Meet With Armis at RSAC 2024

Schedule a Meeting

What is SCADA and DCS when discussing cybersecurity?

As industrial control systems, specifically SCADA and DCS systems, become increasingly available to intruders and adversaries, it is time to look at how we secure these critical assets.

Oftentimes, industrial devices are set in networks for decades at a time. It is impossible to predict what tomorrow’s vulnerabilities and risks will look like, and as yesterday’s industrial devices prove, nobody expected vast interconnected networks across plants, countries, and the world, underpinned by a constant threat vector called The Internet. What was once simply a discussion around processes and controls that maximized output and minimized downtime has now come to include cyber threats against a category of devices that were never built to fend off anything other than the typical misconfiguration or broken valve.

So whereas we were once concerned with discrete actions against a machine, from a favored vendor, with proprietary protocols, we are now faced with an ecosystem of devices, from dozens of vendors, that not only need to interconnect and communicate together but do it in such a way that improves efficiencies, reduces downtime, more safely than ever before.

So as these systems and devices become more and more Internet-facing, security requirements have changed. In-depth and detailed monitoring of low-level activities is a must. Why would an advisory bother to learn Modbus when they can leverage a Windows vulnerability in a device that sends commands to a controller running Modbus? They wouldn’t. But the interconnected nature we are now faced with forces us to consider monitoring activities that were once deemed sacred. And these activities reside within our SCADA and DCS systems that control critical processes and machinery.

Are these SCADA and DCS system operating systems? You guessed it…Windows, RTOS, Linux, WindRiver, and all the vulnerabilities that come with them. This means our operations managers now have to bring a full suite of traditional cybersecurity solutions into the mix to mitigate the threats they never thought they would be faced with.