YOUR IT - Technology for you

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Recent Reports of SCADA’s Demise have been Greatly Exaggerated

David Heath
Tuesday, 17 June 2008 05:09

Your IT - Home IT

Page 1 of 2
In the past few days, a large number of reports have appeared in the press regarding a security vulnerability in a widely used SCADA package.  While the vulnerability was real, the stridency of the reporting was a little excessive.

Microsoft Office 365 Get your free Trial
SCADA (or Supervisory Control and Data Acquisition) software is used in a large number of industrial situations to manage infrastructure.  The software controls the processes of organisations as diverse as mine sites, biscuit manufacturers, public aquariums and even a well-known Australian media personality (for their garden watering system). 

Cognisant of the risks of exposing such critical infrastructure to the “naughty lads of the Internet,” pretty-well every user of SCADA systems makes very sure that they are not exposed.  Normally this involves an air-gap: the industrial systems are simply not connected to anything else.  More recently, with an increasing interconnectedness, users are finding that their industrial systems are connected to their business management systems – but (obviously) still remaining behind the corporate firewalls.

In the oft-republished Associated Press article (here for instance) regarding the buffer-overflow in CitectSCADA, a naïve person might think that the sky was about to fall and the nearest water treatment plant was about to fail.

Nothing could be farther from the truth.

Yes, a vulnerability was discovered by Core Security Technologies and reported in detail to Citect on February 6th 2008.  After analysis of the issue, Citect responded to Core that, in effect, they could not determine how the vulnerability might affect their customers as the software was specifically designed and implemented to be well-separated from the internet, and as far as Citect knew, that was how it was being implemented.  Citect added that it would be addressed in the next release of the software.

Specifically, the only way a user of the software could be vulnerable is to have active ODBC interfaces and to be directly connected to the internet without any security.  Seems to me that for computers in such a situation (ignoring the ODBC factor), SCADA vulnerabilities would be the least of their problems!


Read on to the next page...

Start 1 2 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases