Cyber security engineering is expensive. However, the presence of vulnerabilities requires it. In this section we list vulnerabilities we typically see in SCADA systems. The order in the list of vulnerabilities does not reflect a priority in terms of likelihood of occurrence or severity of impact. Typical vulnerabilities in SCADA systems are listed below. The vulnerabilities are grouped in the categories, policy/procedure/configuration management, system, network, and platform to assist in determining how to provide the best mitigation strategy.
Typical vulnerabilities in SCADA systems
- The SCADA system has no specific documented security policy or security plan.
- There is no formal configuration management and no official documented procedures.
Hence, there are neither formal requirements, nor a consistent approach of configuration management.
- There is neither formal security training nor official documented security procedures.
- Sensitivity levels for SCADA data are not established, making it impractical to identify which communication links to secure, databases requiring protection, etc.
- No security perimeter has been defined for the existing system that defines access points to the system that should be secured.
- Physical security alarms reside on the SCADA system; hence, a failure in the SCADA system affects the integrity of the physical security.
- Critical monitoring and control paths are not identified, in order to determine necessary redundancy or contingency plans.
- Dial-up access exists on individual workstations within the SCADA network.
- The dial-up access into the SCADA network utilizes shared passwords and shared accounts.
- Administrative and SCADA networks utilize the same IP subnet. (This removes the possibility to implement extranets, data diodes, filtering, etc.)
- Inadequate data protection exists as the SCADA data traverse other networks, both as data is transferred to other SCADA segments and as the data is sent to servers on the administrative network. The data is used for a variety of purposes, including public display and engineering efforts.
- Wireless bridging used without strong mutual authentication and/or data integrity protection on supported data flows.
- Wireless LAN technology used in the SCADA network without strong authentication and/or data protection between clients and access points.
- There is inadequate physical protection of network equipment.
- There is no security monitoring on the SCADA network.
- Default OS configurations are utilized, which enables insecure and unnecessary services.
- There is no regular virus checking.
- A PC is allowed connection to both the SCADA network and the Internet.
- There are no time limit, character length, or character type requirements for the passwords.
- OS security patches are not maintained as part of a formal procedure of process.
This security policy also guides the integration of technology and the development of security procedures. Again we iterate all the SCADA vulnerabilities discussed in this document are attributable to the lack of a well-developed and meticulously practiced security policy.
As pointed out in the beginning of the paper, we are focused on system level vulnerabilities, not point security problems, such as physical security or a particular protocol like WEP or SNMP. A well-developed security policy balances operational performance and security requirements, and is necessary for sustained security. This security policy also guides the integration of technology and the development of security procedures.
Again we iterate all the SCADA vulnerabilities discussed in this article are attributable to the lack of a well-developed and meticulously practiced security policy.