M
There was an interesting article on security vulnerabilities in SCADA systems. The article begins with a recent vulnerability which was found recently in a certain brand of SCADA system (LiveData) whereby the server can be crashed by simply sending it the wrong type of data packet.
However, the article goes on to discuss the security situation in general, and the fact that most of the industry seems to be putting its head in the sand when it comes to security. Major security vulnerabilities (unrelated to LiveData) are widespread. For example (from the article):
"Consultants who have done penetration testing and security audits of real-time process control systems tell grim stories about the lack of security in the systems. Data is transfered with no encryption using protocols, such as Telnet and FTP, that are being phased out in other industries; many firewalls have ports opened to any traffic; and, many workstations still run Windows NT".
This article is definitely worth reading for anyone who deals with PCs, SCADA, or networking. So far our industry has been operating on the principle that ignorance is bliss, but we will have to come to terms with this in future. I suspect that computer and network security training will become essential for people working in the SCADA field in future.
The article can be found at the following locations:
http://www.theregister.co.uk/2006/06/19/scada_flaw_debate/ http://www.securityfocus.com/news/11396
However, the article goes on to discuss the security situation in general, and the fact that most of the industry seems to be putting its head in the sand when it comes to security. Major security vulnerabilities (unrelated to LiveData) are widespread. For example (from the article):
"Consultants who have done penetration testing and security audits of real-time process control systems tell grim stories about the lack of security in the systems. Data is transfered with no encryption using protocols, such as Telnet and FTP, that are being phased out in other industries; many firewalls have ports opened to any traffic; and, many workstations still run Windows NT".
This article is definitely worth reading for anyone who deals with PCs, SCADA, or networking. So far our industry has been operating on the principle that ignorance is bliss, but we will have to come to terms with this in future. I suspect that computer and network security training will become essential for people working in the SCADA field in future.
The article can be found at the following locations:
http://www.theregister.co.uk/2006/06/19/scada_flaw_debate/ http://www.securityfocus.com/news/11396
