Telemetry SCADA Radio Systems:

Supervisory Control and Data Acquisition commonly referred to as “SCADA” is a computer application used to analyze and collect real-time data to control, supervise, manage, and monitor machinery that deals with time-sensitive and important events or materials. Radios for telemetry and SCADA systems can operate in either licensed (VHF, licensed 700MHz LTE, UHF, licensed WiMax 2.5GHz, or 900MHz MAS,) or unlicensed (5.8GHz point-to-multipoint wireless backhaul, WiMax, or 900MHz) spectrums of the microwave.

Traditionally, telemetry SCADA radio equipment “polling” used “audio frequency-shift keying” transferred through FM analog radios functioning in 25 kilo Hertz channels at 300 and 1200 bps.

Vendors offer telemetry SCADA radio systems that run at 9600 bps in 12.5 kHz networks in response to demands for more effective radio spectrum usage and faster data rates.

Users switch to these systems as they will require access to several significant improvements in operational technology, such as SNMP monitoring and IP support.

SCADA Vulnerabilities and Attacks:

These systems are vulnerable to SCADA threats and attacks due to the lack of monitoring, authentication holes, unpatched systems, lack of network segmentation, policies and procedures, remote access policies, lack of encryption, lack of anti-malware or built-in firewalls software default configuration, absence of Intrusion Detection Systems, legacy software, command injection and parameters manipulation, malware, web application attacks, DDoS attacks.

According to Schneider Electric Security Bulletin, “The framework poses a critical risk to organizations using the targeted devices and it has capabilities related to disruption, sabotage, and potentially physical destruction.”

However, once the hackers have gained preliminary access to the network of Operational Technology (OT), they can control and compromise affected SCADA / telemetry radios.

Management of the power grid, remote control, and telemetry all frequently use wireless SCADA systems. UHF and VHF radio frequencies can be reported in or polled on a single radio channel every day and have the fastest receive and transmit speeds over hundreds of thousands of meters.

As remarked by President Obama in May 2009, “The cyber threat to the massive grids that power our nation is one of the most serious economic and national security challenges we face as a nation.”

Maroochy Shire, an Australia’s infamous case, revealed that “radio-based networks present a practical and natural vector for hacking.”

Additionally, the government of the US issued a warning about the harmful actors using recent cybersecurity threats to continue gaining access to the devices and arrangements of ICS and SCADA. They argued, “The APT actors have developed custom-made tools for targeting ICS/SCADA devices.”

The recent cyberattacks on SCADA systems include Target Stores; New York Dam; Havex; Shamoon – Saudi Aramco and RasGas; Night Dragon; Duqu, Flame, and Gauss; Ukraine Power Grid attack; and Stuxnet; etc.

A Comprehensive Security Evaluation Plan:

For the security of Telemetry SCADA radio and video surveillance systems, there is a need to integrate multiple channels of telecommunication, i.e., TETRA, networks, and 3G/4G/5G LTE satellites to create a data transfer path for single redundant faster, and secure communication. In this regard, the technique will provide management protections, firmware encryption, and authentication, and effectively address other security challenges also.

Instead of radio frequencies, if SCADA systems can use cellular communication, then it will be a more secure solution in terms of providing data encryption and a reliable or steady network with low latency.

The organizations using the system should evaluate the system’s aspects of non-repudiation, confidentiality, availability, and integrity; performs attack vectors and threat analysis; manages protocols and interfaces; utilize best practice recommendations and industry security standards.

It is recommended to utilize reliable and well-known encryption algorithms and standard protocols such as DNP3, IEC 104 or 60870-5-101, TCP/IP, and, AES-256 or triple DES.

There should be an implementation of security procedures i.e., segregation for management/data IP port if there are numerous physical interfaces of the ethernet.

If we are moving towards securing the SCADA network through LTE or satellite, then the following protocols will be considered i.e., IEEE P1685/ P1689/P1711 for securing serial communications; NIST IR-762823 for cyber security requirements and strategy for smart grids; and IEC/TR 62443 for system and network security.

As with browser closure, session cookies that expire should be used in conjunction with user authentication using SSL and HTTPS. It will prove to be an efficient authentication technique as users will log out automatically when the session will expire.

For remote access, organizations should need to impose multi-factor authentication and constantly monitor for malicious behaviors and indicators and periodically change passwords to secure SCADA and ICS devices to reduce possible threats.

A 360-degree approach will be considered as it acts as a key pillar of security for SCADA systems such as identifying all types of threat sources and attacks (malicious or accidental), managing the interfaces and data, and providing distributed micro firewall inclusion at each interface of the ethernet.

Why There Is a Need to Protect These Systems?

Security is one of the most important aspects that must be considered. And if the SCADA radio systems are fully secured then the effectiveness and efficiency of these systems can:

1. Foresee possible issues, find trends and patterns, and keep an eye on remote sites.
2. Accumulated data can be used to pinpoint when and where resources like water or energy are being overused.
3. Trends in usage enable the user to identify the root cause of the resources’ consumption peaks.
4. Monitoring network operations and performance carefully reduce costs while improving effectiveness and security.
5. A more sustainable future is made possible by decreasing waste increased and efficiency.

The Bottom Line:

Telemetry SCADA radio systems need to be both continuously reliable and available in addition to being encrypted.  However, different aspects should be considered while maintaining its security such as Interoperability, Real-time Information Processing, Simulation, Scalability, Management and Visualization, and Monitoring. In this regard, these systems should include the “Cyber Security Standards for critical infrastructure protection.” In addition to proper industry standards and security protocols, the organizations can move towards securing the SCADA network through LTE or satellite instead of radio frequencies which leads to a potentially secure, scalable, and affordable solution and protect the SCADA networks from vulnerabilities.

-Brian Martin

Global Communication Services

Check out this book for more information:

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions