SCADA Security Vulnerability Checklist

Download free SCADA Security Vulnerability Checklist:

- Commodity infrastructure: The changes in SCADA systems have exposed them to vulnerabilities that may not have existed before. For example, the switch from using leased telecommunications lines to public infrastructure ie. public CDMA and GSM networks, the use of commodity computers running commodity software and the change from proprietary to open standards have meant that vulnerabilities have been introduced into SCADA systems.

- Network Architecture: Effective network design which provides the appropriate amount of segmentation between the Internet, the company's corporate network, and the SCADA network is critical to risk management in modern SCADA systems. Network architecture weaknesses can increase the risk from Internet and other sources of intrusion.

- Confidentiality: Generally, there are no mechanisms in SCADA to provide confidentiality of communications. If lower level protocols do not provide this confidentiality then SCADA transactions are communicated "in the clear" meaning that intercepted communications may be easily read.

- Authentication: Many SCADA systems give little regard to security, often lacking the memory and bandwidth for sophisticated password or authentication systems. As a result there is no mechanism to determine a system user's identity or what that user is authorized to access. This allows for the injection of false requests or replies into the SCADA system.

- Lack of session structure : SCADA systems often lack a session structure which, when combined with the lack of authentication, allow the injection of erroneous or rogue requests or replies into the system without any prior knowledge of what has gone on before.