Information Security News
mailing list archives
Securing SCADA systems still a piecemeal affair
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 25 Jan 2013 04:06:46 -0600 (CST)
By Lucian Constantin
IDG News Service
January 23, 2013
ReVuln, a Malta-based security startup that specializes in vulnerability
research, is working on a product that could allow companies to protect their
SCADA (supervisory control and data acquisition) software installations against
entire classes of vulnerabilities. In the meantime, the company is developing
and selling custom patches for SCADA software vulnerabilities that have yet to
be addressed by the vendors.
For several years now security researchers have warned that SCADA software is
riddled with serious vulnerabilities and often lacks the most basic security
controls. Adding to this problem is the fact that many industrial control
system owners are increasingly exposing SCADA management interfaces to the
Internet for the convenience of remote administration.
Many security researchers would like SCADA systems to be re-engineered with
security in mind, but that's a long-term goal at best. For now, even patching
known vulnerabilities is a complicated affair in the SCADA world.
Many SCADA vendors don't release security patches in a timely manner and even
when such patches do get released, it can take a very long time for them to be
deployed on vulnerable systems. SCADA systems are often used to monitor and
control critical processes, so any code changes, like those introduced by
patches, need to be thoroughly assessed so they don't affect system stability
and availability. In addition, since SCADA systems are designed for continuous
operation, in many cases their owners can't afford to regularly restart the
management software to apply new patches.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Securing SCADA systems still a piecemeal affair InfoSec News (Jan 25)