Editing SCADA (section)

== Security ==

SCADA systems that tie together decentralized facilities such as power, oil, gas pipelines, water distribution and wastewater collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure.<ref>{{cite book |last= Boyes|first= Walt|title=Instrumentation Reference Book, 4th Edition|year=2011 |publisher=Butterworth-Heinemann|location= USA|isbn=978-0-7506-8308-1|page= 27}}</ref><ref>{{cite web |last1=Siggins |first1=Morgana |title=14 Major SCADA Attacks and What You Can Learn From Them |url=https://www.dpstele.com/blog/major-scada-hacks.php |website=DPS Telecom |access-date=2021-04-26}}</ref> The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems, office networks and the [[Internet]] has made them more vulnerable to types of [[Attack (computing)#Types of attacks|network attacks]] that are relatively common in [[computer security]]. For example, [[ICS-CERT|United States Computer Emergency Readiness Team (US-CERT)]] released a vulnerability advisory<ref>{{cite web|url=http://www.us-cert.gov/control_systems/pdf/ICSA-11-231-01.pdf|title=ICSA-11-231-01—INDUCTIVE AUTOMATION IGNITION INFORMATION DISCLOSURE VULNERABILITY|access-date=21 Jan 2013|date=19 Aug 2011|archive-date=5 November 2012|archive-url=https://web.archive.org/web/20121105230108/http://www.us-cert.gov/control_systems/pdf/ICSA-11-231-01.pdf|url-status=dead}}</ref> warning that unauthenticated users could download sensitive configuration information including [[Cryptographic hash function#File or data identifier|password hashes]] from an [[Inductive Automation]] [[Ignition SCADA|Ignition]] system utilizing a standard [[Semantic URL attack|attack type]] leveraging access to the [[Apache Tomcat|Tomcat]] [[Embedded Web server]]. Security researcher Jerry Brown submitted a similar advisory regarding a [[buffer overflow]] vulnerability<ref>{{cite web|url=https://ics-cert.us-cert.gov/pdf/ICSA-11-094-01.pdf|title=ICSA-11-094-01—WONDERWARE INBATCH CLIENT ACTIVEX BUFFER OVERFLOW|access-date=26 Mar 2013|date=13 Apr 2011|archive-date=17 February 2013|archive-url=https://web.archive.org/web/20130217202037/http://ics-cert.us-cert.gov/pdf/ICSA-11-094-01.pdf|url-status=dead}}</ref> in a [[Wonderware]] InBatchClient [[ActiveX control]]. Both vendors made updates available prior to public vulnerability release. Mitigation recommendations were standard [[Software patching|patching]] practices and requiring [[VPN]] access for secure connectivity. Consequently, the security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to [[cyber attack]]s.<ref name="NGF-CA-GT-01">{{cite web|url=http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf|title=Cyberthreats, Vulnerabilities and Attacks on SCADA Networks|work=Rosa Tang, berkeley.edu|url-status=dead|archive-url=https://web.archive.org/web/20120813015252/http://gspp.berkeley.edu/iths/Tsang_SCADA%20Attacks.pdf|archive-date=13 August 2012|access-date=1 August 2012}}</ref><ref>{{cite web |url=https://www.blackhat.com/presentations/bh-federal-06/BH-Fed-06-Maynor-Graham-up.pdf |title=SCADA Security and Terrorism: We're Not Crying Wolf |author=D. Maynor and R. Graham |year=2006}}</ref><ref>{{cite web |url=http://www.securityfocus.com/news/11402 |title=SCADA system makers pushed toward security |publisher=SecurityFocus |author=Robert Lemos |date=26 July 2006 |access-date=9 May 2007}}</ref>

In particular, security researchers are concerned about:

* The lack of concern about security and authentication in the design, deployment and operation of some existing SCADA networks
* The belief that SCADA systems have the benefit of [[security through obscurity]] through the use of specialized protocols and proprietary interfaces
* The belief that SCADA networks are secure because they are physically secured
* The belief that SCADA networks are secure because they are disconnected from the Internet

SCADA systems are used to control and monitor physical processes, examples of which are transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic lights, and other systems used as the basis of modern society.  The security of these SCADA systems is important because compromise or destruction of these systems would impact multiple areas of society far removed from the original compromise.  For example, a blackout caused by a compromised electrical SCADA system would cause financial losses to all the customers that received electricity from that source.  <!-- Removed FUD -->How security will affect legacy SCADA and new deployments remains to be seen.

