Vulnerabilities / Threats
2/12/2013
12:58 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

SANS Releases First Of Its Kind Deep-Dive Survey On SCADA Security Practices

Survey revealed that respondents are putting most of their security focus on the computers operating their proprietary control systems

BETHESDA, Md., Feb. 12, 2013 /PRNewswire-USNewswire/ -- According to a survey of nearly 700 SCADA and other control system operators, awareness of risk is high, while protections are lagging.

"Control system cyber assets are vulnerable, threats are escalating and the industry is aware of these facts," says survey paper author Matthew Luallen, a senior SANS analyst and SCADA/process control system expert who teaches on this subject at DePaul University. "Stuxnet can be cited for finally raising risk awareness, but some of this awareness is experiential: In the survey, 33% of respondents know or suspect they've been breached."

Sponsored by ABB, Industrial Defender and Splunk, the survey revealed that respondents are putting most of their security focus on the computers operating their proprietary control systems. Unfortunately, they're doing so to the neglect of the Program Logic Controllers and other proprietary SCADA devices running atop of these computers, which have little or no native security.

"Operators need to better align their security and compliance programs with their most critical directive of preventing disruptions to service or operations," advises Deb Radcliff, executive editor of the SANS Analyst Program.

"SCADA operators should layer their security and work with their control system vendors -- who are also aware of the risk and making improvements."

Readers are invited to attend a SANS webcast to learn the full results of the survey. This webcast is scheduled for February 20, 2013, at 1 PM EST. Those who register for the webcast will also receive an advanced copy of the published results paper developed by Mr. Luallen.

"This is the first time I have seen a succinct review of the problems faced by all industries using SCADA technologies," says Barbara Filkins, SANS analyst, advisor to the survey and healthcare privacy expert. "I'm voluntary president of our mutual water company and our board is considering installing a SCADA system.

I will definitely use some of the findings in this survey to help guide our selection."

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted, and by far the largest, source for world-class information security training and security certification in the world. GIAC, an affiliate of the SANS Institute, is a certification body featuring over 20 hands-on, technical certifications in information security.

SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. (www.sans.org)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.