This week, 23 vulnerabilities in industrial control software – specifically SCADA software – from several vendors have reportedly been found by a researcher at security firm Exodus Intelligence.
This follows the revelation of unreported SCADA application vulnerabilities from some of the same manufacturers, as exposed by Italian security company ReVuln last week.
Ross Brewer, vice president and managing director International Markets, LogRhythm, has made the following comments:
While cyber attacks on SCADA systems may be rare when compared to the astonishing number of incidents involving web applications or enterprise IT networks, the threat they pose are disproportionately severe.
With SCADA software being primarily responsible for critical operations and national infrastructures, an attack of this nature could not only result in the loss of data, but can also cause damage to physical assets and in certain scenarios, the loss of life. As such it’s no surprise that arguably most notorious cyber attacks of the past couple of years – such as the Stuxnet and Flame viruses – have been SCADA breaches.
Fundamentally, SCADA systems were never really designed to be secure – at least not from an IT perspective. With much of existing national infrastructure developed prior to the rise of the Internet, the focus of control system security is often limited to physical assets.
This latest discovery of a host of SCADA vulnerabilities should therefore make it clear to organisations and governments alike that lax security is never an option and they must urgently re-examine the tools that are currently defending our control systems.
Unfortunately, traditional perimeter cyber security defences such as anti-virus software are no longer enough to ensure protection – the Flame virus for example, avoided detection from 43 different anti-virus tools and took over two years to detect. Instead, what’s required is continuous monitoring of all log data generated by IT systems, so that organisations can automatically baseline normal, day-to-day activity across systems and multiple dimensions of IT infrastructure.
This would enable the real-time detection, response and investigative analysis of even the most sophisticated attacks that go against this definition of normal behaviour. In order to subvert this approach, hackers would have to simultaneously break into their target SCADA systems, and into the log management system to modify specifically the pieces they were looking for – a very difficult if not impossible task.
With the increasing computerisation of critical infrastructure services, only by adding these additional levels of protection can anomalies be identified in real-time and cyber threats be responded to.”