SCADAfence - Securing The Systems That Power Our Life

For those who don’t know, could you  give us a brief overview of what are SCADA systems?

A SCADA system or an industrial control system is in charge of managing critical manufacturing and control systems of the most important things we use day to day. They are the automated computer systems that are controlling processes in critical infrastructure, manufacturing plants and building management systems. These operational technology (OT) networks are highly sensitive and prioritize the availability of the production systems above all.

How does IOT look from an industrial perspective?

Industry 4.0 and industrial IOT are two terms that go together. It is the concept of taking devices and enabling them to become smarter sensors in order to improve their productivity and reduce operation costs. Industrial control systems are now highly interconnected and there are growing connections between the devices internally and between the industrial network to external environments. While new technologies that are introduced into the production networks increase efficiency and allow companies to focus more on innovation, they also expose these networks to new threats, which require security measures to be taken into account at all times.

What kind of threats are SCADA systems facing these days?

There are 4 main threats that can occur as part of a cyber attack:

1. Operational downtime, where hackers sabotage and create unexpected downtime. We've seen this happening twice in 2015 when the entire Ukrainian electricity grid got shut down by politically-driven cyber criminals.

2. Product manipulation- instead of stopping the operation, some hackers manipulate the end product by changing the recipe or formula to create a different outcome. As a result, severe damages can be caused such as spoiled production batches or a defective product released to the market, which could potentially destroy a brand's reputation forever.

3. Sensitive information- Some hackers try to target information like secret formulas or production methods that are of great value for black market or for competitors.

4. Ransomware, whereby hackers target and encrypt data, and then demand money in exchange for keeping it secret or letting you use it. This type of threat also applies at an industrial scale, only the risks go way beyond the personal level. The biggest concern is that the hacker will try to control the production process and force manufacturers to pay so they can regain control over their own environment.

Recent events such as WannaCry ransomware campaign shows how generic attacks initiated by cybercriminals can also affect industrial control systems. Due to the attack, multiple industrial companies in various industries were hit. The most severe incident we know of so far is Renault/Nissan, which had to halt production in some factories due to the WannaCry attack.

What are non-malicious threats? And what risks do they impose?

Not all threats are derived from malicious intentions. Even human errors can create the same effect, where an innocent mistake or misconfiguration can lead to a different reaction to what the system was programmed to do. Since we are already monitoring the industrial environment, we help our customers to reduce risks that are also created unintentionally.

How are Cyber risks different across different industry sectors?

Collaborating with diverse industries such as manufacturing, critical infrastructure, and building management systems, we acknowledge the significant variations among them. For instance, the driving forces behind their adoption of our solutions often differ, with regulatory compliance being a prevalent motivation in certain cases, while other industries are primarily motivated by meeting their business needs. Moreover, the specific technologies employed and the involved vendors may vary across different sectors. Nevertheless, it is important to note that our solutions can bring benefits to any sector, irrespective of these variations.

How do you begin to assess the safety of a SCADA system? What would be the first things you'd look at?

Our technology is able to listen to the communications in a non-intrusive way and analyze what is the normal behavior profile. This allows us to quickly recognize when there are deviations from the expected behavior. Our three main benefits are:

• Visibility to the asset and network activity. Many companies are not even aware of the devices running on their network; they know the process but they don’t know the protocol and the assets within the environment. Being able to see your entire network is the first step towards securing it.
• Risk management helps the user to identify where breaches could come from in the future, and how an attack can make use of those access vectors to attack the industrial environment.
• Detection of threats - detecting ongoing threats such as cyber-attacks or non-malicious activities that are attempting to change the normal operations and require immediate response from the user.

What trends can we expect to see in the near future with SCADA security?

Generally what we're seeing in the industry is an IT/OT conversion. These 2 fields are becoming closer together, and are starting to create joint processes that focus on industrial IOT.

Security needs to be addressed by those teams. Specifically in industrial control systems, joint teams today need to bridge the gaps between IT/security teams and the operational teams, who need to work together. Only companies that have a joint IT/OT efforts to address their industrial security needs, are able to effectively secure their most critical assets.