The SCADA industry is being dragged kicking and screaming into the here and now. After the public posting of a security vulnerability for ICCP the typically xenophobic industry has been forced to address security issues. Security has never been paramount for SCADA as the focus has always been on the operation of said sytems.
The aforementioned vulnerability in LiveData’s implementation of ICCP has touched off a bit of a storm. “In general, SCADA networks are run as very private networks,” LiveData CEO Jeff Robbins said. “You cannot harness an army of public zombie servers and attack them, because they are not accessible.” This demonstrates the lack of any concept of security within the SCADA community at large. These systems DO touch the internet. There are glaring examples of people that know and understand the importance of this problem in spades out there such as the folks with Digitalbond.com . Sadly they are out numbered.
“Many vendors did not appreciate the involvement of the US Computer Emergency Readiness Team (US-CERT), the nation’s response group tasked with managing the process of vulnerability remediation for critical infrastructure, Franz said.” It’s well past time that SCADA operators pull their heads out of the sand and get with the times.
[tags]SCADA, SCADA Security, ICCP, Vulnerability, LiveData, US Cert[/tags]
