Vulnerabilities / Threats
2/12/2013
12:58 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

SANS Releases First Of Its Kind Deep-Dive Survey On SCADA Security Practices

Survey revealed that respondents are putting most of their security focus on the computers operating their proprietary control systems

BETHESDA, Md., Feb. 12, 2013 /PRNewswire-USNewswire/ -- According to a survey of nearly 700 SCADA and other control system operators, awareness of risk is high, while protections are lagging.

"Control system cyber assets are vulnerable, threats are escalating and the industry is aware of these facts," says survey paper author Matthew Luallen, a senior SANS analyst and SCADA/process control system expert who teaches on this subject at DePaul University. "Stuxnet can be cited for finally raising risk awareness, but some of this awareness is experiential: In the survey, 33% of respondents know or suspect they've been breached."

Sponsored by ABB, Industrial Defender and Splunk, the survey revealed that respondents are putting most of their security focus on the computers operating their proprietary control systems. Unfortunately, they're doing so to the neglect of the Program Logic Controllers and other proprietary SCADA devices running atop of these computers, which have little or no native security.

"Operators need to better align their security and compliance programs with their most critical directive of preventing disruptions to service or operations," advises Deb Radcliff, executive editor of the SANS Analyst Program.

"SCADA operators should layer their security and work with their control system vendors -- who are also aware of the risk and making improvements."

Readers are invited to attend a SANS webcast to learn the full results of the survey. This webcast is scheduled for February 20, 2013, at 1 PM EST. Those who register for the webcast will also receive an advanced copy of the published results paper developed by Mr. Luallen.

"This is the first time I have seen a succinct review of the problems faced by all industries using SCADA technologies," says Barbara Filkins, SANS analyst, advisor to the survey and healthcare privacy expert. "I'm voluntary president of our mutual water company and our board is considering installing a SCADA system.

I will definitely use some of the findings in this survey to help guide our selection."

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted, and by far the largest, source for world-class information security training and security certification in the world. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 20 hands-on, technical certifications in information security.

SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. (www.sans.org)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web