There are many threat vectors to a modern SCADA system. One is the threat of unauthorized access to the control software, whether it is human access or changes induced intentionally or accidentally by virus infections and other software threats residing on the control host machine. Another is the threat of packet access to the network segments hosting SCADA devices. In many cases, the control protocol lacks any form of [[Cryptography|cryptographic security]], allowing an attacker to control a SCADA device by sending commands over a network. In many cases SCADA users have assumed that having a VPN offered sufficient protection, unaware that security can be trivially bypassed with physical access to SCADA-related network jacks and switches. Industrial control vendors suggest approaching SCADA security like [[Information security|Information Security]] with a [[Defense in depth#Information security|defense in depth]] strategy that leverages common IT practices.<ref>{{cite web|url=http://www.rockwellautomation.com/resources/downloads/rockwellautomation/pdf/products-technologies/security-technology/securat001aene.pdf|title=Industrial Security Best Practices|publisher=Rockwell Automation|access-date=26 Mar 2013|archive-date=16 January 2013|archive-url=https://web.archive.org/web/20130116053152/http://www.rockwellautomation.com/resources/downloads/rockwellautomation/pdf/products-technologies/security-technology/securat001aene.pdf|url-status=dead}}</ref> Apart from that, research has shown that the architecture of SCADA systems has several other vulnerabilities, including direct tampering with RTUs, communication links from RTUs to the control center, and IT software and databases in the control center.<ref name=GianiSastry>{{cite book|last1=Giani|first1=A.|last2=Sastry|first2=S.|last3=Johansson|first3=H.|last4=Sandberg|first4=H.|title=2009 2nd International Symposium on Resilient Control Systems|date=2009|publisher=IEEE|pages=31–35|chapter=The VIKING project: An initiative on resilient control of power networks|doi=10.1109/ISRCS.2009.5251361|isbn=978-1-4244-4853-1 |s2cid=14917254 |url=http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-80021 }}</ref> The RTUs could, for instance, be targets of deception attacks injecting false data <ref name=LiuNing>{{cite book|last1=Liu|first1=Y.|last2=Ning|first2=P.|last3=Reiter|first3=MK.|title=ACM Transactions on Information and System Security|date=May 2011|publisher=Association for Computing Machinery|chapter=False Data Injection Attacks against State Estimation in Electric Power Grids|volume=14 |pages=1–33 |doi=10.1145/1952982.1952995|s2cid=2305736 }}</ref> or [[denial-of-service attack]]s. 

The reliable function of SCADA systems in our modern infrastructure may be crucial to public health and safety. As such, attacks on these systems may directly or indirectly threaten public health and safety. Such an attack has already occurred, carried out on [[Shire of Maroochy|Maroochy Shire]] Council's sewage control system in [[Queensland]], [[Australia]].<ref name=SlayMiller>{{cite book|last1=Slay|first1=J.|author-link1=Jill Slay |last2=Miller|first2=M.|title=Critical infrastructure protection|date=November 2007|publisher=Springer Boston|isbn=978-0-387-75461-1|pages=73–82|edition= Online-Ausg.|chapter=Chpt 6: Lessons Learned from the Maroochy Water Breach|doi=10.1007/978-0-387-75462-8_6}}</ref>  Shortly after a contractor installed a SCADA system in January 2000, system components began to function erratically. Pumps did not run when needed and alarms were not reported.  More critically, sewage flooded a nearby park and contaminated an open surface-water drainage ditch and flowed 500 meters to a tidal canal. The SCADA system was directing sewage valves to open when the design protocol should have kept them closed. Initially this was believed to be a system bug.  Monitoring of the system logs revealed the malfunctions were the result of cyber attacks. Investigators reported 46 separate instances of malicious outside interference before the culprit was identified.  The attacks were made by a disgruntled ex-employee of the company that had installed the SCADA system.  The ex-employee was hoping to be hired by the utility full-time to maintain the system.

