What Is SCADA?
SCADA is the dominant industrial automation control system in the world today. Most large manufacturing systems, energy, and critical infrastructure are reliant upon it. The “S” does not mean Security (SCADA stands for Supervisory Control and Data Acquisition) and, in fact, that lack of a security focus is the prime reason behind the rise of SCADA-oriented malware attacks recently.
The reality is that highly-skilled people were attempting to solve extremely complex issues – industrial automation at scale – and attempting to shoehorn security into this process was just too hard and caused more issues than it fixed. On top of this general challenge, a review of the problems reveals an underlying concern – security run by non-experts:
- One hack caused by the lack of a DMZ which is standard issue for any security expert
- Malware-based attacks on Windows 7 machines that were not updated and still running Windows 7 in 2016!
- Ransomware downloaded from an unsafe website due to a lack of enterprise controls
The Real Issue
It is easy to blame the companies in general or “IT” but the reality is that most of these companies were not built to provide security services. As such, they focus on attracting the top talent in their areas – factory workers, energy engineers and so forth – and they create a culture to that end. Nowhere in their planning and growth projections do they jump up and down and get excited to hire full-time security experts. Security just gets in the way, causes issues and, invariably, fails…
And yet the problems are getting worse, updates to SCADA/ICS are not addressing these issues and something has to be done.
For many of these companies, the concept of just having secure systems is appealing. Most do not care how the system is protected; what products are used; how many attacks were detected; just make it safe to do business and do not bother them with the details. Better yet, for many of these companies, just offload all of the security to some other group outside the company – a group that maintains the protection but is not really part of the main group of employees.
From a security perspective, experts need the ability to constantly change approaches and solutions; proactively monitor systems; and effectively combine numerous niche groups of expertise into one larger offerings – all without disrupting customer businesses. To be honest, most security people do not want to deal with annoying employees – they just want to annihilate the bad guys. Moving these experts to a central location outside of an enterprise is a win-win.
From a provider perspective, the ability to centrally manage vendors, enforce best practices and standards and enable the rapid correction of issues regardless of the number of vendors are critical elements to success. At the end of the day, reducing security for enterprise customers to a single phone call to a trusted provider is very powerful. As a provider, building a vendor network that enables centralized incident management across products as a service is paramount.
Bear provides this new solution paradigm through its Bear Communications Platform. This platform enables vendors to plug into a new virtual layer of communications and control that is invisible to applications and systems, runs over any existing network and can provide powerful control and information without issues of scale or load. Based on how this platform works, changes can be made with no unintended business disruptions and truly secure systems can be centrally managed across vendors by trusted providers.
This platform would never look to replace SCADA – rather SCADA would sit on top of this transparent platform and operate as it does today but in a safe, secure environment that frees industrial customers from having to worry about security.