May 17, 2007 - The first remotely-exploitable vulnerabilities in Supervisory Control And Data Acquisition (SCADA) systems have been identified by researchers. Five problems have been discovered in the OPC protocol - the Object Linking and Embedding for Process Control industry standard - which is used to enable plant data to be communicated between control devices made by different manufacturers. SCADA technologies are employed to remotely manage the distributed measurement and control systems that form the operational backbone in industrial organisations operating electrical power grids and oil and gas refineries, for example. The vulnerabilities mean that industrial organisations are vulnerable to denial-of-service and performance-reducing attacks.
Companies need to act now and take measures to secure their SCADA systems, as this threat is set to increase warns Innominate’s CEO, Joachim Fietz." Concerns regarding the security of SCADA systems has often been overlooked by IT directors, but the confirmation of five different remotely-exploitable vulnerabilities should set alarm bells ringing,” comments Joachim Fietz, CEO, Innominate. “While the situation is currently not critical, ageing operational technologies are being linked to more and more IP-based tools which increases the scope and variety of IT attacks they are exposed too. If an industrialised company’s SCADA systems suffer a denial-of-service attack, the financial losses and damage to reputation are massive.
To prevent this potential disaster, we strongly recommend that IT directors implement holistic industrial security measures such as Innominate’s mGuard solution.”
About the Article
This article appeared on the InfoWorld website: http://weblog.infoworld.com/zeroday/archives/2007/05/infrastructure.html
About Innominate Security Technologies AG
Innominate Security Technologies AG is the market and technology leader for embedded security used in industrial applications. The German security specialist has two strategic business fields: "Industrial Ethernet Security" and "Secure Remote Maintenance" for machines and industrial plants. With its mGuard product family, supplemented by a device management software, Innominate offers hardware firewall, VPN and virus protection functions. mGuard solutions are sold and distributed via OEM (Original Equipment Manufacturer) partners and a network of national and international partners.