The nation's critical infrastructure is a major security challenge within the U.S.
The nation's critical infrastructure is a major security challenge within the U.S.
Introduction
From decades, threat against utility assets security has been recognized. Nation's critical infrastructure security has been a major issue in United States after the terrorist attacks of September 11, 2001. Catastrophic disruptions may arise due to insecure computer systems of the nation security departments. The sensitive information may end up with disclosure due to this insecurity. SCADA has been recognized to be most affected by potential cyber threats. If the security of the computer system is compromised, the execution of attack becomes easy. Security control and data acquisition systems have been developed to recognize these threats. Multiple locations can be used through internet to attack in simultaneous ways. The catastrophic damages may develop due to attack on SCADA by an Intruder; therefore, it is necessary to protect the access of SCADA systems.
Discussion
High levels of skill which are required by an attacker to the successful exploitation of the vulnerabilities have been discussed in the advisory. Depending on the specific vulnerability, these skills range from intermediate to high levels. A number of malicious actions can be performed by an attacker. SCADA system, which controls the systems operations depending on the critical environment, is greatly influenced by such malicious actions. Many factors may contribute to impact to individual organizations. Each organization has different factors that uniquely impact the organizations. According to ICS-CERT, the impact of these vulnerabilities is evaluated through these organizations. Environment, product implementation and architecture are the aspects of an organization that are affected due to these vulnerabilities.
SCADA system includes no formal security training. There is no security plan or security policy being documented for the SCADA systems. The official documented procedures and formal configuration management are not included ...