Samker's Computer Forum - SCforum.info

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Pez on 21. November 2011., 09:44:46

Title: Is This SCADA Hacking Friday? (Friday, November 18, 2011)
Post by: Pez on 21. November 2011., 09:44:46

Today’s infosec news focuses on several possible incidents of penetrations at water utility companies. Elinor Mills at C|Net posted a story on a potential compromise last week at a Springfield, Ill., water company that may have resulted in physical damage. Meanwhile Gareth Halfacree at thinq has a writeup on a potential South Houston water supply network compromise.

Questions I often hear concerning incidents like this range from “How easy is it to attack SCADA networks?” to “Are we going to see more of these types of attacks?” The answers are quite simple.

It is really no more difficult to attack a SCADA network or system than it is to attack any other system. It just takes time, certain types of knowledge, and dedicated resources for developing the attack–same as any other attack vector or target. The second question is trickier.

Certainly we may see more SCADA-based or SCADA-focused attacks in the future. Attackers tend to target systems that can be successfully compromised, and recent history has shown that these systems are at least as vulnerable as other types of networked systems. But that isn’t really the point. In my mind, the second question often morphs into “How do we know they are not already compromised and actively under attack now?”

My gut tells me that there is greater targeting and wider compromise than we know about. Why? Again, my instincts tell me that there is a lack of cyberforensics and response procedures at most of these facilities. If you do not have cyberforensic capabilities, it is kinda hard to know if you have a cyberintrusion. Does this mean that I think it is cyber-Armageddon time? No, but it is certainly prudent to evaluate our systems and ask some questions.

The point has already been proven: SCADA networks and components are susceptible to attack just like any other networked computer system, and we see them getting attacked more and more often. So what should SCADA network administrators do?

Include “cyber” in all risk management
Set up extensive penetration testing
Set up extensive counter-social engineering training
Put a SCADA-specific CERT plan and team in place
Network with law enforcement at all levels
Expect to get attacked and take appropriate countermeasures

Orginal article: Friday, November 18, 2011 at 10:49am by David Marcus
http://blogs.mcafee.com/mcafee-labs/is-this-scada-hacking-friday (http://blogs.mcafee.com/mcafee-labs/is-this-scada-hacking-friday)

Title: Re: Is This SCADA Hacking Friday? (Friday, November 18, 2011)
Post by: Samker on 21. November 2011., 11:37:53

Quote

Questions ... “How easy is it to attack SCADA networks?” ...

...

It is really no more difficult to attack a SCADA network or system than it is to attack any other system. It just takes time, certain types of knowledge, and dedicated resources for developing the attack–same as any other attack vector or target.

Scary...  :-X