What risks does IoT and automation pose to SCADA legacy systems?

AI Network Research

Ahead of The Industrial Internet of Things Summit, Elena Sitnikova, critical infrastructure protection research leader at the Australian Centre for Cyber Security, discusses the risks automation poses to SCADA legacy systems and delves into potential tools and solutions to protect networks from unauthorised access and attacks

The Australian economy is in flux. It is estimated that the Industrial Internet of Things is set to include over 100 billion devices and that 44% of Australian jobs are susceptible to automation. Additionally, in a push towards renewable energy, companies are expected to meet State renewable energy targets before 2020, despite operating on outdated legacy systems.

In a push towards renewable energy, Australian companies are expected to meet State renewable energy targets before 2020, despite operating on outdated legacy systems.

These factors amount to the expectation that manufacturing, utilities and infrastructure must prepare for a future with a vast increase in the amount of data SCADA is expected to collect, store and process, and the increased reliance on these systems in day-to-day operations.

Old systems, new attacks

“According to industry data and literature, the number of organisations now using interconnected internet of things devices is constantly growing, with a further 44% of organisations planning to adopt machine to machine and internet of things solutions in the coming years. Critical infrastructure as it was before, no longer exists – it’s now shifting towards internet of everything, which opens up our highly interconnected networks to unauthorised attacks, something these networks have never previously had to deal with.

SCADA systems, which we use in critical infrastructure, were designed several decades ago, and they were isolated systems at the time; that focused on reparability, reliability and safety, instead of security, because cyber hacks weren’t a threat at the time.

Now, however, the systems are increasingly connected to corporate networks via the internet and, internet intrusion detection and the security networks have migrated from preparatory systems, which are old systems, to commercial systems which rely on Ethernet and TCP/IP and Windows.  All these technological developments, they make SCADA system vulnerable, by exposing them to the same risks as the risks that exist in conventional IT networks and we need to protect against that.

Recent reports from ICS-CERT (The Industrial Control Systems Cyber Emergency Response Team) from the U.S showed that 245 significant sub-incidents were reported. Of these, the leading areas reporting incidents were critical manufacturing, with 65, and the energy sector, with 32 incidents – and we see these numbers increase all the time.

If a successful attack were to happen here, in the energy or critical manufacturing sectors it would have a significant impact on our economy and disrupt the lives of many, so at the Centre for Cyber Security we understand that developing security solutions is of the utmost importance.”

Securing Systems

“What we’re increasingly seeing now is a gap between legacy systems and the growing threat of new attacks. Essentially manufacturing and energy SCADA systems need to ‘catch up.’ While they may be working perfectly, by introducing new IT devices and adopting machine to machine technology along with robotics and automation, legacy systems are opened up and made vulnerable to potential cyber attacks.   In regards to finding and implementing solutions to secure SCADA systems, unfortunately, there is no one method that suits every single situation – although it would be nice if there was!   Different utility sectors have different systems, and they have different sensors, different numbers of sensors, and also they might be very widely distributed or been on a closed connection.

As we’ve discovered through our research at the Centre for cyber security is that you can’t only shift the paradigm to detection systems – security is actually a hybrid of detection and analytics, plus situation awareness.  While there are a number of tools and software solutions currently on the market that collect data and alarm operators to cyber attacks, the threat is actually much more complex than that. A lot of people think that software will resolve the whole problem.

It’s actually more complex. When we talk about the security of such systems, we talk about the frameworks – so it’s   technology, process and people. It’s not enough to simply install systems or software because often the biggest threat is that a lot of operators don’t understand what they have in their system and so policies aren’t followed correctly. Further to this, threats may come from outside SCADA networks, so operators need to look closely at subcontractors who have been granted authentication and authorization access.

Additionally, you have to protect your system from the different sites, from the different vectors, and, to truly secure your system, you need to figure out who might attack your system and why. There’s a great deal of literature out there talking about the motivation behind attacking manufacturing systems –whether it be a simple crime or access to information, but really to secure networks it is about taking everything back to its most basic level and working up from there. If an attack were to happen it’s important to understand the next step.

There are different methods and suggestions and frameworks and backups and risk taking approaches and so on, but we always seem to be behind the hackers. We try to protect networks, but cyber criminals are very creative so we need to make sure our systems are resilient to attack, and that’s what our research is working on at the Australian Centre for Cyber Security – we need to remove those vulnerabilities and improve network security and safety.”

To become a member of the AI & Intelligent Automation Network and for free access to industry news, whitepapers, and articles: Sign up here.

Speak Your Mind