SCADA in the news again
I find these stories about SCADA to be fascinating. The people who develop these systems have no real clue about security and yet, they expect their boxes to be connected to the internet.
SCADA stands for
Supervisory Control And Data Acquisition. These are the systems you find in factories and plants controlling all of the hardware. A perfect example of a SCADA exploit is the
Stuxnet worm that gave the Iranian's such hardship with their nuclear bomb making activities.
Now it seems that a new problem has been discovered -- from the
Beeb:
Power plants put at risk by security bugs
The discovery of bugs in software used to run oil rigs, refineries and power plants has prompted a global push to patch the widely used control system.
The bugs were found by security researchers and, if exploited, could give attackers remote access to control systems for the installations.
The US Department of Homeland Security said an attacker with "low skill" would be able to exploit the bugs.
About 7,600 plants around the world are using the vulnerable software.
"We went from zero to total compromise," said Juan Vazquez, a researcher at security firm Rapid7 who, with colleague Julian Diaz, found several holes in Yokogawa's Centum CS 3000 software.
Don't start panicking quite yet:
The Rapid7 researchers alerted Yokogawa about their findings before publicising their work to give the company time to produce a patch that can close the loopholes.
"Not all Centum CS 3000 users need to apply this patch immediately," said Yokogawa in a statement. "This depends on how their systems are connected to external networks and on the security measures that are in place."
Yokogawa said it was in the process of contacting customers who might be vulnerable and urging those who were at risk to apply its patch.
Still, if they found and publicized one vulnerability, how many more are still there? Glad I don't do IT for a large plant or factory...
Posted by DaveH at April 5, 2014 4:20 PM