From the press release, verbatim (cross-posted from "Unfettered"):
Citect reassures its customers on the security
of their SCADA networksSydney, Australia [June 12, 2008] – Citect has moved to reassure its SCADA customers
they are extremely unlikely to be at risk from potential security breaches found by Core
Security Technologies in Windows-based control systems utilizing ODBC technology, so long
as their systems are protected by industry-standard security guidelines.Citect and other SCADA and Control vendors have been communicating potential
vulnerabilities of control systems when they are connected to the internet for some time.
However, Citect believes this is only relevant to a company using ODBC technology and
directly connecting its system to the internet with no security in place – a situation unlikely in today’s business environment.Citect’s Global CEO, Christopher Crowe, says, “The security of our customers’ control
systems is of paramount importance to us. Though we have not had any reports of breaches,
we are contacting our customers globally to confirm they have followed recommended
network security measures. We have also developed a patch for those companies that might
not be able to implement necessary network security measures promptly.”Citect has been designing SCADA software for 21 years and educating the market about
network security. Citect follows, and recommends to its customers, industry best practices in
the development and implementation of control systems. Citect’s position on SCADA and
process control network security remains unchanged – SCADA systems, like any business
systems, must be protected from unauthorised access via the internet. They must be secured
by robust protection including firewalls, intrusion detection systems and VPNs. There are
basic security measures published by various organizations. Citect advises customers on
network security and has published whitepapers to further educate the market: Visit
www.citect.com for more information.