THE 3 rd INTERNATIONAL SCIENTIFIC CONFERENCES OF STUDENTS AND YOUNG RESEARCHERS dedicated to the 99
th
anniversary of the National Leader of Azerbaijan Heydar Aliyev
144
They are utilized in industrial process plants, such as steel production, power
generation, distribution, nuclear fusion, and infrastructure utilities.
In the past, SCADA systems used to be isolated from the global network
(internet), however, as the SCADA systems have evolved over time, they
have integrated with enterprise networks, made use of TCP/IP for data
transmission, and even become connected to the global network. The
security of critical infrastructure, industrial control systems, and SCADA
control systems are being impacted by the ongoing increase of cyber security
threats and attacks, particularly the increasing sophistication of malware.
There have been numerous cyber-attacks specifically targeted SCADA
systems. For instance, one of the most complex malware, called Stuxnet,
infected one-fifth of the nuclear power centrifuges in Iran and some systems
in the USA. Since the malware can self-replicate, it could spread across multiple
systems through LANs, network file sharing, removable drivers, Simens Step
7, etc. The malware was designed to look for specific software to be installed
on and the exact equipment to be connected to a SCADA system. If it found
all the precise configurations, it modified and sabotaged the code on PLCs.
Duqu, Flame, and Gauss malware, which was discovered by Hungarian
cyber security researchers, gathers confidential information. To hide data
transmission, it sends typical HTTP traffic with attached encrypted data in a
.jpg file. It makes use of microphones, web cameras, keystroke logging, and
the extraction of geolocation data from images.
The integration of IT into physical systems has brought the aforementioned
threats. Therefore, it is necessary to utilize IT solutions in SCADA systems too.
Any device of a SCADA system runs several modules that use a common
operating system. DOS, VMS, and UNIX were once the operating systems
of choice for SCADA systems. Although UNIX used to be the primary
operating system for SCADA systems, Linux is increasingly displacing UNIX
systems. No matter whether an attacker/malware tries to encrypt SCADA
data, infect other software pieces or send data to an attacker-controlled
destination, the underlying operating system kernel handles them. Even
sometimes, the vulnerability that is abused is related to the kernel itself.
The solution is containerization that could enhance security in today’s
industry 4.0. Industrial automation practices are becoming more complex and
a PLC can be hosting multiple services like NODE-Red, Grafana, InfluxDB,
and Machine Learning modules. By running each module in a separate
container, we can isolate the process from the underlying Linux kernel regarding
the file system and network. This way, even if a module is compromised by an
attacker or infected by malware, it cannot spread to other processes or abuse
the OS. With the help of containerization, modern and intelligent Linux-based
PLCs, which still have the characteristics of a classic PLC, become more
cyber resilient.