Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Zero-day vulnerabilities discovered in US SCADA systems

LogRhythm : 21 October, 2013  (Technical Article)
Industrial control software from one supplier has come under scrutiny from security experts with 25 vulnerabilities which could compromise critical infrastructure systems
Zero-day vulnerabilities discovered in US SCADA systems

This week, researchers in the United States have identified 25 zero-day vulnerabilities in industrial control software – specifically SCADA software – from one vendor.  While most of the 25 known vulnerabilities would not render servers completely unable to control utilities, the researchers note that this would be possible through the worst of the vulnerabilities, which would allow hackers to take control of the whole system.  Nine of the potential exploits, identified by researchers working with industrial consultants Automatak, have so far been reported to the vendor, as well as to the US Department of Homeland Security.

Ross Brewer, vice president and managing director for international markets, LogRhythm, commented:

“While cyber attacks on SCADA systems may be rare when compared to the extraordinary number of incidents involving web applications or enterprise IT networks, the damage they are able to cause is disproportionately severe.  The software is primarily responsible for critical operations and national infrastructures and, if exploited, could seriously damage the operations of electricity, water and power suppliers. The potential implications of a hack are terrifying and could not only result in the loss of data, but can also cause damage to physical assets and in certain scenarios, the loss of life.

“SCADA systems are potentially more vulnerable to exploitation given that, when they were developed, internet use was yet to explode.  The focus of control system security has therefore been typically limited to physical assets, rather than cyber security.  Some of the most notorious cyber attacks in recent years – such as the Stuxnet and Flame viruses – have been SCADA breaches, and it is clear that there is still potential for similar hacks due to lax security policies.  Organisations and governments alike must see these latest discoveries as a sign to take urgent and swift action to build up their own defences.

“Traditional perimeter cyber security tools, such as anti-virus software, have proven their shortcomings time and time again. The Flame virus, for example, avoided detection from 43 different anti-virus tools and took more than two years to detect.  Instead, organisations must have tools in place that allow them to indentify threats, respond and expedite forensic analysis in real time.  To achieve this, continuous monitoring of all log data generated by IT systems is required in order to automatically baseline normal, day-to-day activity across systems and multiple dimensions of the IT estate and identify any and all anomalous activity immediately.  With increased computerisation, critical infrastructure services become far more vulnerable, and without advanced levels of protection it could be lights out, and worse, for all.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo