What risks do IoT and automation pose to SCADA legacy systems?
Elena Sitnikova, critical infrastructure protection research leader at the Australian Centre for Cyber Security, discusses the risks automation poses to SCADA legacy systems, and delves into potential tools and solutions to protect networks from unauthorised access and attacks
Photo by Jason Blackeye on Unsplash
The Australian economy is in flux. It is estimated that the Industrial Internet of Things is set to include over 100 billion devices and that 44% of Australian jobs are susceptible to automation. Additionally, in a push towards renewable energy, companies are expected to meet State renewable energy targets before 2020, despite operating on out-dated legacy systems.
These factors amount to the expectation that manufacturing, utilities and infrastructure must prepare for a future with a vast increase in the amount of data SCADA is expected to collect, store and process, and the increased reliance on these systems in day-to-day operations.
Old Systems, New Attacks
“According to industry data and literature, the number of organisation that are now using interconnected internet of things devices is constantly growing, with a further 44% of organisations planning to adopt machine to machine and internet of things solutions in the coming years. Critical infrastructure as it was before, no longer exists - it’s now shifting towards internet of everything, which opens up our highly interconnected networks to unauthorised attacks, something these networks have never previously had to deal with.
SCADA systems, which we use in critical infrastructure, were designed several decades ago, and they were isolated systems at the time; that focused on reparability, reliability and safety, instead of security,as cyber hacks weren’t a threat at the time.
Now however, the systems are increasingly connected to corporate networks via the internet and, internet intrusion detection and the security networks have migrated from preparatory systems, which are old systems, to commercial systems which rely on Ethernet and TCP/IP and Windows. All these technological developments, they make SCADA system vulnerable, by exposing them to the same risks as the risks that exist in conventional IT networks and we need to protect against that.
Recent reports from ICS-CERT (The Industrial Control Systems Cyber Emergency Response Team) from the U.S showed that 245 significant sub-incidents were reported. Of these, the leading areas reporting incidents were critical manufacturing, with 65, and the energy sector, with 32 incidents - and we see these numbers increase all the time.
If a successful attack were to happen here, in the energy or critical manufacturing sectors it would have a significant impact on our economy and disrupt the lives of many, so at the Centre for Cyber Security we understand that developing security solutions is of the utmost importance.”
“What we’re increasingly seeing now is a gap between legacy systems and the growing threat of new attacks. Essentially manufacturing and energy SCADA systems need to ‘catch up.’ While they may be working perfectly, by introducing new IT devices and adopting machine to machine technology along with robotics and automation, legacy systems are opened up and made vulnerable to potential cyber attacks. In regards to finding and implementing solutions to secure SCADA systems unfortunately there is no one method that suits every single situation – although it would be nice if there was! Different utility sectors have different systems, and they have different sensors, different numbers of sensors, and also they might be very widely distributed, or been on a closed connection.
“What we’re increasingly seeing now is a gap between legacy systems and the growing threat of new attacks. Essentially manufacturing and energy SCADA systems need to ‘catch up.’"
As we’ve discovered through our research at the Centre for cyber security is that you can’t only shift the paradigm to detection systems – security is actually a hybrid of detection and analytics, plus situation awareness. While there are a number of tools and software solutions currently on the market that collect data and alarm operators to cyber attacks, the threat is actually much more complex than that. A lot of people think that software will resolve the whole problem.
It’s actually more complex. When we talk about the security of such systems, we talk about the frameworks - so it’s technology, process and people. It’s not enough to simply install systems or software, because often the biggest threat is that a lot of operators don’t understand what they have in their system and so policies aren’t followed correctly. Further to this, threats may come from outside SCADA networks, so operators need to look closely at subcontractors who have been granted authentication and authorisation access.
Additionally, you have to protect your system from the different sites, from the different vectors, and, to truly secure your system, you need to figure out who might attack you system and why. There’s a great deal of literature out there talking about the motivation behind attacking manufacturing systems –whether it be simple crime, or access to information, but really to secure networks its about taking everything back to its most basic level and working up from there. If an attack were to happen it’s important to understand the next step.
There are different methods and suggestions and frameworks and backups and risk taking approaches and so on, but we always seem to be behind the hackers. We try to protect networks, but cyber criminals are very creative so we need to make sure our systems are resilient to attack, and that’s what our research is working on at the Australian Centre for Cyber Security – we need to remove those vulnerabilities and improve network security and safety.”
Want more? Become a member of the AI & Intelligent Automation Network for free access to industry news, whitepapers and articles. Sign up today.