The Internet of Things: Why Municipalities Need to Systematically Secure Their SCADA Services

On Friday, October 21, large swaths of the internet were shut down by a swarm of zombie computers. This was not a small Halloween inspired prank—it was the largest distributed denial-of-service (DDoS) attack ever recorded. As a result, users throughout North America and Europe were temporarily blocked from accessing over 60 major websites, including Twitter and Netflix. While it appears that this attack was carried out with no real malicious intent, it has raised concerns about the security of many systems, particularly devices that use Internet of Things (IoT) technology.

DDoS attacks work by overwhelming targeted machines with junk data traffic, usually through bots that search for vulnerable, unprotected computers to infect. This particular attack was orchestrated through a massive botnet consisting of a large number of Internet-connected devices—such as printers, cameras, residential gateways and baby monitors—that had been infected with the Mirai malware. The botnet threw 1.2 trillion bits of data every second at Dyn’s (a Domain Name System provider) servers, which shut down many major websites. What’s even scarier to fathom is that experts believe that only a fraction of the compromised devices was used in this attack, possibly as a test run for something even larger.

In past couple of months, DDoS attacks have been growing in frequency and size. Many experts attribute this to the proliferation of IoT devices such as smart TVs and home security cameras. While these devices make our offices and our households run more efficiently, they often include only minimal security features. Many hackers are targeting these types of devices as conduits for much larger attacks.

How to maximize SCADA security

Most modern SCADA systems have adopted IoT technology to reduce infrastructure costs and increase the ease of maintenance and integration. However, this type of technology brings with it more security concerns. As DDoS attacks continue to rise, SCADA operators need to have a clear understanding of their security risks and develop a set of procedures to address vulnerabilities.  Below, are some ways you can protect your system from future attacks.

Audit and limit the number of connections to your SCADA network:
While there are many benefits from connecting your SCADA network directly with other networks, any connection to another network introduces security risks, particularly if the connection creates a pathway to or from the Internet. To address this risk, you should perform an audit of all networks connected to your SCADA system and eliminate any unnecessary connections. Make sure you test all remaining connections for vulnerabilities and use the information to create protection strategies for all pathways. Implement firewalls, intrusion detection systems (IDSs), and other appropriate security measures at each point of entry.

Maximize all available security features: 
Not all SCADA systems have the same security features available, but you never want to rely on proprietary protocols or factory default configuration settings to protect your system. Most systems are installed to maximize usability and not security. Changing all default passwords and asking your system providers to implement any available security features will help ensure that your system is as secure as possible. This may be as simple as switching the key on your programmable logic controllers (PLCs) from ‘remote’ to ‘run,’ or utilizing the password-protection feature for your PLC programs.

Identify roles, responsibilities, and procedures:
By creating an organized and systematic set of procedures and assigning clear roles for each member of your team, it will build a sense of ownership and accountability across all facets of your network’s security. Accurate documentation of your security architecture can help your team understand the overall protection strategy and will make it easier to identify single points of failure.

Harden SCADA systems by disabling unnecessary services and removing unnecessary applications:
Many components used in SCADA systems come out of the box with certain services enabled, such as web servers. These web servers have default usernames and passwords, which are easily found in the product documentation. Because they are often overlooked by system owners and integrators alike, they represent an easy target for knowledgeable hackers. If not being used, disable these types of features before deploying the equipment to reduce the chance of hackers or malware exploiting them as a loophole into your system. Similarly, remove all unused and unnecessary applications that come preloaded on your SCADA computer. Any of these games, word processors or other desktop applications could have a vulnerability easily targeted and exploited.

Definitions and Resources:

Bot: a software application that runs automated tasks (scripts) over the Internet.
For more information: https://us.norton.com/botnet/

Botnet: a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.
For more information: https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-a-botnet-is/

IoT (Internet of Things): a development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.
For more information: https://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#439566466828

DDoS (Distributed Denial of Service) attack: an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
For more information: https://www.digitalattackmap.com/understanding-ddos/

Author

Rob Laird Sr. Technical Leader SCADA Service

View All Posts

Tags SCADA Water
Scroll back to top of the page