What Managers Should Know About Pipeline SCADA Cybersecurity

By G.C. Shah, Wood Group Mustang, Houston, TX | February 2014, Vol. 241 No. 2

Supervisory control and data acquisition (SCADA) is a pivotal tool in achieving impressive productivity and reliability of pipelines. However, SCADA systems face cyber threats that could render them inoperable, causing substantial adverse effects on profitability. Worse yet, the threats could deactivate some safety systems, and jeopardize safety of the pipeline, workers and neighbors.

This article looks at SCADA cyber threats and possible solutions from the viewpoint of management. The focus is at the managerial level, and details of intricate technical nature, such as SCADA programming, firewall protocols and intrusion detection system protocols are omitted.

Simply put, a manager wants to ensure the SCADA system is capable of dealing with as many threats as possible. The bottom line is overall reliability and safety. Astute managers want to ensure:

• SCADA system will provide effective protection against known threats.
• There is a plan of action that can be implemented to recover from a security breach or security event relatively quickly.
• Employees are trained in procedural systems to ensure safety.
• Sufficient safeguards are in place to ensure security of the safety systems.
• There are periodic system audits.
• Systems are in place to upgrade SCADA systems in an efficient way.

So what are the threats? Threats are the vectors that could affect SCADA. Shown (Figure 1) is schematic of a pipeline SCADA and some examples of threats.

Broadly stated, these dangers could originate either from inadequate security procedures (e.g. access control: poor authentication techniques or poor change management in access rights of an employee along with changes in their positions within the company), or due to equipment shortcomings – hardware or firmware, or software failures (firewalls, intrusion detection programs).

While a large number of threats could be intentional, some can be accidental. In either case, the net result could have adverse effect. In addition, the term vulnerability is used to indicate “holes” or deficiencies in the existing SCADA system that could expose it to cyber threats.

Threats work in numerous ways. Someone can introduce malicious code in the SCADA commands that stops the SCADA, gives erroneous information to SCADA operators or affects safety and integrity. Malicious codes (logic programs that contain executable statements) take various forms, including viruses, Trojan horses, worms and or logic bombs.

These codes can cause “denial of service,” or give deliberately erroneous information (on the HMI screen), which can cause the operator to take erroneous steps. SCADA systems are typically interfaced with a company’s management (enterprise management) systems, as well as with the Internet. Traffic from the Internet can introduce malicious code (“hacking”). Also, workers or contractors may bring in flash drives that insert malicious code into SCADA. Remote access by wireless or Internet can do the same.

In order to protect the SCADA, systems include a number of design and operational concepts, including: