Proceedings magazine is a communication tool for the Coast Guard's Marine Safety & Security Council. Each quarterly magazine focuses on a specific theme of interest to the marine industry.
Issue link: https://uscgproceedings.epubxp.com/i/436751
45 Winter 2014 – 2015 Proceedings www.uscg.mil/proceedings The Vulnerabilities Unfortunately, several system aspects make them especially susceptible to cyber attack. For example, most supervisory control and data acquisition systems in use today in the MTS are much older than other types of information technology (IT) systems. They were originally built as stand-alone sys- tems and were designed before cybersecurity was a com- mon consideration. 1 However, as computer and networking technology advanced, the demand for remote access to SCADA systems increased, which led to an often ad hoc integration of older supervisory control and data acquisition networks with newer corporate IT networks, creating hybrid networks. The decreased isola- tion of these systems increases vulnerabilities. Today, many SCADA systems can connect to the Inter- net, which offers great convenience to operators, but also increases cyber vulnerabilities. More than one million of these systems are also discoverable on the Internet, with Maritime transportation system (MTS) operation is quite different than it was decades ago. Today's busy ports have become highly automated to handle the modern global mar- ket's demand for faster, more effcient shipping. The Systems Computer-based systems provide vital real-time informa- tion to operators, with supervisory control and data acqui- sition (SCADA) systems increasingly used to monitor and control a variety of functions, including valves in petroleum and natural gas pipes that transfer fuel between ships and shore and the gantry cranes that load and unload contain- ers. Additionally, almost all modern cargo and U.S. military ships use SCADA systems in their sewage, propulsion, fuel, and fre-suppression systems. Cyber attacks on these systems can threaten national secu- rity, economic stability, and public health and safety, so pro- tecting such systems from cyber threats has become an issue of vital national importance. Control System Cybersecurity Legacy systems are vulnerable to modern-day attacks. by lCDR JennifeR M. kOnOn Sector Intelligence Chief U.S. Coast Guard Sector Delaware Bay Cybersecurity of Maritime Critical Infrastructure What Makes SCADA Systems Tick? The basic purpose of a supervisory control and data acquisition system is to allow remote control and monitoring, often for distribution systems such as transportation systems, natural gas and oil pipelines, power generation systems, and water distribution and collection. SCADA systems collect information from sensors on operating equipment, such as pumps, valves, switches, and sensors, then transmit and display the informa- tion to the end user in a geographically displaced location, allowing the user to control and monitor the system in real time. Several pieces of hardware make up the general structure —the human / machine interface, the master terminal unit, and the remote unit. The human/ machine interface provides an interface between SCADA system commands and the user, the master terminal unit collects data locally, while the remote terminal unit receives the data from the master terminal unit and transmits control signals to the field control systems that directly interact with the operating equipment. SCADA system software allows the operating equipment to func tion within certain parameters and to initiate specifc responses, should the equip- ment function outside of these param- eters. For example, the system will open up pressure relief valves in a fuel transfer pipe if sensors indicate danger- ously high pressure levels.