{"id":16091,"date":"2021-09-17T09:00:00","date_gmt":"2021-09-17T07:00:00","guid":{"rendered":"https:\/\/www.codemotion.com\/magazine\/?p=16091"},"modified":"2022-01-05T20:01:28","modified_gmt":"2022-01-05T19:01:28","slug":"how-to-optimize-scada-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.codemotion.com\/magazine\/cybersecurity\/how-to-optimize-scada-cybersecurity\/","title":{"rendered":"7 Ways to Optimize SCADA Cybersecurity"},"content":{"rendered":"\n

As the name implies, Supervisory Control and Data Acquisition (SCADA) networks house critical systems \u2014 including computers and applications \u2014 that control, facilitate, or handle essential services. They\u2019re used to manage many critical infrastructure solutions like electric, gasoline, water, and beyond.<\/p>\n\n\n\n

It\u2019s rather obvious why protecting them with reliable cybersecurity practices is a huge concern. Here are some ways to do that.<\/p>\n\n\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\tTable Of Contents\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
  1. 1. Disconnect Unnecessary Systems<\/a>
  2. 2. Identify and Limit Existing Connections to SCADA Networks<\/a>
  3. 3. Conduct Technical Audits to Reveal Security Concerns<\/a>
  4. 4. Establish Intrusion Detection and Sustained Incident Monitoring<\/a>
  5. 5. Create an Incident Response and Disaster Recovery Plan<\/a>
  6. 6. Train and Educate People on the Front Lines<\/a>
  7. 7. Define, Authorize, and Manage Cybersecurity Roles<\/a>
  8. Protecting Core Infrastructure<\/a><\/ol>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\n\n\n

    1. Disconnect Unnecessary Systems<\/strong><\/h2>\n\n\n\n

    Not everything needs to be connected. SCADA systems should be isolated, especially mission-critical processes and operations. Data warehousing and network segmentation are excellent security solutions for protecting critical infrastructure.<\/p>\n\n\n\n

    General Electric describes network segmentation<\/a> as a \u201ccore building block of a mature cybersecurity profile.\u201d When it\u2019s used in industrial control environments it can mean the difference between a major breach and something much less impactful. It will become even more prominent as cellular networks are used to support SCADA systems, with wireless connectivity, IoT devices, and mobile tech all synced up. Think of it as moving a core network away from a more open and public-facing one.<\/p>\n\n\n\n

    2. Identify and Limit Existing Connections to SCADA Networks<\/strong><\/h2>\n\n\n\n

    Understanding threats, potential attack vectors, and how bad actors might use them is imperative for truly protecting any network. Moreover, there must be a concerted effort to discover and assess all open connections, ports, and channels. Where is the network most vulnerable? How could a potential hacker access or seize control of a system?<\/p>\n\n\n\n

    In the U.S. Department of Energy\u2019s \u201c21 Steps to Improve Cyber Security of SCADA Networks\u201d report, step one is to identify all connections<\/a> and utilize DMZs, or \u201cdemilitarized zones,\u201d to protect equipment.<\/p>\n\n\n\n

    Physical security is just as vital. USB keys, portable devices, and even laptops plugged into control systems can pose a significant threat. All USB ports and connections should be monitored, controlled, and protected, namely by an anti-malware scanning tool. <\/p>\n\n\n\n

    The use of these devices should be restricted and only leveraged in extreme circumstances, for secure backups as an example. No one should be connecting their personal devices to core networks, including smartphones.<\/p>\n\n\n\n

    This security should also extend to partners, vendors, and beyond \u2014 such as visitors coming to a site and accessing the local network. The connections must be monitored and managed appropriately, with tools to revoke access and lock down a system if and when a breach or unauthorized access is detected.<\/p>\n\n\n\n

    3. Conduct Technical Audits to Reveal Security Concerns<\/strong><\/h2>\n\n\n\n

    One way to assess the playing field is to conduct regular and comprehensive audits. They can help identify vulnerabilities, take stock of security<\/a> and how well it works, and develop an understanding of how users are accessing a network.<\/p>\n\n\n\n

