Spring 2020, No. 1, vol. 2 / Romanian Cyber Security Journal
Supervisory Control and Data Acquisition (SCADA): the Security of Critical Infrastructures Nowadays
Mihai APOSTOL, Andreea DINU
Critical infrastructures have always been the most sensitive, vulnerable area of any system or process. Therefore, no matter how well they are protected, they will always have a degree of vulnerability, as a rule, being the first targets when it comes to destabilizing or even destroying a system or process. In a world where almost all technological processes are based on automation and controlled by industrial control systems (ICS), people rely on these infrastructures directly or indirectly and they have become indispensable to society. Most critical infrastructures are controlled by SCADA (Supervisory Control and Data Acquisition) which means that it comes with flaws, bugs, known and unknown vulnerabilities that can be exploited by any means. The SCADA network is responsible for many functionalities and applications that enable operations at the infrastructure level. SCADA systems are based on an operating flow that starts from collecting information from various measuring instruments and stops displaying information to operators, so that they can act accordingly. Because of this long and important process, SCADA systems are exposed to many cyber threats. In this article, we will present the main components of SCADA systems and briefly describe their operation and use. Also, we will identify the most common vulnerabilities of control systems and data acquisition and will mention possible types of cyberattack that can target these systems. The effects on the company will be discussed in the event of a successful cyberattack and we will highlight different methods of protection and security in order to prevent or combat any threat.
SCADA, vulnerabilities, security, cyberattacks, critical infrastructure, society, threats.