Recent SCADA Attacks Highlight the Critical Need for Industrial IT Security

Supervisory control and data acquisition (SCADA) is a lynchpin in modern manufacturing, a system of software and hardware elements that allows industrial organizations to:

  • Control industrial processes locally or at remote locations
  • Monitor, gather, and process real-time data
  • Directly interact with devices such as sensors, valves, pumps, motors, and more through human-machine interface (HMI) software
  • Record events into a log file

Increasingly, organizations are transforming their SCADA systems to create next-gen industrial networks with robust automation capabilities. But with the increased automation technology comes growing cyber security threats.

In the past five years, attacks have grown rapidly, creating and exposing major vulnerabilities that threaten mission-critical systems.

The Threat is Growing

The number of SCADA attacks has steadily in recent years, from 91,676 in January 2012 to 163,228 in January 2013, up to 675,186 in January 2014. Then, total attacks against SCADA systems doubled in 2014.

And it didn’t stop there. Attacks increased in 2015, and hacks targeting industrial control systems (ICS) increased over 110 percent in 2016. Once broken, attackers can remotely monitor or control connected SCADA devices.

In 2018, these attacks continue with alarming frequency — manufacturers face unprecedented attacks nearly every day.

What’s Vulnerable to Attack?

Today’s systems have countless devices and systems that could be affected by cyber attackers accessing the SCADA system, including:

  • Programmable logic controllers (PLCs)
  • Distributed control systems (DCS)
  • Motor control centers
  • Servers
  • And more

In this article, we’ll cover some of the biggest recent attacks to help give you an idea of the kinds of threats you must prepare for as you set up your SCADA system and ICS.

2018 U.S. Pipeline Attacks

In March 2018, a massive attack compromised the data systems powering major natural gas pipelines all across the U.S. The vulnerability? Attackers breached a vendor’s electronic communication system that handles computer-to-computer document exchanges with customers.

The attack demonstrates why IT security among not only in internal systems but also vendor systems is so important. Attackers can break into vendor data systems, then breach yours — make sure your vendors safely manage their SCADA networks and data systems.

UK Energy System Attacks

A report from the UK’s General Communications Headquarters (GCHQ) National Cyber Security Centre (NCSC) confirmed hackers have targeted the UK energy sector in 2018.

The report states that ‘industrial control system organizations are likely to have been successfully compromised.’

These attacks show how intrusions into SCADA systems are only increasing, requiring better industrial IT security and a vigilant practice of ensuring critical systems receive updates in their protective measures.

Beware of Malware: ICS Malware Hit European Energy Company

The SFG malware, discovered in June 2016 on the networks of a European energy company, created a backdoor into targeted industrial control systems. The backdoor delivered a payload that was could be used to extract data from or even shut down the energy grid.

Like many viruses, the Windows-based SFG malware is designed to bypass traditional antivirus software and firewalls. It was built specifically to target ICS infrastructure.

Industroyer: Ukraine Power Grid Attack — Educate Your Team on Threats

In both December 2015 and December 2016, massive attacks took down power in Ukraine.

In the most recent attacks, the bug Industroyer was used to control electricity substation switches and circuit breakers through industrial communication system (ICS) protocols. These are the very same ICS protocols used worldwide in commercial applications.

The 2016 attack knocked out power in Kiev, Ukraine for a full hour.

The 2015 attacks targeted a power company in western Ukraine. Investigators discovered that cybercriminals used BlackEnergy malware to exploit Macros in Microsoft Excel documents after planting the bug into the company’s network using spear phishing emails.

These attacks succeeded because employees and management lacked situational awareness and understanding of security threats. The breaches demonstrate the need for active IT security planning, management and communication throughout the industrial organization.

Rye Brook, New York Dam Attack

In March 2016, the U.S. Justice Department reported that hackers broke into the core command-and-control system of dam in Rye Brook, New York. How did they get in? All they had to do was infiltrate the industrial controls — with a cellular modem. This breach shows just how vulnerable SCADA systems can be if not properly secured and was similarly replicated by researchers at Georgia Tech who were able to change chlorine levels in water with similar access.

Security is Crucial: Make it a Priority

Industrial security is only growing more and more important every day, with attacks on SCADA systems and ICS on the rise. We highly recommend taking several key steps to secure your systems.

Here are the big key steps to secure your network now.