Vulnerability of SCADA Systems to Cybersecurity Attacks
Many different organizations and companies use SCADA/ICS (Supervisory Control and Data Acquisition/Industrial Control Systems) systems in various ways in their primary (production) processes or products. This includes manufacturing companies, control of bridges and locks, electric cars, equipment in intensive care units, as well as pacemakers and wireless insulin pumps. IoT (internet of things) is also playing an increasingly significant role in this context.

The key difference compared to risks in office automation is that the risk of incorrect control of these devices, such as through hacking, can lead to actual casualties. The question is not whether there will be casualties as a result of a cyberattack but when. Where the physical and digital worlds meet, the risks are no longer limited to downtime of office computers or data loss but extend to the deliberate incorrect control of physical machines where casualties can occur. This is expected to happen sooner rather than later.
In practice, there is still much work to be done to secure SCADA environments better. The global ransomware attack that disrupted cargo handling systems in the Port of Rotterdam is still fresh in memory. Last week, an article in Binnenlands Bestuur reported that the security of locks and pumping stations in water boards leaves much to be desired.
Many parties lack an understanding of the complexity of the issue. They also often do not know which steps to take to efficiently address the threats to SCADA environments.
Practical experience has shown this issue, leading to the development of a poster that can serve as a visual aid for discussing cybersecurity in SCADA environments. The poster provides an overview of the risks associated with SCADA and their consequences for the organization, along with a set of straightforward steps to mitigate these risks. Lastly, the poster offers insights into future developments so that parties can proactively prepare with appropriate security measures.
The poster incorporates practical experiences gained from working with various organizations. One of these organizations is Rijkswaterstaat, which was supported in the IMPAKT project over the past three years to enhance cybersecurity for bridges, locks, barriers, traffic control centers, and tunnels.
Related Insights
