SCADA systems again under attack

Thursday, June 12, 2008

Lot of of new attack vectors and vulnerabilities are coming up in SCADA and Process Control Networks which can expose very critical businesses to exploitation but we need to keep in mind that SCADA, PLC and Process Control networks should be kept internal and closely guarded, these types of networks should never be connected to internet and yes Multi-layer defenses should be used to protect them because surely thats the bread and butter for energy companies and if energy can be diverted into wrong direction it can have very bad consequences.

Another interesting attack vector for exploiting SCADA and Process Control Networks to me is an Insider because Traffic inside the Perimeter is usually not monitored, Insiders have more information about the network like where those systems are located and who are the administrators. So SCADA And Process Control Networks should not just be firewalled, Jailed but even monitored every packet should be logged and very tight physical controls should be implemented because Insiders are not just going to attack computers they can be very good social engineers too.

Attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday.

Experts with Boston-based Core Security Technologies, who discovered the deficiency and described it exclusively to The Associated Press before they issued a security advisory, said there's no evidence anyone else found or exploited the flaw.

Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem.

But the vulnerability could have counterparts in other so-called supervisory control and data acquisition, or SCADA, systems. And it's not clear whether all Citect clients have installed the patch.

SCADA systems remotely manage computers that control machinery, including water supply valves, industrial baking equipment and security systems at nuclear power plants.

Customers that use CitectSCADA include natural gas pipelines in Chile, major copper and diamond mines in Australia and Botswana, a large pharmaceutical plant in Germany and water treatment plants in Louisiana and North Carolina.

For an attack involving the vulnerability that Core Security revealed Wednesday to occur, the target network would have to be connected to the Internet. That goes against industry policy but does happen when companies have lax security measures, such as connecting control systems' computers and computers with Internet access to the same routers.

A rogue employee could also access the system internally.

Security experts say the finding highlights the possibility that hackers could cut the power to entire cities, poison a water supply by disrupting water treatment equipment, or cause a nuclear power plant to malfunction by attacking the utility's controls.

That possibility has grown in recent years as more of those systems are connected to the Internet.

The Citect vulnerability is of a common type. Called a 'buffer overflow,' it allows a hacker to gain control of a program by sending a computer too much data.

'It's not a very elaborate problem,' Ivan Arce, Core Security's chief technology officer, said in an interview. 'If we found this thing _ and this was not that hard _ it would be easy for someone else to do it.'

Citect is a subsidiary of French power-equipment giant Schneider Electric SA. Company representatives did not return repeated calls for comment.

Citect said in a statement included in Core Security's advisory that customers should isolate their SCADA systems entirely from the Internet or make sure they use firewalls and other technologies to prevent the systems from talking to the outside world.

Normally, the facilities that use SCADA systems fix flaws privately and very little is revealed publicly about any problems.

What's clear is that such control systems are increasingly vulnerable to Internet-borne threats, since viruses and worms have disrupted service in power plants, automobile factories and gasoline pipelines _ even when those facilities weren't targeted.

Alan Paller, director of research for the SANS Institute, which operates the Internet Storm Center, an early warning system for computer attacks, said Core Security Technologies' discovery shows many major facilities may remain vulnerable.

'It dashes the defense of, 'We're different, we don't have that kind of problem,'' Paller said. 'That's why this is significant.'


  © Blogger templates Newspaper by 2008

Back to TOP