MENU

 

The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

“Supervisory Control and Data Acquisition (SCADA) is a control system architecture that uses computers, networked data communications and graphical user interfaces for high level process supervisory management, but uses other peripheral devices such as programmable logic controllers and discrete proportional-integral-derivative (PID) controllers to interface to the process plant or machinery. The operator interfaces which enable monitoring and the issuing of process commands, such as controller set point changes, are handled through the SCADA supervisory computer system. However, the real-time control logic or controller calculations are performed by networked modules which connect to the field sensors and actuators.”1

The most common purpose of the cyber attack on a SCADA system is for the hackers to prove that they can get through the defenses set forth in the systems. For the terrorist, the objective is to employ greater damage to big industries like the petroleum product transportation pipeline. This may also be a set-up for espionage or to generate false information to the SCADA system. The most serious threat may either seriously disable the system or attempt to commandeer the system to cause damage to the process or equipment being controlled in order to send out improper control commands.


RECOMMENDATION

PNP personnel and the public are advised to follow the best practices listed below for security purposes in order to avoid SCADA system vulnerability to Cyber Attack:


• Always ensure that SCADA systems are designed with full redundancy and possibly with some additional level of fault tolerance.

• Keep SCADA systems physically secured.

• Put at least a basic error detection and correction capabilities to SCADA systems.

• Always keep your software up to date. Install software patches so that vulnerabilities can be mitigated. Many operating systems offer automatic updates, it is highly recommended to always enable it.

• Check the security settings of your respective workstations. Apply the highest level of security available that still gives you the functionality that you need.

For additional information, please refer to the following websites:

https://en.wikipedia.org/wiki/SCADA
www.webopedia.com/TERM/S/SCADA.html
http://patriot-tech.com/blog/2015/10/27/common-scada-system-threats-and-
vulnerabilities/

POINT OF CONTACT

Please contact CSRAD, PNP ACG for any inquiries related to this CYBER SECURITY BULLETIN at This email address is being protected from spambots. You need JavaScript enabled to view it. or call 7230401 local 5337.