SCADA Missing from Cyber Certification Regime.

• Author: Walker, Joshua
• Position: NDIA Policy Points

* "The United States cannot afford to be islands of light with regard to SCADA control systems. We must bring together allies and industry leaders to develop a standardized set of cybersecurity requirements and implementation timelines that allow for us to identify critical services and develop strategies to protect them from potential threats both foreign and domestic," explained Michael Kleeman, a senior fellow at the University of California San Diego.

The threats to domestic and government support systems are growing more complex and dangerous every day. Last year's release of the interim rule, DFARS Case 2019-D041, partially implementing the Cybersecurity Maturity Model Certification, provided a new foundation for future cooperation and coordination between government and industry.

However, the program has been criticized by industry leaders for lacking clarity related to Supervisory Control and Data Acquisition (SCADA) networks, which are found in utility systems and other critical infrastructure. This lack of clarity could lead to defense industrial base susceptibility to bad actors.

SCADA enables the direct interaction between devices to monitor and process data in real time at local and remote sites. These control systems are essential for establishing efficiency, making better decisions, and establishing communication between systems to increase reliability for critical infrastructure like electricity, water, telecommunications, and even space station systems. CMMC has the potential to serve as an important model for continued cooperation and coordination between private and public sectors to effectively manage the transition toward a utility and industrial base under digital control from limited single-facility actors.

The complexities of utility networks remain of paramount interest to successfully mitigating the current difficulty of spotting and protecting the most valuable networks from bad actors. As the central control for utility networks, the importance of SCADA can be seen in the fact that security investments and practices at one firm influence other relevant private and public entities, which provides for the necessity of cooperation and coordination to manage risk within critical infrastructure networks effectively.

In this sense, understanding the complexities of SCADA and related critical infrastructure networks is key to addressing the concerning rise in cyber-related attacks and threats.

The threats to SCADA...