Attacks on SCADA systems are on the rise. The freighting truth is that many infiltrated systems have gone undetected. All too often, cyber criminals “infect” systems and silently monitor traffic, observe activity, and wait for months or even years before taking any action allowing them to strike when they can cause the most damage.
“We recognize the enemy will use the Internet to recruit, to take down SCADA systems. In short, we expect a cyberattack as a prelude to war.” – LTG Alan Lynn, DISA (Defense Information Systems Agency) Director
In the past few years we have seen:
- December 2016 – Incident occurred amid a flurry of 6,500 cyber attacks over two months, according to Ukraine’s President Petro Poroshenko. Poroshenko said the attacks indicated Russian “cyberwar.”
- October 2015 – Chatham House, a UK think-tank, reported that the risk of a cyber attack on nuclear infrastructure is growing. The trend towards the digitization of SCADA systems is increasing the vulnerability of nuclear facilities, and many are inadequately prepared. Even where facilities are air-gapped, this safeguard can be breached with nothing more than a flash drive.
- April 2015 – According to the 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014, the number of attacks on SCADA systems doubled compared to the previous year. Most of these attacks occurred in Finland, the United Kingdom, and the United States.
- March 2015 – A report by the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) found that it received 245 cyber incident reports from asset owners and industry partners in the fiscal year of 2014.
- December 2014 – An unnamed German Steel Mill suffered extensive damage from a cyber-attack. The attackers were able to disrupt the control system and prevent a blast furnace from being shut down, resulting in ‘massive’ damage.
Threats & Vulnerabilities
With numerous threats and vulnerabilities that could affect critical services, securing SCADA systems must be a top priority.
- Lack of Network Segmentation
- Lack of Encryption
- Remote Access Policies
- DDoS Attacks
- Legacy Software
- Default Configuration
- Policies and Procedures
Want to learn more?
Schedule an appointment with one of our SCADA Cyber Security Solutions experts or stop by our booth # 806 at FWRC, April 23 – 25, 2017 at the Palm Beach County Convention Center, in West Palm Beach, Florida.