For electric cooperatives, SCADA systems are an essential part of operations. Unfortunately, they also have a reputation for being vulnerable to cyberattacks. But they don’t have to be. You can keep your SCADA systems secure and still provide reliable service to your members. Here are some steps you can take to secure your SCADA system.
SCADA Systems and Electric Co-ops
SCADA is an acronym for Supervisory Control and Data Acquisition. It generally refers to an industrial computer system that monitors and controls a process.
For electric cooperatives, this usually means a device like a recloser, which is an automatic, high-voltage electric switch. Like a household circuit breaker, a recloser shuts off electric power when trouble such as a short circuit occurs. But while a household circuit breaker stays shut off until it is manually reset, a recloser automatically tests the electrical line to determine whether the problem is solved. If it is, the recloser automatically resets itself and restores power.
SCADA systems are vulnerable to cyberattacks because they are very straightforward machines. Unlike your home computer, they don’t have entire operating systems that often have security suites, extensions, or programs. SCADA systems are industrial workhorses, designed to perform their specific function with no bells and whistles, whether collecting data or performing an automated process.
As a result, some older SCADA systems don’t even have a username or password interface. Or, if they do, the device may only require a username OR password and are sometimes never changed from the factory defaults. It can be easy to get lulled into a false sense of security with SCADA devices. In the case of electric co-ops, they’re often hardwired, running in the middle of nowhere on a cellular network.
In actuality, your SCADA systems need just as much protection from cyber threats as the rest of your co-op’s IT systems. They can be sabotaged by being made unresponsive or hacked to give inaccurate information. Operators could get locked out from controlling the devices.
One of the most infamous and extreme examples of a SCADA attack is Stuxnet. A three-part cyberattack, Stuxnet effectively sabotaged an Iranian nuclear power facility suspected of enriching uranium to create nuclear weapons. The attack caused the facility’s centrifuges to malfunction by changing their speeds. A particularly pernicious aspect of Stuxnet was a component that made the system display false information that said everything was operating normally. It was a little like the fake security camera footage in a heist movie that shows an empty hallway when in reality the thieves are breaking in. Workers monitoring the systems had no way of knowing anything was wrong until it was too late.
While Stuxnet is an extreme example, most SCADA systems can fall prey to similar attacks. Fortunately, even your older SCADA systems can be made more secure. By implementing the five steps below, you can continue to operate safely and provide reliable service for your members without losing sleep at night about potential attacks.
1) Identify all your SCADA devices
You can’t defend a SCADA device if you don’t know if it’s part of your system. It can be challenging to keep track of what devices are where when manually keeping an inventory. Maybe a SCADA device got moved and wasn’t updated. Or a device may have needed repairs and a slightly different type of device came back. Previous organizations may have added other SCADA devices. Maintaining an up-to-date inventory of all your devices is a crucial first step in hardening your SCADA system’s overall security.
2) Identify all connections to SCADA equipment and remove any unnecessary connections
A SCADA device may be connected to external systems, like a vendor or business partner. These connections form a chain in which each link is a potential vulnerability, so it’s essential to consider each SCADA system and its connection to anything else. It’s also important to remove any unnecessary connections.
3) Set a separate password for each device with a good level of entropy
It’s not uncommon for SCADA systems to come with default passwords or usernames that are never changed. A straightforward, low-cost step you can take to protect your SCADA systems is to change the passwords and usernames to something complex. Make sure each device has its own unique password. A great place to check your passwords level of entropy is Steve Gibson’s Password Haystacks tool. – https://www.grc.com/haystack.htm
4) Limit access to SCADA systems
Controlling who can access what systems is key to maintaining a robust security posture. Limit access to your SCADA network to only those who truly need it and only give them access to the devices necessary to do their work. And keep a detailed log of who has access to what devices that’s always up-to-date.
Even though most SCADA devices only have simple authentication protocols in place, such as a password, you can still add another security layer like token-based authentication.
5) Harden your SCADA network by removing or disabling unnecessary services
It’s important to examine each device on your SCADA network and see what services are enabled and running on it. Make sure you know the use of each service and what it should be doing. New SCADA devices often come with every feature enabled, but you may not need all of them running all the time. The more services you have running the larger the security footprint that needs to be covered.
For example, it’s perfectly normal to see a new recloser set up with ethernet, cellular, or point to point wireless with all of its standard services available. A lot of times, FTP, Telnet, HTTP, are all running. You may only need FTP and Telnet when performing specific maintenance or deploying an update. Ideally, those would only be enabled when actively being used.
6) Keep up with patch management of your SCADA devices
Admittedly, this can be easier said than done. Still, its importance makes it well worth the effort. In an ideal world, you would keep your SCADA devices up to date with the latest software from the SCADA vendor. Unfortunately, SCADA vendors don’t document the updating or patching process well. Usually, patching or updating a SCADA device will require a complete reconfiguration on both ends.
For most utilities, this isn’t feasible to do. However, you can ask your SCADA vendor to provide step-by-step guidance for patching the operating system underlying your system. I highly recommend you do this in order to keep your software up to date.
How TITAN can help
Some of these steps may seem daunting, but TITAN can make them far easier to execute.
TITAN can help you stay on top of your co-op’s SCADA inventory. It automatically discovers all SCADA devices on your network and generates an accurate map and flow of all traffic. Using TITAN, you’ll instantly know when new devices are added or removed from the SCADA network.
More than merely knowing what devices you have, TITAN also helps you maintain operational efficiency by monitoring the devices. If a device starts behaving differently, TITAN will issue an alert. It will monitor and analyze actual OT traffic streams like DNP3, Modbus, ICCP, SEL, etc. and is programmed to know what traffic is typical for an electric cooperative and what traffic is not.
You already know cybersecurity isn’t optional for your electric co-op. It’s important to remember that security also extends beyond desktop computers and internet usage and includes your co-op’s crucial SCADA systems as well.
Contact SkyHelm today and learn more about how TITAN protects all of your cooperative, including its SCADA devices.