Majority of SCADA systems fall outside of standard IT protection
08 September 2010
SCADA systems are firmly on the target list for criminals, hackers and virus distributors, says a leading data defence specialist. David Robinson, UK and Ireland country manager at Norman Data Defense says large organisations are just as vulnerable as smaller companies, with recent attacks on their control systems showing just how ‘at risk’ these and many other organisations that operate these systems are.
The recent security breach of a major automation company was reportedly caused by the Stuxnet virus being carried on a USB memory stick. This new type of virus has a boot file built-in. This activates as soon as the memory stick is powered up on insertion into a USB port. But, warns Robinson, who has fifteen years experience working with companies such as Mitsubishi, Rockwell and Intellution it’s not just memory sticks that are putting these systems at risk.
"These days anyone with a laptop or a device that connects remotely to a wireless network inside a company’s firewall, is putting that company at risk," he says. "It will just be a matter of time before Stuxnet is evolved to wreak havoc on control systems and any other system that the user connects to if their laptop or portable device is infected.’
Norman Data Defense recently carried out research among ordinary workers and found that over half of people surveyed are more cautious with security issues when using their own PC/laptop that they are with their work one. And over three quarters of people would expect a pop-up to appear on their screen to alert them to a breach of security which of course is not always the case.
Microsoft has issued patches to help Windows system users to protect themselves against Stuxnet, but, warns Robinson: ‘My fear is that, with patch management protocols rarely in place in a control system environment, these warnings will go unheeded.’
Contact Details and Archive...