Process control security an IT thing says Sourcefire

By

"Nine times out of 10 SCADA runs an old Windows system".

The recent attacks against SCADA systems should be a wake-up call to the managers of in-house process controls.

Process control security an IT thing says Sourcefire
Credit: Flickr

Process control security should come under IT's remit, according to Sourcefire EMEA technical director Dominic Storey.

“One technology doesn't grasp how many control nodes are now in the business, you only need to look at a major organisation to see how malware gets in,” he said.

This week saw attacks against SCADA-based systems in Illinois and Houston, and Storey said they were the beginning of a trend.

“The thermal stress caused the damage [to the water pump in the first attack]; this is something we talk about when customers deploy intrusion prevention systems (IPS). It cannot determine an advanced persistent threat (APT) as, once it is in, it is largely useless, so that is where intrusion detection systems (IDS) helps through anomaly detection analysis.”

Storey predicted a "perfect storm" as there is no best practice for connecting network security layers for SCADA-based systems. “There is no way of looking for connected sensors or what came from a sensor,” he said.

“Also, think of SCADA as a hardware system, nine times out of 10 it is an old Windows system, so often there are vulnerabilities. Technology needs to be proactive and able to take action.”

Asked what administrators can do to protect themselves against attacks to SCADA systems, Storey said they should allow an IDS to define a way to write rules; he also claimed that ‘Snort' is perfect for this.

“Focus on protecting, know what the devices are and have a back-up plan if you cannot detect something with a rule. Put together you have a pragmatic solution. A lot of people think of SCADA as power and water, but think about a manufacturer like Heinz, Guinness or DHL; if their system breaks down or is compromised, it is a huge issue.”

Storey said the best way to think of SCADA was as the "third network" after the data centre and office automation. He said: “This is not the end of the line for this, we will see more power outage, but it will take a large brand to be hit for it to be taken seriously.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
data breachhackingscadasecuritysourcefire

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?