According to the recently released 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014 the number of attacks on Supervisory Control and Data Acquisition (SCADA) systems doubled compared to the previous year. Most of these attacks occurred in Finland, the UK and the U.S. This is probably due because these countries are more likely to be connected to the internet than others. The Dell Report came on the heels of findings from the U.S. Industrial Controls Systems Cyber Emergency Response Team (ICS-CERT) showing that energy was the most targeted sector for attack among all critical infrastructure providers.
"Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported," said Patrick Sweeney, executive director, Dell Security. "This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will continue to grow in the coming months and years."
Although this may not come as a surprise to those in the hydrocarbon industry, that doesn't make it any less worrisome. Many SCADA and industrial control systems (ICS) were built decades ago when cybersecurity was not yet an issue for the industry. There has been an inevitable collision as operational technology (OT) systems like SCADA come into closer contact with IT management modalities, introducing risks as systems not designed for outside connectivity are exposed to the internet.
Successful attacks on SCADA systems could potentially cause disruptions in services that we all depend on every day. For this reason, SCADA attacks are often politically motivated and backed by foreign state actors with motives such as industrial espionage and major supply chain disruption. As digital control systems increase in complexity, it is becoming increasingly difficult to prevent threats from impacting upstream, midstream and downstream oil and gas operations. To add cybersecurity defenses to these systems is a major task, coupled with the fact that due to their critical nature, downtime for system upgrades is virtually impossible.
Given these challenges, here are five ways to improve SCADA security:
1. Air gap systems
Since many SCADA systems do not include robust cyber security controls, it is important to physically separate these systems from the internet and corporate network. If the systems are connected to the network, strong firewalls, intrusion detection systems and other security measures must be put in place to protect against unauthorized intrusion.
2. Avoid Default Configurations
Avoid using default configurations on network and security appliances. Factory passwords must be changed immediately and a system of strong passwords and regular password updating should be enforced.
3. Apply USB and portable device security
Since air gapped systems are not connected to the network, often the only way to bring files in and out of the SCADA system is by using portable media such as USB drives or DVDs. As portable media devices are key attack vectors for air gapped networks, it is very important to deploy a portable media security system that thoroughly scans portable devices for any threats before they are allowed to connect to the secure SCADA network.
4. Defend against advanced persistent threats (APT)
Attacks are becoming more and more sophisticated, with malware remaining undetected for a long period of time. It is important to fight APTs at different levels; not only trying to prevent APTs entering the network, but also detecting APTs that have already gained entry. An effective way to detect APTs is to use a multi anti malware scanner that will scan files with multiple anti virus engines using a combination of signatures and heuristics and will therefore be able to detect more threats.
5. Perform penetration testing
Regular penetration testing and vulnerability assessments, if possible conducted by a third party, are very helpful to get realistic input on the current security level and shed light on which areas still need additional security precautions.
Along with employee awareness training and continuous evaluation, these measures will significantly boost the security of critical infrastructure systems.