Today VirusBlokAda reported the first detection of malware that attacks SCADA systems running on Windows operating systems. The malware is called Stuxnet and uses four zero-day attacks to install a rootkit which in turn logs in to the SCADA’s database and steals design and control files. The malware is also capable of changing the control system and hiding those changes. According to Computerworld the malware was found on 14 systems, the majority of which were located in Iran.
SCADA (supervisory control and data acquisition) designs generally refer to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, including industrial and infrastructure processes.
SCADA designs are centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything from an industrial plant to states). A lot of control actions are performed programmatic by RTUs or by PLCs. Host control functions are usually restricted to basic overriding or supervisory level intervention (i.e. a PLC may control the flow of cooling water through part of an industrial process, but the SCADA design may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA design monitors the overall performance of the loop.
Networked SCADA systems (also referred to as 3rd generation systems are accessible from the Internet, and therefore are potentially vulnerable to remote cyber-attacks. On the other hand, the usage of standard protocols and security techniques means that standard security improvements are applicable to the SCADA systems, assuming they receive timely maintenance and update.
Many vendors of SCADA and control products have begun to address the risks posed by unauthorized access by developing lines of specialized industrial firewall and VPN solutions for TCP/IP-based SCADA networks as well as external SCADA monitoring and recording equipment. The International Society of Automation (ISA) started formalizing SCADA security requirements in 2007 with a working group, WG4. WG4 “deals specifically with unique technical requirements, measurements, and other features required to evaluate and assure security resilience and performance of industrial automation and control systems devices”.