SCADA Vulnerabilities
SCADA systems were designed for reliability and real-time performance in an era when they were completely isolated from external networks. As a result, many SCADA protocols and components lack basic security features - no authentication, no encryption, no integrity checks. When these systems are connected to IT networks and the internet, they become attractive targets for adversaries.
Common Vulnerability Categories
Insecure Protocols
Modbus, DNP3, and OPC-DA transmit data in cleartext with no authentication. An attacker on the network can read sensor values, modify setpoints, or send commands to controllers.
Example: A researcher demonstrated that Modbus commands can open/close valves on a SCADA-connected pipeline with a simple Python script - no credentials required.
Unpatched Systems
OT systems often run for years without security updates. HMI workstations on Windows 7/XP, PLCs with firmware from 2010, and network switches with default credentials are common findings in OT assessments.
Weak Access Controls
Shared passwords, default vendor credentials, no multi-factor authentication, and flat networks with no segmentation allow attackers to move laterally once inside.
Remote Access Weaknesses
Vendor remote support connections, jump servers, and VPNs into OT networks are prime targets. A compromised vendor laptop can provide direct access to the SCADA network.
Notable OT Cyber Attacks
Stuxnet (2010)
The first known cyber weapon targeting OT. Destroyed ~1,000 centrifuges at Iran's Natanz nuclear facility by manipulating Siemens S7-300 PLCs to spin at destructive speeds while reporting normal readings to operators.
Colonial Pipeline (2021)
A ransomware attack on IT systems led the operator to shut down OT (the pipeline) as a precaution, causing fuel shortages across the US East Coast. Demonstrated how IT attacks can have OT consequences.
TRITON/TRISIS (2017)
Targeted the Safety Instrumented System (SIS) at a Saudi petrochemical plant, attempting to disable the last line of defence against catastrophic incidents. Attributed to a nation-state actor.