    For example, maybe a user has elevated privileges and is accessing a restricted portal. The audit would reveal this information and provide ample time to take action, revoke access, and ensure no damage or data<\/a> theft has occurred.<\/p>\n\n\n\n

    What\u2019s more, systems should always be retested after corrective action has been taken. Establishing a proper protocol for audits, and what that entails, is task number one. Whether that involves creating an in-house task force or enlisting outside help, there should be a dedicated team for handling the administrative side of security audits.<\/p>\n\n\n\n

    [jwp-video n=”2″]<\/p>\n\n\n\n

    4. Establish Intrusion Detection and Sustained Incident Monitoring<\/strong><\/h2>\n\n\n\n

    In addition to the security audit team, there should be a crew that supports intrusion detection and incident monitoring systems. Chances are good many of the monitoring tools will be automated, with appropriate systems in place to take action immediately.<\/p>\n\n\n\n

    But there still needs to be personnel behind those platforms, not just to react accordingly, but also to assess the environment and share details with the necessary parties \u2014 namely executives and leadership.<\/p>\n\n\n\n

    That crew should also spend time regularly assessing incident response plans, updating them to cover new systems and tools, and shore up potential concerns, like addressing a lapse in security coverage.<\/p>\n\n\n\n

    5. Create an Incident Response and Disaster Recovery Plan<\/strong><\/h2>\n\n\n\n

    An incident response plan is a must-have. What\u2019s the playbook before, during, and after a cyberattack or data breach? How can access be recovered and the damage mitigated? What users should be locked out? Should the network be shut down completely? Are there critical systems that must remain online?<\/p>\n\n\n\n

    There should also be a backup solution in place to protect all data, and also to provide a recent recovery point whenever applicable. Ransomware is a particularly nasty form of cyberattack that can compromise or corrupt critical data<\/a>. It\u2019s never something you want to encounter, but with recent and regular backups, that problem can be remedied much faster than without.<\/p>\n\n\n\n

    6. Train and Educate People on the Front Lines<\/strong><\/h2>\n\n\n\n

    Breaches can and do happen because of negligence, so thwarting those kinds of events should also be a consideration. In many cases, the answer is relatively simple: standard personnel must be educated and trained on their cybersecurity responsibilities. That includes using strong passwords, never sharing access or information, following proper security guidelines, and avoiding the use of external devices like smartphones or personal computers.<\/p>\n\n\n\n

    Consequences must be established for those who do not follow through, and a system of checks and balances should be put in place to monitor what\u2019s happening. The act should be preventive, and able to stop poor security practices and habits before they create a major security event.<\/p>\n\n\n\n

    [jwp-video n=”1″]<\/p>\n\n\n\n

    7. Define, Authorize, and Manage Cybersecurity Roles<\/strong><\/h2>\n\n\n\n

    Like standard personnel, security professionals must understand their roles, responsibilities, and the tools they have available. It may even be necessary to train them consistently, to keep policies and tactics at the forefront of their minds.<\/p>\n\n\n\n

    There are some essential practices for ensuring the security team is properly equipped. For starters, key personnel must have sufficient authority to act and protect the network, with little to no oversight. There should never be a lengthy process for taking action, especially when there\u2019s a need to lock down the network and secure systems. With open system architecture and a distributed management system<\/a>, it should always be clear who exactly is given remote access.<\/p>\n\n\n\n

    What\u2019s more, there should be feedback channels where security personnel can share concerns and suggestions with leaders and executives. What if a software tool is not working as expected or there are better alternatives? What if the security team requires additional resources or people?<\/p>\n\n\n\n

    Protecting Core Infrastructure<\/strong><\/h2>\n\n\n\n

    In summary, optimizing SCADA cybersecurity should look something like the following:<\/p>\n\n\n\n