https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources
    • Back
    • Webinars
    • White Papers
    • Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • Magazine
    • Back
    • Digital Editions
    • Reprints & Reuse
    • Subscribe to GovPro
    • Manage GovPro Subscription
    • Advertise
  • About Us
    • Back
    • About Us
    • Contact Us
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
acc.com

Commentaries


Commentary

5 steps to reduce risk for critical infrastructure and industrial control systems

5 steps to reduce risk for critical infrastructure and industrial control systems

  • Written by Aleksander Gorkowienko
  • 24th April 2019

Thanks to the internet, we now obtain information, make purchases, and communicate with each other in ways that are dramatically different than they were only a few years ago. In fact, the advent of email, eCommerce, and social media has irrevocably changed how we conduct our daily lives. And the Internet of Things (IoT) extends connectivity to everyday devices such as cars, cameras, and smart refrigerators.

At the same time, the internet has had a potentially greater impact on the often-invisible systems that support the way we live. Known as Supervisory Control and Data Acquisition (SCADA) systems, they run critical infrastructure components such as water treatment plants and gas pipelines. They include industrial processing systems that control refining and generate power, as well as systems that enable operations at critical domestic facilities, such as airports.

The internet, and particularly the Internet of things, offer significant benefits for managing these infrastructure and industrial control systems (ICS). But because these backbone systems can communicate over the internet, they can also be attacked over the internet.


SCADA Systems Exposed to Risk

Being able to access SCADA systems over the internet has some obvious benefits for government departments or agencies that oversee local or regional utilities or infrastructure. Industrial control system controllers and sensors that are connected to the internet can be controlled, monitored, and maintained remotely, even from a single location.

This ability also exposes them to risk, however, and the programmable logic controllers (PLCs) and ICSs that form the backbone of SCADA systems were not designed with cybersecurity in mind. In addition, some significant obstacles impede SCADA system component protection.

For one thing, as long as a SCADA device performs its intended function, there is little incentive to change it. Moreover, utilities and other industries rely on SCADA devices that were developed before the internet age and cannot be updated. And even if a vendor can provide a security patch, applying the patch can be a problem. A production line or oil refinery is not like a web server – you cannot just shut it down, apply the patch, and start it up again. Down time can cost millions of dollars a day, and every change in configuration must be tested before being put into a production environment.


SCADA Threats are Real

It’s easy to dismiss sensational headlines or doomsday scenarios as fantasy. While attacks on SCADA systems could result in some catastrophic scenarios, in most cases the damage would be limited.
However, attacks with serious consequences are possible. As demonstrated in this video, it would be relatively simple for an attacker to execute a man-in-the-middle attack if an ICS network is compromised. And such an attack could, for example, cut off electricity to an entire city while the human-machine interface in the control room continues to reflect normal operation.

Although hacking industrial control systems requires exceptional technical knowledge, the source code for many potential exploitations, including state-sponsored Stuxnet and various tools leaked from the NSA, is freely available on the web. In addition, attackers work around the clock, playing with existing code and working on innovative ways to infiltrate and exploit SCADA systems.

Reducing Risk and Protecting SCADA Systems
It is simply not feasible for a government department to replace every PLC and ICS device with a new version designed with security in mind. Thankfully, risk can be managed and reduced. Risk management and reduction requires a holistic approach to security.


1. Map the Network

The first step is to map the network. Identify how networks are connected or segmented, and create an accurate picture of the entire environment.


2. Identify Assets

Next, develop and maintain a complete inventory of devices that are connected to the network. Make sure new devices can be protected and the inventory updated in real time.


3. Identify Critical Systems

Prioritize assets. When considering which assets are more critical, consider both the intrinsic value of the asset and which assets are most likely to be targeted by attackers. It is also a good idea to hire an outside company to conduct a security audit and penetration test to help identify any gaps in security.


4. Reduce Your Attack Surface

Remove unnecessary devices and disable unnecessary services to minimize potential attack vectors and reduce the overall attack surface.


5. Patch and Update

Finally, to the extent possible, identify any available patches or updates for your devices and applications and deploy them.


Protect Your SCADA Systems

SCADA systems are the backbone of critical infrastructure. The internet age has enhanced the functionality of SCADA systems but has also exposed them to new risks. The key to defending SCADA systems effectively is to be aware of potential issues and plan ahead.

 

Aleksander is a cybersecurity expert with more than 20 years of experience in the U.S., U.K. and Europe. He and his team of security consultants at Spirent SecurityLabs work with global companies, states, and local municipalities and agencies to protect their critical data, intellectual property, and reputation.

Tags: Smart Cities & Technology Commentaries Smart Cities & Technology Commentary

Related


  • A video surveillance camera and sign warning about CCTV being in operation
    All activities monitored: The 10 most surveilled major cities in the U.S.
    Public close-circuit television (CCTV) cameras, or public video surveillance camera, hold multiple benefits for cities. They can help reduce crimes around public areas, buildings and roads, and with the increasing deployment of smart sensors and 5G, these cameras will be able to utilize the Internet of Things (IoT) to accomplish much more in the future. […]
  • A street in Denver
    Denver anticipates autonomous vehicles with cross-agency, cross-sector collaborative planning
    Without early planning by regulators, autonomous vehicles (AVs) have the potential to fail on their promises of safer and more convenient travel. Before and even during the pandemic, which has understandably shifted priorities of local and state officials, leaders in AV policy development are nonetheless thinking about and producing plans to deal with hundreds of […]
  • Revenue and zoning evolution prepares Seattle for an autonomous vehicle future
    Although autonomous vehicles (AVs) are not fully ready for deployment, history provides strong incentive to begin planning for its implementation now. In the early 20th century, the growth of the automobile erupted faster than regulators could have imagined with far-reaching consequences. Although cars eventually helped fulfill promises of economic growth, middle-class jobs, and on-demand mobility, […]
  • A street in Los Angeles
    Los Angeles infrastructure inventory anticipates future autonomous vehicle policy
    With respect to autonomous vehicles (AVs), city and state regulators are eventually going to confront hundreds of interrelated policy and economic issues in order to adequately prepare their roads and populations for safe, fair, and effective use. During the pandemic, city budgets have become strained, and regulators understandably have important and pressing financial burdens such […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Report: Ransomware attacks cost local and state governments over $18 billion in 2020
  • Tennessee county allows autonomous shuttle to operate on public road
  • Why Tucson is building its own 4G network
  • Key steps governments can take to guard against malware attacks

Twitter


AmerCityCounty

Procurement department puts post-pandemic work plan in place to ensure continued productivity dlvr.it/RxgxjN

14th April 2021
AmerCityCounty

Georgia city moves to automated trash collection dlvr.it/RxX5Rl

12th April 2021
AmerCityCounty

The Community Game Changer: Library Outsourcing dlvr.it/RxLd6r

9th April 2021
AmerCityCounty

Cooperative contracts can be an entryway for small and diverse companies to successfully compete for government sal… twitter.com/i/web/status/1…

9th April 2021
AmerCityCounty

Electric slide: Mayors form collaborative organization to purchase electric vehicles for cities dlvr.it/RxGsHY

8th April 2021
AmerCityCounty

Celebrating the unsung heroes of the COVID-19 pandemic: Procurement professionals dlvr.it/RxGsG2

8th April 2021
AmerCityCounty

Expanding opportunities: Nebraska’s bold procurement Concierge Program dlvr.it/RxGpyr

8th April 2021
AmerCityCounty

All activities monitored: The 10 most surveilled major cities in the U.S. dlvr.it/RxCKzy

7th April 2021

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X