[ISN] Securing SCADA systems still a piecemeal affair

http://www.csoonline.com/article/727445/securing-scada-systems-still-a-piecemeal-affair By Lucian Constantin IDG News Service January 23, 2013 ReVuln, a Malta-based security startup that specializes in vulnerability research, is working on a product that could allow companies to protect their SCADA (supervisory control and data acquisition) software installations against entire classes of vulnerabilities. In the meantime, the company is developing and selling custom patches for SCADA software vulnerabilities that have yet to be addressed by the vendors. For several years now security researchers have warned that SCADA software is riddled with serious vulnerabilities and often lacks the most basic security controls. Adding to this problem is the fact that many industrial control system owners are increasingly exposing SCADA management interfaces to the Internet for the convenience of remote administration. Many security researchers would like SCADA systems to be re-engineered with security in mind, but that’s a long-term goal at best. For now, even patching known vulnerabilities is a complicated affair in the SCADA world. Many SCADA vendors don’t release security patches in a timely manner and even when such patches do get released, it can take a very long time for them to be deployed on vulnerable systems. SCADA systems are often used to monitor and control critical processes, so any code changes, like those introduced by patches, need to be thoroughly assessed so they don’t affect system stability and availability. In addition, since SCADA systems are designed for continuous operation, in many cases their owners can’t afford to regularly restart the management software to apply new patches. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org