I can’t believe there hasn’t been more of a focus on SCADA security. This is the software that controls our truly critical infrastructure, like water supply systems, gas and oil pipelines, the electric grid, and so on. An attack on these systems will do more than bring down a website, preventing you from buying that new pair of shoes. It could potentially do serious damage, with immediate consequences affecting thousands of people.
From SecurityFocus, January, 2002:
“U.S. law enforcement and intelligence agencies have received indications that Al-Qaida members have sought information on Supervisory Control And Data Acquisition (SCADA) systems available on multiple SCADA-related Web sites,” reads the bulletin. “They specifically sought information on water supply and wastewater management practices in the U.S. and abroad.”
That’s what makes these recent discoveries of remotely exploitable vulnerabilities in OPC (a standard used to control many SCADA systems) inexcusable. A company called Neutralbit has published five vulnerabilities in various implementations of OPC, and there are no doubt many more to come.
While I’m no SCADA or OPC expert, perhaps we need a few more people who are experts to focus on the security of their systems. I believe they have some catching up to do… the “Technical Overview of OPC” that I found online is from 1998.
Update: A recent article from Dark Reading discusses the issue of SCADA security.
Post a Comment