Home page logo
/

isn logo Information Security News mailing list archives

Securing SCADA systems still a piecemeal affair
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 25 Jan 2013 04:06:46 -0600 (CST)

http://www.csoonline.com/article/727445/securing-scada-systems-still-a-piecemeal-affair

By Lucian Constantin
IDG News Service
January 23, 2013

ReVuln, a Malta-based security startup that specializes in vulnerability research, is working on a product that could allow companies to protect their SCADA (supervisory control and data acquisition) software installations against entire classes of vulnerabilities. In the meantime, the company is developing and selling custom patches for SCADA software vulnerabilities that have yet to be addressed by the vendors.

For several years now security researchers have warned that SCADA software is riddled with serious vulnerabilities and often lacks the most basic security controls. Adding to this problem is the fact that many industrial control system owners are increasingly exposing SCADA management interfaces to the Internet for the convenience of remote administration.

Many security researchers would like SCADA systems to be re-engineered with security in mind, but that's a long-term goal at best. For now, even patching known vulnerabilities is a complicated affair in the SCADA world.

Many SCADA vendors don't release security patches in a timely manner and even when such patches do get released, it can take a very long time for them to be deployed on vulnerable systems. SCADA systems are often used to monitor and control critical processes, so any code changes, like those introduced by patches, need to be thoroughly assessed so they don't affect system stability and availability. In addition, since SCADA systems are designed for continuous operation, in many cases their owners can't afford to regularly restart the management software to apply new patches.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Securing SCADA systems still a piecemeal affair InfoSec News (Jan 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]