SCADA Security Audit

  • SCADA Security Audit
  • Challenges and threats
  • Vulnerabilities

 

Industrial control system (ICS) including its components (SCADA, PLCs, and RTUs etc.) are typically used in industries such as electrical, water and wastewater, oil and natural gas, chemical, transportation, pharmaceutical, pulp and paper, food and beverage etc.
SCADA (Supervisory Control and Data Acquisition) generally refers to an industrial control system for a given process. These processes are often of mission critical nature and usually exist as of industrial, infrastructure or facility-based nature.

For Query & Registration

ICS systems were originally designed to meet performance, reliability, safety, and flexibility requirements. In most cases, they were physically isolated from outside networks and based on proprietary hardware, software, and communication protocols that lacked the secure communication capabilities; the need for cyber security measures within these systems was not anticipated.
However, in today’s ever-connected real-time business environments, the earlier “air gap” does not exist.
Common threat agents for these ICS systems are:

  1. Attackers
  2. Bot-network operators
  3. Criminal groups
  4. Malicious Insiders
  5. Spyware/malware authors
  6. Terrorists
  7. Industrial/State sponsored spies

These vulnerabilities can be classified into broadly three groups:

  1. Policy and Procedure Vulnerabilities
  2. Platform Vulnerabilities
  3. Network Vulnerabilities
  • Policy and Procedure Vulnerabilities

These vulnerabilities are introduced into the ICS due to incomplete, inappropriate, or non-existent security documentation, including policy and procedures.

  • Platform Vulnerabilities

These vulnerabilities can occur due to flaws, misconfiguration, or poor maintenance of hardware, operating systems, and ICS applications.

  • Network Vulnerabilities

These vulnerabilities in ICS may occur from flaws, misconfiguration, or poor administration of ICS networks and their connections with other networks.

      1. What can be tested

                                   Control systems, critical infrastructures, industrial networks

       2. Source

                                   External or internal

       3. Scope

                                   Full or focused (concentrate on specific aspects of security)

       4. Basis of information

                                   White, grey- or blackbox

       5. Strategy

                                   Direct attack attempts or covert attack

       6. Aggressiveness

                                   Passive, polite, aggressive or paranoid