nCircle.com >> 360 Security

« The TKs for the story | Main | SCADAGard SIG To Be Established »

SCADA Sickness

Q: “What’s the biggest issue or gotcha I need to know about auditing SCADA devices?”
A: “You should know that typically SCADA systems run on legacy hardware and software which often times don’t support granular security restrictions.”

A few weeks back I attended an IT security conference here in San Francisco. In hopes of learning something new, I decided to follow the energy sector track. Having no personal prior working experience in energy, this should all be new, exciting and thrilling to see security from a different angle. The result, it was more frightful than a good haunted house.

First session – Auditing the SCADA Enterprise. Interesting topic. How does one go about auditing devices, which control everything from beer making, snow machines, car manufacturing and power generation? My mind wanders… nCircle has plenty of energy customers. I know for sure that VERT deals with these questions every day. What about nCircle’s profiling makes it unique to ensure we don’t interrupt the manufacturing process? I bet some of these energy people have horror stories I could bring back to the office.


Paper and pen in hand – lets go.

Slides 1 thru 10 – Policies, Standards and Procedures.
Slides 11 thru 15 – Passwords. Every one should use a password. What makes up a good password?
Slide 16 – Logon legal notice
Slides 17 and 18 – Concept of least privileged and consider disabling unused services.
Slide 19 – use Virus protection
Slide 20 – backups are a good idea.

Yeah slide 33 - rehash the prior 32 slides but global replace key word with ‘SCADA’.
Slide 39 – thanks for coming.

Inside I began to scream, “Get me out of this Kindergarten security school! Wake up quick, you have fallen asleep!” Then my blackberry vibrates. Its not a nightmare, I’m still here, awake and now even more frightened than ever.

Stay seated, be polite, and listen carefully. Maybe everyone is as confused as I. Perhaps, they feel the same. Questions exchanges volley back and forth.

Q: “Do you think it’s a good idea to put our SCADA systems behind a firewall?”
A: “Well, they at least shouldn’t be on a public network”

Q: “What if all our operators use the same login. Do you think that’s a good idea?”
A: “Consider giving everyone their own unique login with a password”.

Sweat beads…job security…massive power outages…

And so I ask

Q: “What’s the biggest issue or gotcha I need to know about auditing SCADA devices?”
A: Time to go back to the office and be productive.

Posted by storms on October 19, 2006 9:00 AM |

Search


About

This page contains a single entry from the blog posted on October 19, 2006 9:00 AM.

The previous post in this blog was The TKs for the story.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]