SCADA Systems Vulnerability
Posted: Fri Aug 24, 2007 9:20 pm
My spidey sense says that this is now becoming a slightly bigger news story than it ever has been before, and might start making front pages if it gathers some steam because it's pretty severe.
If you've never worked in an industrial IT environment, SCADA systems are, on a very basic level, a system that links high-level IT equipment (servers, workstations) with extremely low-level control, safety and monitoring devices that are in use in almost every industrial shop-floor. Think heat sensors, emergency shut-off valves, robot arms.
The issue that's breaking is that now people are realising that linking these very, very critical systems into higher architecture which is either linked to workstations, company networks or the web is really not a good idea, and despite some sensible restrictions in place by many security-conscious engineers (deliberately creating separate SCADA networks, running specialised firewall systems, only enabling devices that truly require it, and other techniques for isolation) the whole system just isn't secure enough. When we're talking about critical infrastructure (power and water facilities for a start) and hazardous environments (steel mills and chemical plants) the potential size of the problem is massive.
http://www.forbes.com/2007/08/22/scada- ... 2hack.html
If you've never worked in an industrial IT environment, SCADA systems are, on a very basic level, a system that links high-level IT equipment (servers, workstations) with extremely low-level control, safety and monitoring devices that are in use in almost every industrial shop-floor. Think heat sensors, emergency shut-off valves, robot arms.
The issue that's breaking is that now people are realising that linking these very, very critical systems into higher architecture which is either linked to workstations, company networks or the web is really not a good idea, and despite some sensible restrictions in place by many security-conscious engineers (deliberately creating separate SCADA networks, running specialised firewall systems, only enabling devices that truly require it, and other techniques for isolation) the whole system just isn't secure enough. When we're talking about critical infrastructure (power and water facilities for a start) and hazardous environments (steel mills and chemical plants) the potential size of the problem is massive.
http://www.forbes.com/2007/08/22/scada- ... 2hack.html