Poor SCADA security will keep attackers and researchers busy in 2013
Security researchers expect attacks against industrial control systems to increase next year
IDG News Service - An increasing number of vulnerability researchers will focus their attention on industrial control systems (ICS) in the year to come, but so will cyberattackers, security experts believe.
Control systems are made up of supervisory software running on dedicated workstations or servers and computer-like programmable hardware devices that are connected to and control electromechanical processes. These systems are used to monitor and control a variety of operations in industrial facilities, military installations, power grids, water distribution systems and even public and private buildings.
Some are used in critical infrastructure -- the systems that large populations depend on for electricity, clean water, transport, etc. -- so their potential sabotage could have far-reaching consequences. Others, however, are relevant only to their owners' businesses and their malfunction would not have widespread impact.
The security of SCADA (supervisory control and data acquisition) and other types of industrial control systems has been a topic of much debate in the IT security industry since the Stuxnet malware was discovered in 2010.
Stuxnet was the first known malware to specifically target and infect SCADA systems and was successfully used to damage uranium enrichment centrifuges at Iran's nuclear plant in Natanz.
Stuxnet was a sophisticated cyberweapon believed to have been developed by nation states -- reportedly U.S. and Israel -- with access to skilled developers, unlimited funds and detailed information about control system weaknesses.
Attacking critical infrastructure control systems requires serious planning, intelligence gathering and the use of alternative access methods -- Stuxnet was designed to spread via USB devices because the Natanz computers systems were isolated from the Internet, exploited previously unknown vulnerabilities and targeted very specific SCADA configurations found only at the site. However, control systems that are not part of critical infrastructure are becoming increasingly easier to attack by less skilled attackers.
This is because many of these systems are connected to the Internet for the convenience of remote administration and because information about vulnerabilities in ICS software, devices and communication protocols is more easily accessible than in the pre-Stuxnet days. Details about dozens of SCADA and ICS vulnerabilities have been publicly disclosed by security researchers during the past two years, often accompanied by proof-of-concept exploit code.
"We will see an increase in exploitation of the Internet accessible control system devices as the exploits get automated," said Dale Peterson, chief executive officer at Digital Bond, a company that specializes in ICS security research and assessment, via email.
However, the majority of Internet accessible control system devices are not part of what most people would consider critical infrastructure, he said. "They represent small municipal systems, building automation systems, etc. They are very important to the company that owns and runs them, but would not affect a large population or economy for the most part."
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Malware and Vulnerabilities White Papers | Webcasts