Generate reference for this:

A supervisory control and data acquisition $($SCADA$)$ system is a software program that monitors and controls a business or piece of equipment. SCADA systems are used for real$-$time data collection and analysis, as well as control tasks in a variety of industries, making them a target for malicious hackers.

$1.$ Stuxnet was one of the most complex malwares known in $2010$ as it could self$-$replicate and spread across multiple systems through many means such as Removable Drives, LAN, Server Message Block $($SMB$),$ File Sharing on the net, etc. This malware infected control system networks and was believed by some to have damaged up to a fifth of the nuclear power centrifuges in Iran. The Stuxnet malware was a wake$-$up call for SCADA systems around the world because it was considered the first known threat specifically targeting SCADA systems to control networks. The US Department of Homeland Security $($DHS$)$ Industrial Control Systems Cyber Emergency Team $($ICS$-$CERT$)$ issued multiple guidelines on how to defend against Stuxnet malware, which has also infected systems in the US$.$ Stuxnet was dangerous because it exploited the autorun vulnerability. It also used security holes in Windows Print Spooler and Server Message Blocks $($SMB$)$ to provide shared access to files, printers, and other devices by taking advantage of a vulnerability in the Microsoft Windows Server service.

$2.$ Cyber assaults on Ukraine's power grid occurred in $2015$ and $2016.$ Cyber attackers knocked out monitoring stations and tripped switches at $30$ substations. They disrupted power to $30$ substations in the first strike, leaving $230,000$ people without power for up to six hours. They cut the power to nearly $225,000$ consumers in the second attack, which was more sophisticated than the first, but the power was restored in about three hours. The SCADA equipment did not work because of the attackers' manipulation of the management systems, and the operators had to manually restore power and close the switches that the attackers had opened remotely. The first attempt used remote control software to manually activate switches, while the second employed sophisticated malware to directly manipulate SCADA systems. The advanced malware employed in the second attack was eventually identified as CRASH OVERRIDE.

Although it is speculated that the intrusions were carried out with government objectives in mind, most of the intrusions are the result of a lack of security in the companies, and to this, we can add the high levels of insecurity that many critical systems, such as nuclear power plants, power plants, and traffic control systems, have. There are default credentials for $100$ devices used in Industrial Control Systems on the internet nowadays, and many organizations do not update these factory passwords, leaving open doors for cyber terrorists.

Internal and external threats can be managed through policies, procedures, and technologies that help prevent the misuse of privileges or reduce the damage they can cause.

$$ Enterprise$-$wide risk assessments should be conducted to learn about critical assets, vulnerabilities, and threats that could affect them.

$$ Security software solutions and appliances should each have their own management policy and configuration documentation, with policies and controls well documented and regularly applied.

$$ Install and setup software like Active Directory $($AD$),$ A system for securing endpoints, system for preventing intrusions, a system for detecting intrusions, A solution for web filtering, spam filter $-$ Traffic monitoring software, a system for managing privileged access, Software that encrypts data, at least two$-$factor authentication policy and mechanism for password management, Manager of telephone calls, System to prevent data loss, on Exchange Server, enable mailbox journaling, preferably with e$-$discovery software enabled.

$$ Account and password control rules and practices must be strictly enforced. All users of the company must log in with credentials that are exclusive to them; each user must have their own login ID and password. While the administrative passwords must be changed to a stronger one after the software is installed.