Wednesday, February 13, 2013

SCADA Systems Risks Still High Despite Increased Awareness Finds SANS Survey




SCADA vulnerabilities are those that affect systems supporting critical infrastructure, such as utilities and water distribution.


Security in SCADA systems, which control a wide range of industrial and critical infrastructure facilities, has come under increased scrutiny since viruses like Flame and Stuxnet prompted an uptick in vulnerability disclosures.  


A recent survey report conducted by SANS (SysAdmin, Audit, Network, Security) Institute’s analyst Matthew Luallen, suggests that despite the high risk awareness, proper measures to protect are behind.



   Photo courtesy of www.defensetech.org


President Obama’s Executive Order issued just before the State of the Union Address aims to toughen Cyber Security.
SCADA systems were deemed vulnerable and likely targeted in future attacks on key infrastructure systems
“Control system cyber assets are vulnerable, threats are escalating and the industry is aware of these facts,” says Luallen. “Stuxnet can be cited for finally raising risk awareness, but some of this awareness is experiential: In the survey, 33% of respondents know or suspect they’ve been breached.”


“I’m voluntary president of our mutual water company and our board is considering installing a SCADA system. I will definitely use some of the findings in this survey to help guide our selection,” said Barbara Filkins, a SANS analyst, advisor to the survey and healthcare privacy expert.


The study concludes that work still needs to be done in order to have proper security in the SCADA systems, and solutions’ providers should work closer with security experts to improve the security.


Want to join the security conversation or would like a copy of the report? 


Send me a note.


References:


2. The White House, Office of the Press Secretary, Executive Order, Improving Critical Infrastructure Cybersecurity