SCADA systems are not designed with security in mind. Rather the priority of developers has been reliability, availability and speed. This does not mean they can not be secured, however, if we can understand a particular system’s features, functions and capabilities, we can address its limitations.
No inherent security is provided in these systems, since security is not a direct concern when the efficiency of the system is under consideration.
This situation is acceptable as long as the systems are isolated from the outside world. However in recent times, more and more of these systems are being exposed to open access, in order to promote inter-system communication and interaction. Two recent trends raising concerns are:
a. Definition of standard interfaces and communication protocols in support of cross-vendor compatibility and modularity.
b. Connection of nodes in a SCADA system to open networks such as the internet. While these phenomena have definitely brought about an increase in the efficiency of these information systems, they have also caused them to inherit all the problem of common, networked information systems. The security of information, both against corruption and misuse, is now an increasing concern for theses systems. This concern for security becomes even more magnified when these systems are deployed in key positions, where they are heavily depended upon for critical operations.