We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

SCADAfence - Securing The Systems That Power Our Life

Ditsa Keren Technology Researcher

SCADAfence is a pioneer in securing Industrial IoT/Industrie 4.0 networks from cyber threats, covering the smart manufacturing and smart building sectors, pharmaceutical, chemical, food & beverage, automotive and building automation industries. Following the recent WannaCry events, we sat down with CEO Yoni Shohet to find out what kind of threat are SCADA systems facing today, what are the risks for our day to day lives, and how does SCADAfence help to prevent them?

For those who don’t know, could you  give us a brief overview of what are SCADA systems?

A SCADA system or an industrial control system is in charge of managing critical manufacturing and control systems of the most important things we use day to day. They are the automated computer systems that are controlling processes in critical infrastructure, manufacturing plants and building management systems. These operational technology (OT) networks are highly sensitive and prioritize the availability of the production systems above all.

How does IOT look from an industrial perspective?

Industry 4.0 and industrial IOT are two terms that go together. It is the concept of taking devices and enabling them to become smarter sensors in order to improve their productivity and reduce operation costs. Industrial control systems are now highly interconnected and there are growing connections between the devices internally and between the industrial network to external environments. While new technologies that are introduced into the production networks increase efficiency and allow companies to focus more on innovation, they also expose these networks to new threats, which require security measures to be taken into account at all times.

What kind of threats are SCADA systems facing these days?

There are 4 main threats that can occur as part of a cyber attack:

  1. Operational downtime, where hackers sabotage and create unexpected downtime. We've seen this happening twice in 2015 when the entire Ukrainian electricity grid got shut down by politically-driven cyber criminals.
  1. Product manipulation- instead of stopping the operation, some hackers manipulate the end product by changing the recipe or formula to create a different outcome. As a result, severe damages can be caused such as spoiled production batches or a defective product released to the market, which could potentially destroy a brand's reputation forever.
  1. Sensitive information- Some hackers try to target information like secret formulas or production methods that are of great value for black market or for competitors.
  1. Ransomware, whereby hackers target and encrypt data, and then demand money in exchange for keeping it secret or letting you use it. This type of threat also applies at an industrial scale, only the risks go way beyond the personal level. The biggest concern is that the hacker will try to control the production process and force manufacturers to pay so they can regain control over their own environment.

Recent events such as WannaCry ransomware campaign shows how generic attacks initiated by cybercriminals can also affect industrial control systems. Due to the attack, multiple industrial companies in various industries were hit. The most severe incident we know of so far is Renault/Nissan, which had to halt production in some factories due to the WannaCry attack.

What are non-malicious threats? And what risks do they impose?

Not all threats are derived from malicious intentions. Even human errors can create the same effect, where an innocent mistake or misconfiguration can lead to a different reaction to what the system was programmed to do. Since we are already monitoring the industrial environment, we help our customers to reduce risks that are also created unintentionally.

How are Cyber risks different across different industry sectors?

Collaborating with diverse industries such as manufacturing, critical infrastructure, and building management systems, we acknowledge the significant variations among them. For instance, the driving forces behind their adoption of our solutions often differ, with regulatory compliance being a prevalent motivation in certain cases, while other industries are primarily motivated by meeting their business needs. Moreover, the specific technologies employed and the involved vendors may vary across different sectors. Nevertheless, it is important to note that our solutions can bring benefits to any sector, irrespective of these variations.

How do you begin to assess the safety of a SCADA system? What would be the first things you'd look at?

Our technology is able to listen to the communications in a non-intrusive way and analyze what is the normal behavior profile. This allows us to quickly recognize when there are deviations from the expected behavior. Our three main benefits are:

  • Visibility to the asset and network activity. Many companies are not even aware of the devices running on their network; they know the process but they don’t know the protocol and the assets within the environment. Being able to see your entire network is the first step towards securing it.
  • Risk management helps the user to identify where breaches could come from in the future, and how an attack can make use of those access vectors to attack the industrial environment.
  • Detection of threats - detecting ongoing threats such as cyber-attacks or non-malicious activities that are attempting to change the normal operations and require immediate response from the user.

What trends can we expect to see in the near future with SCADA security?

Generally what we're seeing in the industry is an IT/OT conversion. These 2 fields are becoming closer together, and are starting to create joint processes that focus on industrial IOT.

Security needs to be addressed by those teams. Specifically in industrial control systems, joint teams today need to bridge the gaps between IT/security teams and the operational teams, who need to work together. Only companies that have a joint IT/OT efforts to address their industrial security needs, are able to effectively secure their most critical assets.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address