Supervisory Control and Data Acquisition (SCADA) systems are generally a subset of Process Control Systems that manage systems over very large geographic areas. They remotely monitor and measure remote sensors over large geographic areas and typically possess some type of automated response capability based on specific criteria. SCADA systems make up the critical infrastructure associated with railways, electric power grids, water and sewage treatment plants, and oil and gas pipelines.
Due to the criticality of SCADA systems, the impact to transportation and common utilities such as water, gas and power should SCADA systems fail is significant. In today’s environment, organisations that utilise SCADA systems as a critical part of their operation are considered a high terrorism target. With these systems connected to IP networks, the risk of cyber-terrorism is even greater.
eSecure are experienced in reviewing the security of SCADA systems, having undertaken in-depth security reviews of numerous utilities and transportation organisations. As part of our review, our consultants:
- identify key asset types within the SCADA environment
- identify the various threat-sources confronting each type of SCADA asset
- identify the specific operational and/or system vulnerabilities that those threat-sources may exploit
- determine the likelihood (probability) and business impact of those threat-sources should system vulnerabilities be
- assist in the testing and deploying mitigation strategies to mitigate business risk.
For further information, The United States President’s Critical Infrastructure Protection Board, and the Department of Energy developed steps to help any organisation improve the security of its SCADA networks.