Many organizations are unaware that they are implementing SCADA type devices on their networks and unaware of the potential risks this creates. SCADA stands for supervisory control and data acquisition. The SCADA technology is heavily used in power distribution/management, gas distribution and waste water treatment, but is now finding its way into a lot of small businesses, churches and office buildings. Heating and air-conditioning vendors who remotely manage your HVAC systems, use technology to remote into your network and use a web based application to manage the system. 80% of all recent hacks have been against vulnerabilities in web based applications. The big question is, if they can remote in, who else can remote in?
Before letting an outside vendor put equipment on your network, it is important to understand how they will be gaining access and if your organization is comfortable with the technology they will use. In November, a water treatment facility in Illinois was hacked which caused a pump to burn up. Potential threats of an attack could result in the heating of your building being turned off in the Winter, causing pipes to burst. In the Summer, your air-conditioning system could be set to cool off the building after hours, which would increase your energy costs. Also, there is always the threat that this is a back door into your network. A back door would allow hackers to gain access to your servers and data. The potential threats are: loss of data or having your servers compromised to either host nefarious services (game sites, porn sites etc.), or be used to launch attacks against other sites.
The best way to prevent having an issue with SCADA devices on your network is to understand the technology that is being implemented and take appropriate measures to secure any vulnerability introduced by the SCADA type equipment that will be installed.
