One of the interesting parts of working in SCADA environments is dealing with strange protocol streams. One such is ICCP or otherwise known as RFC 1006. Something that I have learned in dealing with power system types over the last few years is their inability to accept that just because they may have done things a certain way for X number of years is by no means justification to continue that way. One such bizarre aspect is ICCP. I have been told on numerous occasions that ICCP is secure because only SCADA people understand that information…WTF?? Sadly, I have been told this by people that should really know better.
In order to help secure SCADA systems using tools such as Nessus signatures are needed. Thankfully good folks such as the gang at Digital Bond have written some.
To help combat this archaic way of thinking security professionals need to tackle ICCP and other SCADA problems head on. For more on this read on after the jump.
[tags]Nessus, SCADA, SCADA Security, ICCP, RFC 1006[/tags]
