The Defense-In-Depth Architecture and the Supervisory Control and Data Acquisition (SCADA) Systems

Unauthorized Access to Network Resources and the Role of SCADA Systems

For many years now, there are increased cases of unauthorized access to network resources as well as critical data because of the proliferation of Internet of Things devices. Therefore, many organizations such as hospitals, schools, and government institutions are embracing the Supervisory control and data acquisition (SCADA) systems to offer protection against intruders, as a result minimize the risks of data breaches.

Defense-in-Depth Architecture

Defense-in-depth architecture, for many years, have been used to reduce the risks of supervisory control as well as data acquisition being accessed by intruders because it is built around a dual-data model. It is easy to connect various sensors and legacy systems through the dual-data approach. Numerous studies show that, defense-in-depth architecture is a secure system that is not found in many of the security networks, which often lack effective protection against intruders. The defense-in-depth-architecture is a multilayer architecture that involves two or more security mechanisms. This approach is commonly referred to as a defense in depth since, even if one measure fails, it cannot affect the whole system, as a result minimizing the business services to be interrupted. Using two or more firewalls, defense in depth approach creates demilitarized zone (DMZ) and employs intrusion detection and prevention system (IDS/IPS) devices. Additionally, it embraces effective security policies as well as business operations. Apart from protecting large architectures, the use of several DMZs provides extra security to separate functionalities. Further, the defense-in-depth architecture has several other features such as the API (xAPI), and the learning record store (LRS), which are respectively used to store as well as retrieve data across diverse platforms and stores data generated from SCADA (Wang, 2016).

SCADA System and its Application in Industrial Control Systems

SCADA system, on the other hand, is an industrial control system (ICS) used by organizations to monitor as well as control processes across remote sites. Over the years, ICS have found much use in critical infrastructure sectors such as water treatment, clean water supply, electricity, and transportation systems. SCADA infrastructure have found use in the collection of data from the field, transferring it to a control center, perform data abstraction, and presenting decision makers with information. Typically, the supervisory control and data acquisition systems are comprised of several basic parts such as sensors, PLCs, servers as well as master terminal units (MTUs), human machine interfaces (HMIs), and network and communication equipment (Wang, 2016).

Segregation and Security of SCADA and IoT Networks

SCADA and the IoT and corporate control networks should be segregated to enhance security. The security on the IoT and corporate control networks can be improved by using a two-port firewall between them. Further, the SCADA as well as the corporate networks are protected from hackers by establishing a demilitarized zone between them. Three interfaces must be offered by the firewall and separately connecting them to the corporate or IoT networks, the SCADA network, and lastly, to the shared or insecure servers. The use of the first firewall is to block arbitrary packets from entering into the SCADA network or DMZ servers. The second and the third firewalls protect the SCADA network from unwanted traffic and also protect the shared servers in the DMZ from the SCADA network traffic respectively. Additionally, the SCADA as well as the defense-in-depth architecture use a more robust authentication approach. The two systems use SSL protocols as well as smart sensors with inbuilt hardware encryption capabilities to encrypt or authenticate information (Wang & Kelly, 2017).

References

Wang, S. (2016). Dual-data defense in depth improves SCADA security. Signal, (10), 42-44.

Wang, S., & Kelly, W. (2017). Smart cities architecture and security in cybersecurity education.       In Journal of The Colloquium of Information Systems Security Education (CISSE).          Edition (Vol. 4, pp. 155-169).