Many of today’s industrial processes depend upon computer systems to make them work more efficiently and effectively. Industrial control systems or ICS systems are the devices and systems that control industrial production and operation. In this video, learn the purpose of industrial control systems, including supervisory control and data acquisition (SCADA) systems.
- [Instructor] Many of today's industrial processes depend upon computer systems to make them work more efficiently and effectively. The many advances in technology that have sped up manufacturing, power plant monitoring, wastewater treatment, and other industrial processes require the use of computers. Industrial control systems, or ICS systems, are the devices and systems that control industrial production and operation. They include systems that monitor electrical, gas, water, and other utility infrastructure and production operations, as well as the systems that control sewage processing and control, irrigation, and other processes.
Hackers love to target industrial control systems for a number of reasons. First, a successful attack on an ICS system can have dramatic implications. Successful ICS attacks could disable a nation's power grid or damage or destroy parts of a city's infrastructure. Second, ICS systems are often not as well-secured as traditional computing infrastructure. And third, their higher requirements for stability and continuous operations means that they are less likely to be consistently patched and updated.
In fact, some ICS systems manufacturers advise their customers to not update the control systems and sensor devices. This makes protecting SCADA and DCS systems an even greater challenge, requiring additional planning to overcome. Let's discuss three different types of industrial control systems. Supervisory control and data acquisition, or SCADA, systems. Distributed control systems, abbreviated DCS. And programmable logic controllers, known more simply as PLCs.
SCADA systems, like the one shown here, are very common in industries that require remote monitoring of their infrastructure and production systems, like natural gas pipelines, power production and distribution infrastructure, and water supply control systems. SCADA systems typically include individual remote sensors known as remote telemetry units, which provide reports back to the central data collection system and provide some level of local control. The central system then uses the information provided by the remote units to control the entire grid or pipeline of production and control systems.
Attacks against SCADA systems can target the feedback provided to the central control system or can cause the local sensor and control unit to perform an incorrect action. Distributed control systems, such as the one shown here, are frequently used to control water and wastewater treatment and distribution systems, power generation plants, refineries and production lines, and facilities like those that make cars, electronics, and even food products throughout the world. DCS systems use a combination of sensors and feedback systems to control and adjust processes as they receive feedback.
Much like SCADA systems, an attack against a DCS system could be as simple as providing incorrect feedback resulting a shutdown, overproduction, or delay in the system at a critical time. Programmable logic controllers, like the one shown here, are special purpose computers designed to handle specialized input and output systems. They are typically designed to handle difficult environments with special temperature, vibration, or other requirements while still functioning. PLCs are designed to handle and respond to their specialized input and output requirements reliably to ensure that the processes they support occur without interruption or delay.
PLCs connect to a human machine interface, or HMI, to provide interfaces that can interact with human operators. Typical PLCs don't have a monitor or other interface beyond buttons or lights built into them. PLCs are commonly used in both SCADA and DCS systems. The results of a SCADA system attack can be devastating. In 2000, a hacker, irritated because he was refused a job in an Australian municipality, used his knowledge about their water treatment software and systems to release millions of liters of raw sewage into local parks, rivers, and covering the grounds of a local hotel.
The Australian EPA said that marine life died, the creek water turned black, and the stench was unbearable for residents. This attacker used inside knowledge because he had previously worked for the company that installed the system. When the police arrested him, they discovered that he had made 46 attempts to hack into the system, and that his car contained the radio and computer equipment necessary to wage this attack.
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding security and evaluation models
- Cloud computing and virtualization
- Securing hardware
- Client and server vulnerabilities
- Web security vulnerabilities
- Securing mobile and smart devices
- Understanding encryption
- Key management and public key infrastructure
- Physical security