Re: First real-world SCADA attack in US

[Mark Radabaugh <mark () amplex net>]

On 11/21/11 10:32 AM, Jay Ashworth wrote:
> On an Illinois water utility:
>
> http://www.msnbc.msn.com/id/45359594/ns/technology_and_science-security
>
> Cheers,
> -- jra
Having worked on plenty of industrial and other control systems I can 
safely say security on the systems is generally very poor.   The 
vulnerabilities have existed for years but are just now getting 
attention.    This is a problem that doesn't really need a bunch of new 
legislation.   It's an education / resource issue.   The existing 
methods that have been used for years with reasonable success in the IT 
industry can 'fix' this problem.

Industrial Controls systems are normally only replaced when they are so 
old that parts can no longer be obtained.   PC's started to be widely 
used as operator interfaces about the time Windows 95 came out.   A lot 
of those Win95 boxes are still running and have been connected to the 
network over the years.

And... if you can destroy a pump by turning it off and on too often then 
somebody engineered the control and drive system incorrectly.  Operators 
(and processes) do stupid things all the time.  As the control systems 
engineer your supposed to deal with that so that things don't go boom.


--
Mark Radabaugh
Amplex

mark () amplex net  419.837.5015