A SCADA system is an integral part of water/wastewater process controls aimed at maximizing efficiency by gathering operational data and presenting the data in a visual form. A typical system consists of a software package installed on a Windows server or workstation that gathers information from PLCs (programmable logic controllers) and other instrumentation.
For years, SCADA systems have relied upon proprietary hardware and networks that have made them immune to typical cyber-attacks of traditional information systems (IT). However, over time, SCADA systems adopted many of the standards of typical IT systems connecting them to corporate IT networks. Now, many SCADA systems are susceptible to the same cyber-security threats as their corporate IT counterparts. With the right guidance and a good plan, cyber-security risks can be significantly reduced. Use these strategies to promote a healthy, secure SCADA system:
STEP 1 – APPLY COMPATIBLE MICROSOFT UPDATES
Microsoft frequently updates their programs to address security,performance, and fix problems. These updates need to be applied on a routine basis to keep your system stable and secure. SCADA software vendors have a review process to certify these updates, and they can provide a list of compatible updates which can be applied without issue.
STEP 2 – INSTALL COMPATIBLE ANTIVIRUS PROGRAM
Antivirus programs help protect your computers from malicious software aimed at harming or even destroying your SCADA server. Installing a reputable antivirus program can help mitigate the risk to your SCADA environment. If you are unsure of which software package to choose, consult your SCADA software vendor for Antivirus compatibility.
STEP 3 – INSTALL A FIREWALL
The installation of a business class firewall is a must if your SCADA server is connected to the internet. A stateful firewall performs network level packet inspection of the communication passing through it. It is highly recommended to restrict access to your SCADA server from the internet and even what your SCADA can communicate to on the internet. Very granular access should be given—connectivity to Microsoft Updates and Antivirus vendors should be allowed, as well as connectivity to SCADA vendors, but other access should be limited.
STEP 4 – GET SMART ABOUT SYSTEM BACKUPS
Backing up your SCADA server is an essential task. Having good system backups helps to prevent data loss. SCADA servers typically have a very specialized configuration. If the server was lost or damaged due to some catastrophic event, all of that data would be lost including the SCADA server configuration and any history or trends. Data restoration can become very costly. Installing a backup solution is not a “set it and forget it” type of configuration. Your backups should be tested from time to time. A good cloud-based backup solution can often satisfy the backup need as well as storing the data away from the SCADA server. A lightning strike can often damage server hardware and any connected backup device, so hosting backups in another location can significantly reduce your risk of data loss.
STEP 5 – TAKE ADVANTAGE OF AUTHENTICATION
Most SCADA software vendors have integrated role based authentication into their application. Role based authentication is a way of giving only authorized users access to the SCADA system using usernames and passwords. Giving users the right amount of access to perform tasks that are required for their specific job function is ideal. For example, some staff members only need access to view the SCADA system, while others need to turn on or off pumps. By implementing the integrated security provided in the SCADA software, you can enable this granular level of control. These 5 steps can help fortify your SCADA environment. Taking these actions represents a good start toward creating a secure SCADA environment.