Hugh Harsono

Macroscope | How blockchain can help prevent cyberattacks like the Colonial Pipeline hack

Given the increasing popularity of the use of internet-based SCADA systems to monitor industrial processes, companies are vulnerable to denial-of-service, spoof or spam attacks, among many others

A blockchain framework could help prevent such attacks, especially if it encompasses internet-of-things, 5G and other emerging technologies

Reading Time:3 minutes

Why you can trust SCMP

A customer gets help pumping gas at Costco, as others wait in line, on May 11 in Charlotte, North Carolina. Colonial Pipeline, which delivers about 45 per cent of the fuel consumed on the east coast, halted operations after revealing a cyberattack that it said had affected some of its systems. Photo: AP

Hugh Harsono

Published: 10:00pm, 7 Jul 2021Updated: 2:09am, 8 Jul 2021

Recent cyberattacks against Colonial Pipeline, meat-processor JBS and other organisations highlight the urgent need to increase cybersecurity around critical infrastructure in the United States. Ensuring proper cybersecurity measures must remain a priority for private and public companies, especially given the increasingly online and digital nature of operating systems today.

Currently, many industrial control systems are run by supervisory control and data acquisition (SCADA) systems, which are a mixture of software and hardware components that enable the control of facilities like production plants. Companies typically use industrial control systems, and by extension SCADA systems, to gather real-time data on all aspects of industrial production, ranging from the refining of oil to the control of waste disposal and even coordinating the transportation of goods.

The critical oversight role that SCADA systems play within the industrial control system framework makes SCADA systems particularly appealing to threat actors, with Stuxnet being the first known to exclusively target SCADA systems to control networks.

Gasoline tankers pass by the Colonial Pipeline storage tanks located in Austell, Georgia, on May 10, as they enter the Marathon Powder Springs Terminal. Photo: The Atlanta Journal-Constitution/TNS

Could implementing a blockchain framework help prevent such cyberattacks on industrial control and SCADA systems? The answer is a resounding yes, particularly if blockchain implementation is also merged with other emerging technologies like internet-of-things devices and 5G.

SCADA systems currently have several key components needed for a system to function, such as the SCADA display unit, remote terminal units, a control unit, and some sort of communication link to tie the network together.

The SCADA display unit allows for the monitoring of the entire industrial control system, while remote terminal units help to monitor the specific process being managed. The control unit passes data between the display unit and remote terminal units, with communication links being primarily industry-dependent, including Ethernet, internet-based wide-area network (WAN) links, and even radio waves.

SCADA systems are primarily made secure through local area network (LAN) and WAN devices. These tools allow for increased monitoring of SCADA processes. However, by virtue of the increasing popularity of internet protocol (IP)-based systems, SCADA systems also inherit the same vulnerabilities, among many others. SCADA systems can be breached in a variety of ways – through denial-of-service attacks, spoofing attacks, or even through spam emails.

People work at a production line of the JBS-Friboi chicken processing plant in Lapa, Parana State, Brazil, in March 2017. JBS USA, the American subsidiary of the world’s largest meat processing company, said on May 31 that it had been hacked, affecting its US and Australian IT systems. Photo: AFP