The importance of up-to-date critical system monitoring
BY MARLEE ROSEN, Rosen Associates
Supervisory control and data acquisition (SCADA) networks contain computers and applications that perform critical capabilities in delivering essential services and commodities (for example, electricity, natural gas, water, waste treatment, wind farms, transportation) to consumers. As such, they are part of America’s critical infrastructure and require protection from a variety of threats that exist in cyber space and even more commonly today, the mentality that “if it isn’t broken then don’t fix it”.
To optimize the collection and analysis of the data and control of equipment such as pumps and valves from remote locations, SCADA networks provide great efficiency and are widely used but many have been set up roughly 15 years ago and left to run without any further concern for product updates or enhancements.
These legacy SCADAs present a tremendous security risk. SCADAs were initially designed to maximize functionality and automate processes, product updates and new revisions. However, SCADA companies merged, ceased to exist or evolved more into manufacturing execution systems (MES). Also, tremendous changes have occurred in the automation industry that have left multitudes of outdated SCADAs in the field. As a result, utilities are now faced with vulnerabilities these no-longer supported SCADAs bring to operating systems.
Unfortunately, it would have to take a crisis or accident to occur to bring about the setting aside of monetary funds to swap out these dinosaurs. Part of the problem is that no one wants to take on the complexities of having to reconfigure a system to meet the demands of an existing application that is already up and running. It is much easier to turn a blind eye and believe that as long as it is up and running problem free, then there are more important priorities to focus on. What has thus transpired is a very vulnerable U.S. infrastructure. Now the performance, reliability, flexibility and safety of distributed control/SCADA systems once considered robust, have in today’s terms become antiquated.
Approximately 33 percent of these SCADA systems have been running automatically on their own for more than 15 years without updates and changes made to keep up with the cyber-unsecure time we live in today. It’s startling what trends in SCADA security have been effecting North American utilities in recent years.Read the full article in our digital magazine