Penetration Testing mailing list archives
Re: SCADA
From: mdfranz () io com
Date: Sun, 7 Jul 2002 22:00:04 -0500 (CDT)
No hands-on experience but I've done a little digging on the topic. Most of the info (whitepapers, academic articles, prezos) is the normal blah blah blah best practices (policy/firewall/ids/pentest) vs. low level details of specific control system vulnerabilities. The most interesting things I ran across (sorry no URLs but they should be in google): Barry C. Ezell, _Risks of Cyber Attack to Supervisory Control and Data Acquisition for Water Supply_ (Master's Thesis, UVA, 1998) Joe Wiess, _Information Security Needs and Issues for Control Systems_ (Prezo at EEI/AGA IT Conference, 14 Jan '02) There were a few interesting prezos at the ICCC (Common Criteria) meeting on archictectural security issues for control systems a month or so ago but they still haven't released the CD-ROMs yet. Work is being done at Argonne/Sandia National labs on this type of stuff. Also NIST (especially PCSRF http://www.isd.mel.nist.gov/projects/processcontrol/) Riptech is also active on the commercial side. BTW, there is a conference at the end of the month in Vancouver on SCADA security that might be promising. See http://www.kemaseminars.com - mdf
Has anyone had any experience with SCADA systems? Gaziel Avishay, Information Risk Management KPMG Somech-Chaikin 972-3-6848606
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/