It should come as no surprise that Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) that control key functions in critical infrastructure are especially at risk of cyber attack. If saboteurs manage to compromise critical infrastructure services, a country's economy and military defenses can be severely hampered. In addition, since organisations that operate critical infrastructure often own valuable intellectual property, this information can be a target for foreign state actors trying to steal intellectual property to advance their economies or to win competitive bids.
So what is the current state of SCADA Security? In the past year we have seen some disturbing news that highlights the growing risk of SCADA attacks:
* December 2014--SCADA attack causes physical damage: In late 2014, an unnamed German Steel Mill suffered extensive damage from a cyber attack. The attackers were able to disrupt the control system and prevent a blast furnace from being shut down, resulting in 'massive' damage.
* March 2015--Energy sector hit the hardest: A report by the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) found that it received 245 cyber incident reports from asset owners and industry partners in the fiscal year of 2014. The largest number of these incidents occurred in the energy sector with 79 incidents.
* April 2015--Number of SCADA attacks doubles: According to the 2015 Dell Security Annual Threat Report, SCADA attacks are on the rise. The report found that in 2014, the number of attacks on SCADA systems doubled compared to the previous year. Most of these attacks occurred in Finland, the United Kingdom, and the United States. This is probably due to the fact that in these countries SCADA systems are more likely to be connected to the internet.
* October 2015--Nuclear industry especially at risk: Chatham House, a UK think-tank, reported that the risk of a cyber attack on nuclear infrastructure is growing. The trend towards the digitization of SCADA systems is increasing the vulnerability of nuclear facilities, and many are inadequately prepared. Even where facilities are air-gapped, this safeguard can be breached with nothing more than a flash drive.
* November 2015--SCADA Security priority for US military: At the recent CyberCon 2015 conference, LTG Alan Lynn, DISA (Defense Information Systems Agency) director, said, "We recognize the enemy will use the Internet to recruit, to take...