The Importance of SCADA Security
SCADA systems are used to control critical areas such national infrastructure processeswhich include water, gas, and electrical power. SCADA systems are also used in facility and manufacturing processes. SCADA systems can be vulnerable to terrorist attacks. A successful attack can disrupt systems causing interrupted services or production. If SCADA systems that are used to operate national infrastructure facilities suffer attacks or failure, chaos could ensue across the general public. The security of SCADA systems is vital to national security. SCADA systems need to be protected from both external and insider threats. (“What is SCADA. 2014.)
Why are SCADA Systems so Vulnerable?
SCADA systems are vulnerable to cyber threats because they operate critical infrastructure systems the nation depends on. Different systems can also contain sensitive or highly classified information that could be used nefariously. SCADA systems need to be monitored at all levels and personnel need to be vetted.Personnel also need to be properly trained in their roles regarding their own cybersecurity responsibilities. proper security monitoring and vetting systems can be vulnerable to threats. SCADA systems are difficult to update and its software systems are rarely updated. (SCADA. U.S. G.P.O. 2007.)
X.805 Framework Security Requirements
Security Requirements in reference to X.805 should be as follows (X.805. 2003.):
Access Control: The number of people accessing the system should be limited.
Authentication: Authorized personnel should be able to identify themselves with approval to access the system.
Non-repudiation: Non-repudiation methods could be implemented to enforce accountable logging.
Data Confidentiality: Classifying different types of data and granting persons access to data should be appropriate to authorizations based on their roles.
Secure Communications: Transmitted data and information should be accessible and viewable by authorized personnel on secure devices.
Data Integrity: Data within the systems should be authentic, reliable, and secure at all times.
Availability: The system itself and data should be available at all times with minimal down time.
Privacy: Information should be shared across confidential and secure lines only.(X.805. 2003.)
SCADA systems and the terrorist threat : protecting the nation’s critical control systems : joint hearing before the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity with the Subcommittee on Emergency Preparedness, Science, and Technology of the Committee on Homeland Security, House of Representatives, One Hundred Ninth Congress, first session, October 18, 2005. (2007).
“WHAT IS SCADA?.” (2014) Retrieved from UMUC EBSCOhost
X.805 : Security architecture for systems providing end-to-end communications. (2003.) Retrieved from https://www.itu.int/rec/T-REC-X.805-200310-I/en