The recent attacks on US Energy infrastructure serve to highlight the importance of protecting critical infrastructure data and SCADA control systems with the strongest high-assurance encryption.

There was a time when SCADA (Supervisory Control and Data Acquisition) systems would have been considered secure. However, as the world has become more connected, cyber-terrorists and state-sponsored malicious actors have appeared, even these conventionally siloed systems are often connected to the Internet.

With connectivity, comes vulnerability

Most of our critical infrastructure (energy, water, telecommunications, rail and traffic management) is controlled by SCADA systems that are connected to the rest of the world via high-speed data networks. This makes them vulnerable to hackers or cyber-terrorists, who may be motivated to harm these assets, steal, alter or inject data within the SCADA system.

Whilst a self-contained private network or “air-gapped” system would make it more difficult for unauthorised parties to access SCADA data, it wouldn’t be impossible. Given the critical nature of infrastructure control systems, they are a prime candidate for the strongest protection – high-assurance encryption.

Critical infrastructure systems need to be protected from eavesdropping, but more importantly against the injection of rogue data. The impact of fooling a water treatment plant into thinking a process had already been completed, or a power plant to think it was cooler than it really was, could be catastrophic.

One of the core components of a high-assurance encryption solution is the end-to-end, authenticated nature of the encryption. It is this authentication that delivers one of the critical security benefits of high-assurance encryption. Data integrity.

In an article for The Hill, Morgan Chalfant explores recent attacks on the US energy grid.

“ ….Officials with the Department of Homeland Security and FBI revealed last week that Russian hackers have staged cyber-attacks against the energy sector and other critical infrastructure since 2016.

Officials issued a public alert describing how hackers penetrated commercial entities on the fringes of the energy sector to compromise their intended victims. They were ultimately able to gain access to information on industrial control systems, technology used to power critical services like electric power and water.

In one case, hackers remotely accessed a human-machine interface, a device used by individuals to operate large industrial control systems — meaning they could have shut off power….”

In our opinion…

If ever there was a data network technology that demanded the strongest high-assurance, authenticated encryption security, it must be SCADA control systems.

Because SCADA control systems are used to manage anything from commercial and industrial control systems to critical energy, water and telecommunications infrastructures, they are a prime target for cyber-attacks by criminals, rogue states and terrorists.

Of course, the first rule for any SCADA system should be to never connect it to the Internet. Whilst it might be fine to deliver the video streaming service of your choice to your home, the Internet is simply not secure enough to entrust with control of our critical infrastructure.

Even private data networks are vulnerable; which is why they should be protected with high-assurance data encryption to ensure both secrecy and integrity of data.

We’d even argue that whatever high-assurance encryption solution is chosen, it should also be “crypto-agile” and quantum ready. That ensures the best long-term encryption security solution.

Senetas certified, high-assurance encryptors are crypto-agile and have been deployed to protect critical national infrastructure around the world; from energy grids to oil rigs.

To discover more about our encryption solutions for SCADA systems, visit the energy and utilities page on our website. Alternatively, you can get in touch by emailing info@senetas.com