What is SCADA Penetration Testing?
The cyber world is full of acronyms and one of the most important is SCADA. SCADA is short for “supervisory control and data acquisition” and refers to a computer system that collects and analyses a constant flow of data. A SCADA system is used to monitor and control some of the most essential systems in the world. SCADA systems are used in plants and on sensitive equipment that handles energy, oil, water, gas, waste treatment, nuclear power, transportation, and/or telecommunications at the business or national level.
A SCADA system is the “brains” of these mission critical operations. The computer system gathers real time data and provides information about the status of the utility and transportation systems at every point. It reports on leaks, flows, environmental conditions, and breeches. Computer systems today are designed to eliminate as much vulnerability to outside breeches as possible, and to report when a system has been hacked, modified, or even when new exposures have been created.
Yet reports emerge regularly about SCADA systems that have been penetrated. As recently as April 2009, there was a report by the Wall Street Journal that hackers in China and Russia were attempting to hack into the US electric grid. What is truly interesting about this situation is the fact the hacking was not detected by the companies controlling the grids. It was uncovered by US intelligence agencies.
Penetration Closes the Windows
This very recent case of SCADA system hacking is a prime example of the need for regular system penetration testing. Securing essential infrastructures from internal and external hackers is a matter of constant diligence and assessment and that is why continual system monitoring is always required to be in place on a SCADA system.
SCADA penetration testing performs two major functions. First the continual security analysis assesses and monitors the system within its internal environment. This testing alerts operators to hacking originating within the organisation. It will also report on vulnerabilities that are system weaknesses creating windows for hackers to enter through.
The SCADA penetration testing also monitors the system externally. The purpose of this testing is to prevent hackers from outside the organisation from entering the SCADA system. As the US electric grid example clearly indicates, critical systems such as utility systems have exposure to a range of criminal intrusions, from the hackers looking for a challenge to their computer skills, to terrorists hoping to cause chaos.
SCADA penetration testing will mirror the connections of the SCADA system to all external systems. This is essential for replicating the kind of hacking activity that defines external attempts to access a computer system. The penetration testing will include analysis and assessment of existing interfaces such as the following.
- All connections including to internet and servers
- Connections to Remote Terminal Units (RTUs)
- Firewall systems
- Intrusion detections systems (IDS)
The assessment of vulnerabilities conducted as part of SCADA penetration testing involves a number of activities.
- Recreation of system architecture for creating and testing malicious code
- Check for vulnerable open ports on network and insure unknown ports are instantly identified when created
- Monitor backup operations
- Perform ongoing security checks and provided warnings and fixes
- Analyse and monitor all software vulnerabilities at all levels including registry, servers, and production terminals
- Analyse and monitor inter-computer communications
- Test for attacks on networks employed through content or code filtering and changing
- Test for security holes created by problems such as unsecured code or buffer overflows
SCADA penetration testing is comprehensive and tests the system both internally and externally. Hacking can originate on-site or remotely, occur within or without the system, be initiated by employees or non-employees, and occur through software or hardware vulnerabilities. SCADA penetration testing will review and assess current system operations and that provides the framework for continual protection strategies and tactics.