Nessus, Super scan etc.