Securing SCADA systems still a piecemeal affair

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/727445/securing-scada-systems-still-a-piecemeal-affair

By Lucian Constantin
IDG News Service
January 23, 2013

ReVuln, a Malta-based security startup that specializes in vulnerability 
research, is working on a product that could allow companies to protect their 
SCADA (supervisory control and data acquisition) software installations against 
entire classes of vulnerabilities. In the meantime, the company is developing 
and selling custom patches for SCADA software vulnerabilities that have yet to 
be addressed by the vendors.

For several years now security researchers have warned that SCADA software is 
riddled with serious vulnerabilities and often lacks the most basic security 
controls. Adding to this problem is the fact that many industrial control 
system owners are increasingly exposing SCADA management interfaces to the 
Internet for the convenience of remote administration.

Many security researchers would like SCADA systems to be re-engineered with 
security in mind, but that's a long-term goal at best. For now, even patching 
known vulnerabilities is a complicated affair in the SCADA world.

Many SCADA vendors don't release security patches in a timely manner and even 
when such patches do get released, it can take a very long time for them to be 
deployed on vulnerable systems. SCADA systems are often used to monitor and 
control critical processes, so any code changes, like those introduced by 
patches, need to be thoroughly assessed so they don't affect system stability 
and availability. In addition, since SCADA systems are designed for continuous 
operation, in many cases their owners can't afford to regularly restart the 
management software to apply new patches.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org