No. 1 Story

Technology reinforces generation gap

If you believe that technology could be bridging the generation gap, think again. According to Deloitte’s first State of the Media report it’s as stark as ever.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
Read More
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Read More
Recruitment technology and social media have played a significant role in growing business in...
Read More
Fancy a 4G Windows Phone? Your wait may be over next Tuesday when Telstra...
Read More
Microsoft and its partners such as Nokia and HTC are trumpeting the virtues of...
Read More

More From

Popular Threads

Recent Reports of SCADA's Demise have been Greatly Exaggerated

David Heath
Tuesday, 17 June 2008 04:09

Your IT - Home IT

View Comments
Page 1 of 2
In the past few days, a large number of reports have appeared in the press regarding a security vulnerability in a widely used SCADA package.  While the vulnerability was real, the stridency of the reporting was a little excessive.

SCADA (or Supervisory Control and Data Acquisition) software is used in a large number of industrial situations to manage infrastructure.  The software controls the processes of organisations as diverse as mine sites, biscuit manufacturers, public aquariums and even a well-known Australian media personality (for their garden watering system). 

Cognisant of the risks of exposing such critical infrastructure to the “naughty lads of the Internet,” pretty-well every user of SCADA systems makes very sure that they are not exposed.  Normally this involves an air-gap: the industrial systems are simply not connected to anything else.  More recently, with an increasing interconnectedness, users are finding that their industrial systems are connected to their business management systems – but (obviously) still remaining behind the corporate firewalls.

In the oft-republished Associated Press article (here for instance) regarding the buffer-overflow in CitectSCADA, a naïve person might think that the sky was about to fall and the nearest water treatment plant was about to fail.

Nothing could be farther from the truth.

Yes, a vulnerability was discovered by Core Security Technologies and reported in detail to Citect on February 6th 2008.  After analysis of the issue, Citect responded to Core that, in effect, they could not determine how the vulnerability might affect their customers as the software was specifically designed and implemented to be well-separated from the internet, and as far as Citect knew, that was how it was being implemented.  Citect added that it would be addressed in the next release of the software.

Specifically, the only way a user of the software could be vulnerable is to have active ODBC interfaces and to be directly connected to the internet without any security.  Seems to me that for computers in such a situation (ignoring the ODBC factor), SCADA vulnerabilities would be the least of their problems!


Read on to the next page...

Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases