Supervisory control and data acquisition (SCADA) refers to a system commonly used by natural gas companies and other utility providers. The system is used to collect and analyze data for industrial equipment. It is also an industrial control system (ICS), i.e. an electronic control system used to monitor critical infrastructure.
What is SCADA?
SCADA is "a computerized system that is capable of gathering and processing data and applying operational controls over long distances," according to the National Institute of Standards and Technology (NIST). The system is designed to address the communication challenges of critical infrastructure organizations.
What is Wireless SCADA?
Wireless SCADA allows an organization to remotely monitor and manage its industrial assets and data. A wireless SCADA system typically relies on VHF and UHF radio frequencies for data transmission and communications. It enables users to transmit and receive data on a single radio channel.
What is ICS?
An industrial control system is used to operate or automate industrial processes. This type of system consists of devices, networks and controls that allow organizations to electronically manage tasks. It is utilized in virtually every critical infrastructure sector.
What is the Difference Between ICS and SCADA?
A supervisory control and data acquisition system involves monitoring and controlling processes from a central location. The system is intended for remote monitoring and management of complex processes, making it susceptible to ransomware, malware and other cyberthreats. Thus, SCADA system cybersecurity and data breach prevention are key.
SCADA is a form of ICS. However, not all industrial control systems are designed for remote monitoring and management. An industrial control system can be used for tracking and controlling simple and complex processes as well.
Types of Industrial Control Systems
Along with SCADA, there are several types of industrial control systems, such as:
- Distributed Control Systems (DCS): This type of ICS gives users the ability to manage devices or processes on an individual level. To do so, the system uses intelligence about a device or process for control rather than having a user directly manage it.
- Process Control Systems (PCS): These systems let users monitor and optimize production processes.
- Industrial Automation and Control Systems (IACS): These use sensors to track and control processes on smart devices, machines, hardware and software.
What is Critical Infrastructure?
Critical infrastructure refers to "assets, systems and networks that provide functions necessary for our way of life," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) points out. These assets, systems and networks make up a complex, interconnected ecosystem. As such, critical infrastructure threats can compromise national security, the economy and public health and safety.
What is a Critical Infrastructure Organization?
A critical infrastructure organization refers to any organization that serves or supports national security, the economy, public health and safety or any combination of the three.
What is a Critical Infrastructure Industry?
CISA notes that there are 16 critical infrastructure industries:
- Chemical
- Commercial facilities
- Communications
- Critical manufacturing
- Dams
- Defense industrial base
- Emergency services
- Energy
- Financial services
- Food and agriculture
- Government
- Healthcare and public health
- Information technology
- Nuclear reactors, materials and waste
- Transportation systems
- Water and wastewater
How do Critical Infrastructure Organizations Use SCADA?
With a SCADA system, a critical infrastructure organization can:
- Collect and process data in real time.
- Use software to interact with sensors, valves, pumps, motors and other devices.
- Log events.
How does a SCADA System Work?
SCADA consists of hardware and software components used to manage industrial processes locally or remotely. It is made up of three components:
- Field Devices: These devices provide the data that a critical infrastructure organization wants. Gateways are connected to field devices, and they collect data from them.
- Programmable Logic Controllers (PLCs) or Remote Terminal Units (RTUs): These are microcomputers that interact with field devices and human machine interfaces (HMIs) to ensure that data is properly transmitted from field devices to a critical infrastructure organization.
- HMIs or Graphical User Interfaces (GUIs): These interfaces provide users with access to data from critical infrastructure field devices. They interpret and display the data in a format that's easy to understand. They also ensure that data is securely accessible in the cloud or via servers.
Together, these components transmit data from equipment that needs to be monitored and controlled to an interface where the information can be analyzed and used for reporting.
What Types of Data does a SCADA System Collect?
SCADA systems can be used to collect any data from field devices. For example, critical infrastructure organizations often use these systems to track and evaluate the temperature, speed and other data relating to the performance of their field devices. Organizations can identify the types of data that they want to collect from their SCADA systems and monitor and evaluate them accordingly.
Examples of SCADA Systems and SCADA System Applications
Oil and Gas
Oil and gas companies use SCADA systems for industrial process automation. A SCADA system can provide these companies with insights into tank levels, temperature, pressure and flow — without having to send technicians to oil and gas sites to get these measurements. And, the system provides oil and gas companies with a steady flow of data and insights that they can quickly and easily access as needed.
In addition, oil and gas companies can utilize SCADA to prevent emergencies. For example, a sensor can show that the pressure in a well has reached an unsafe level. At this point, an alert can automatically be sent out to shut off the system. This helps keep people safe and avoids costly downtime.
Smart Cities
Smart cities can leverage SCADA for wastewater treatment, power grid management and more. SCADA control systems let smart city officials monitor their critical infrastructure. These officials can see everything from public power consumption to traffic light patterns at a moment's notice.
With SCADA, smart city officials can track resource usage. If there's a spike in resource consumption, these officials will find out about it right away. Plus, smart city officials can generate insights that they can use to find ways to optimize their communities' resource usage and minimize their carbon footprint.
Smart Manufacturing
Smart factories feature SCADA system sensors that identify machine issues before they escalate. If a machine is not functioning as expected, these sensors can notify managers, and they can address the issue. That way, the machine can work properly, and workers won't have to worry about utilizing equipment that may be ineffective or unsafe.
Along with this, SCADA systems allow manufacturers to track the output speed of their machines. This can help manufacturers develop and implement maintenance schedules so they can keep their machines working correctly for long periods of time. Manufacturers can also avoid machine issues that lead to production delays and revenue losses.
Why is SCADA Important?
SCADA systems help organizations manage production in accordance with industry regulations. These systems allow organizations to identify and address maintenance issues and other problems that can otherwise hamper their production processes. They also help organizations avoid production errors that can cause downtime and compromise critical infrastructure.
Thanks to SCADA, organizations can collect both real-time and historical data about their field devices as well. Real-time data helps organizations optimize the performance of their field devices. Meanwhile, historical data ensures organizations can find ways to maximize the performance of their field devices long into the future.
Benefits of SCADA
- Remote Troubleshooting: SCADA lets users identify and remediate equipment problems from any location, at any time
- Remote Control: With SCADA, users can remotely control equipment.
- Increased Uptime: Users can monitor the performance of their devices before they slow down or crash.
- Reduced Energy Costs: Users can gather and evaluate data to understand their energy costs and find ways to reduce them.
- Process Improvements: SCADA ensures users can analyze and optimize their industrial processes.
- Faster Response: A SCADA system notifies users as soon as an incident happens so they can quickly respond to it.
- Data Analysis: SCADA systems provide data that helps users get the best results out of their field devices, avoid outages and more.
SCADA Challenges
Security represents the biggest challenge with SCADA systems. Cybercriminals frequently target these systems in the hopes that they can infiltrate them to gain access to critical infrastructure, including:
- Power plants
- Water treatment facilities
- Transportation systems
In addition to security, compatibility and scalability are major challenges with SCADA systems.
It is paramount for an organization to find a system that complements its technology stack. If an organization doesn't, it can be expensive and time consuming to get the system to work as expected.
There can be times where organizations don't plan for SCADA system implementation, either. Without proper planning, an organization may struggle to collect the data it wants from its field devices. On top of that, the organization risks SCADA system cyberattacks and data breaches.
How do Cybercriminals Attack SCADA Systems?
There is no one-size-fits-all option that cybercriminals use to attack supervisory control and data acquisition systems. Common attack methods that hackers utilize when they target SCADA systems include:
- Denial-of-service attacks
- Viruses
- Worms
Tips to Implement a SCADA System
- Figure out what you want to monitor and the data you want to collect.
- Select one set of data that you want to collect and one location for collecting the data and perform a proof of concept.
- Establish architecture for data collection and monitoring.
- Add gateways so you can collect data from your field devices.
- Make sure that your data goes to a central monitoring location.
- Map your data to SCADA software.
- Visualize your data and controls.
- Set up automations and rules.
How to Protect Against SCADA Security Threats
- Use a firewall, intrusion detection system (IDS), access controls and other security measures across your system.
- Conduct regular security audits to look for security gaps; if you find any gaps, address them immediately.
- Offer cybersecurity awareness training to your employees to teach them about cyberthreats and how to respond to them.
- Gather and evaluate threat intelligence and continue to explore ways to improve your security posture.
- Monitor the cyberthreat landscape so you can keep pace with current and emerging threats.
