What is SCADA Penetration Testing?
The cyber world is full of acronyms and one of the most important is SCADA. SCADA is short for “supervisory control and data acquisition” and refers to a computer system that collects and analyses a constant flow of data. A SCADA system is used to monitor and control some of the most essential systems in the world. SCADA systems are used in plants and on sensitive equipment that handles energy, oil, water, gas, waste treatment, nuclear power, transportation, and/or telecommunications at the business or national level.
A SCADA system is the “brains” of these mission critical operations. The computer system gathers real time data and provides information about the status of the utility and transportation systems at every point. It reports on leaks, flows, environmental conditions, and breeches. Computer systems today are designed to eliminate as much vulnerability to outside breeches as possible, and to report when a system has been hacked, modified, or even when new exposures have been created.
Yet reports emerge regularly about SCADA systems that have been penetrated. As recently as April 2009, there was a report by the Wall Street Journal that hackers in China and Russia were attempting to hack into the US electric grid. What is truly interesting about this situation is the fact the hacking was not detected by the companies controlling the grids. It was uncovered by US intelligence agencies.