Robert Lemos, SecurityFocus 2006-06-16
The outing of a simple crash bug has caused public soul-searching in an industry that has historically been closed-mouthed about its vulnerabilities.
Colapse all |
Post comment
SCADA industry debates flaw disclosure
2006-06-17
Dion Stempfley
Dion Stempfley
It has always amazed me how the application vendors for control systems software will speak about implemented architectures differently depending on who they are addressing. When talking about security they will clearly hype the "closed nature" of the environments and describe the barrier that shou...
[ more ] [ reply ]
[ more ] [ reply ]
NT on SCADA networks? Gee...
2006-06-19
assurbanipal (2 replies)
assurbanipal (2 replies)
NT crapboxes still found on SCADA nets... I don't know you, but that scares me more than Qaeda's threats!
Micro$oft software shouldn't be allowed to run our critical infrastructure; it simply can't do it reliably. Let's forbid that by law....
[ more ] [ reply ]
Micro$oft software shouldn't be allowed to run our critical infrastructure; it simply can't do it reliably. Let's forbid that by law....
[ more ] [ reply ]
Re: NT on SCADA networks? Gee...
2006-06-19
Anonymous (1 replies)
Anonymous (1 replies)
Unfortunately, you'll never make that argument stick. After all, the Navy uses it as a standard platform for battleships too. It's a dollars and sense problem and the case has been made to support Win32. So, Right or wrong, let's get past the OS bash and move to real problems. How to do mission ...
[ more ] [ reply ]
[ more ] [ reply ]
SCADA industry debates flaw disclosure
2006-06-19
Dion Stempfley
Dion Stempfley
(An earlier post attempt seemed to fail, so if it shows up and seems to repeat much of this, I'm sorry)
As an industry, the SCADA and control systems technology providers have been kicking and screaming as they have been dragged into the modern world of application providers. It is no surprise t...
[ more ] [ reply ]
As an industry, the SCADA and control systems technology providers have been kicking and screaming as they have been dragged into the modern world of application providers. It is no surprise t...
[ more ] [ reply ]
SCADA industry debates flaw disclosure
2006-07-26
Anonymous (1 replies)
Anonymous (1 replies)
The issue that is making itself more prevalent, is the demand by the Utilities to expose more of these apps to the Internet while spending 0 dollars to enhance them. In the past all of this was private network and not having to run throught the coporate side as it is now. the utilities need to start...
[ more ] [ reply ]
[ more ] [ reply ]
Re: SCADA industry debates flaw disclosure
2006-08-01
Anonymous (1 replies)
Anonymous (1 replies)
To a certain extent, some utilities are, including the one I work for. Our SCADA systems are being migrated to a protected network, totally isolated from the utility side, with ports locked down and only communicating to specific servers on the DMZ. The data that has to be sent to the utility side ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: SCADA industry debates flaw disclosure
2006-08-24
Anonymous
Anonymous
Everything that you have described as having done to secure your SCADA systems is no more than what is considered to be basic Best Practices for all networks. Most security specialists would probably agree that these basic Best Practices are a good start. Have you completely eliminated unencrypted...
[ more ] [ reply ]
[ more ] [ reply ]
SCADA industry debates flaw disclosure
2006-10-12
Anonymous (1 replies)
Anonymous (1 replies)
I am assuming that most of these comments in this froum come from people in the US. The situation appears similar in Euro, with pressure from corporate management to connect enterprise systems to the SCADA that controls the network.
On a slightly unrelated note, whilst I agree with the comments i...
[ more ] [ reply ]
On a slightly unrelated note, whilst I agree with the comments i...
[ more ] [ reply ]
Re: SCADA industry debates flaw disclosure
2008-11-20
Anonymous
Anonymous
Reading this does make me laugh quite a lot. I find it hilarious that people contain such double standards. While exposing the SCADA to a network/internet does open up vulrabilites - by not opening it up does not make it bullet proof. If you have a serial port on a pc, and 2 clips you can effectivel...
[ more ] [ reply ]
[ more ] [ reply ]
http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,108735,00.html?source=x583...
[ more ] [ reply ]