“My SCADA System is Secure” and other Security Myths
Abstract:Many utility managers believe their SCADA systems and networks are protected from tampering. They may utilize state-of-the-art firewalls, routers, VPN's, access control and other security measures that are administered by diligent system administrators. But are they really safe? Many times the answer is “no” even though the utility staff think they are impervious. In numerous vulnerability assessments of water and wastewater control systems, penetration studies have found significant vulnerabilities. Security professionals, using free, commonly-available hacking tools, have been able to easily access and control SCADA systems – sometimes within hours and without notice.
This paper is intended to raise awareness regarding several essentials of SCADA and Cyber security, including:
Sources of threats and how security professionals view the probability of attack.
Known vulnerabilities to SCADA systems, potential points of attack and common ways a hacker could enter a system.
Industry efforts to provide better security of SCADA systems
Legislation that would require Wastewater Systems to perform Vulnerability Assessments that include the SCADA and Cyber networks and systems
Included throughout this paper are several security “Myths”. These “Myths” represent misperceptions that have been encountered in the Water/Wastewater Industries.
Document Type: Research Article
Publication date: January 1, 2003
More about this publication?
- Proceedings of the Water Environment Federation is an archive of papers published in the proceedings of the annual Water Environment Federation® Technical Exhibition and Conference (WEFTEC® ) and specialty conferences held since the year 2000. These proceedings are not peer reviewed. WEF Members: Sign in (right panel) with your IngentaConnect user name and password to receive complimentary access.
- Subscribe to this Title
- Membership Information
- About WEF Proceedings
- WEFTEC Conference Information
- ingentaconnect is not responsible for the content or availability of external websites