In April 2008, the Commission to Assess the Threat to the United States from [[Electromagnetic pulse|Electromagnetic Pulse]] (EMP) Attack issued a Critical Infrastructures Report which discussed the extreme vulnerability of SCADA systems to an electromagnetic pulse (EMP) event. After testing and analysis, the Commission concluded: "SCADA systems are vulnerable to EMP insult. The large numbers and widespread reliance on such systems by all of the Nation’s critical infrastructures represent a systemic threat to their continued operation following an EMP event. Additionally, the necessity to
reboot, repair, or replace large numbers of geographically widely dispersed systems will considerably impede the Nation’s recovery from such an assault."<ref name="Critical Infrastructures Report, Congressional EMP Commission, 2008">http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf {{cite report |date=April 2008 |title=Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack |url=http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf |page=9 |access-date=31 May 2024 |quote=}}</ref>

Many vendors of SCADA and control products have begun to address the risks posed by unauthorized access by developing lines of specialized industrial [[Firewall (computing)|firewall]] and [[VPN]] solutions for TCP/IP-based SCADA networks as well as external SCADA monitoring and recording equipment.<!-- Removed Vendor Advertisement, replaced with neutral tone --><!-- Removed Vendor Advertisement, replaced with neutral tone --><!--Removed Marketing Magazine article, you can add it as a reference at the bottom to support a set of statements-->
The [[International Society of Automation]] (ISA) started formalizing SCADA security requirements in 2007 with a working group, WG4. WG4 "deals specifically with unique technical requirements, measurements, and other features required to evaluate and assure security resilience and performance of industrial automation and control systems devices".<ref name=InTechViaISA>{{cite news|title=Security for all|url=http://www.isa.org|access-date=2 May 2012|newspaper=InTech|date=June 2008}}</ref>

The increased interest in SCADA vulnerabilities has resulted in vulnerability researchers discovering vulnerabilities in commercial SCADA software <!-- removed vendor names --> and more general offensive SCADA techniques presented to the general security community.<ref>{{cite web|url=http://www.c4-security.com/SCADA%20Security%20-%20Generic%20Electric%20Grid%20Malware%20Design%20-%20SyScan08.pps |title=SCADA Security – Generic Electric Grid Malware Design |url-status=dead |archive-url=https://web.archive.org/web/20090107085040/http://www.c4-security.com/SCADA%20Security%20-%20Generic%20Electric%20Grid%20Malware%20Design%20-%20SyScan08.pps |archive-date=7 January 2009 }}</ref> <!-- citations as support of the statements are fine --> In electric and gas utility SCADA systems, the vulnerability of the large installed base of wired and wireless serial communications links is addressed in some cases by applying [[bump-in-the-wire]] devices that employ authentication and [[Advanced Encryption Standard]] encryption rather than replacing all existing nodes.<ref>{{cite web |url=http://www.utc.org/?p=33398 |archiveurl=https://web.archive.org/web/20071103173939/http://www.utc.org/?p=33398 |author=KEMA, Inc |title=Substation Communications: Enabler of Automation |publisher=Utilities Telecom Council |date=November 2006 |pages=3–21 |archivedate=3 November 2007 |accessdate=19 January 2022}}</ref>

In June 2010, anti-virus security company [[Vba32 AntiVirus|VirusBlokAda]] reported the first detection of malware that attacks SCADA systems (Siemens' [[WinCC]]/PCS 7 systems) running on Windows operating systems. The malware is called [[Stuxnet]] and uses four [[zero-day attack]]s to install a [[rootkit]] which in turn logs into the SCADA's database and steals design and control files.<ref>{{cite web|url=http://news.cnet.com/8301-27080_3-20011159-245.html|title=Details of the first-ever control system malware (FAQ)|last=Mills|first=Elinor|date=21 July 2010|website=[[CNET]]|access-date=21 July 2010}}</ref><ref>{{cite web|url=http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=view|title=SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan|date=21 July 2010|publisher=[[Siemens]]|quote=malware (trojan) which affects the visualization system WinCC SCADA.|access-date=22 July 2010}}</ref> The malware is also capable of changing the control system and hiding those changes. The malware was found on 14 systems, the majority of which were located in Iran.<ref>{{cite news|url=http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142|title=Siemens: Stuxnet worm hit industrial systems|access-date=16 September 2010|url-status=dead|archive-url=https://archive.today/20120525053210/http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142|archive-date=25 May 2012|df=dmy-all}}</ref>

In October 2013 ''National Geographic'' released a docudrama titled ''American Blackout'' which dealt with an imagined large-scale cyber attack on SCADA and the United States' electrical grid.<ref>{{cite web|url=http://channel.nationalgeographic.com/american-blackout/|archive-url=https://web.archive.org/web/20150313204218/http://channel.nationalgeographic.com/american-blackout/|url-status=dead|archive-date=13 March 2015|title=American Blackout|publisher=National Geographic Channel|access-date=14 October 2016}}</ref>