Tofino Security article: SCADA Cyber Security Problems

SCADA Cyber Security Problems - Just How Common are the Programming Errors?

The discovery of SCADA-security issues by Luigi Auriemma and Siemens PLC weaknesses by NSSLabs this year is interesting from a software-engineering point of view. Having been active in the development of industrial controllers, embedded devices, PLCs and machines, I have experienced the other end of the cyber security problem - not how vulnerabilities must be stopped, but the ease with how they are created.

Auriemma has tried to find the source of the SCADA leaks by disassembling the code and finding the root cause of all 34 leaks. It is interesting to read that the “Buffer Overflow” error is one of the most common. It is so common that it is listed as #3 in the “Mitre TOP-25 most dangerous programming errors” list (No. 1 and 2 are website programming errors).

Read the entire article by Rob Hulsebos on the Practical SCADA Security blog http://www.tofinosecurity.com/blog/scada-cyber-security-problems-%E2%80%93-just-how-common-are-programming-errors

What are your comments?

You cannot post comments until you have logged in. Login Here.

Comments

  • Security issues with SCADA systems are rapidly expanding, creating new challenges for operators. This escalation in security concerns is due to increased awareness of these systems, changes in systems and configurations, creating new - and in some instances - increased vulnerabilities, and personnel (training) related issues in increasingly complex environments. Taking the necessary steps to identify and address these risks is not an option, but an imperative. Coupled with emerging security challenges, changes in the current regulatory environment of increased enforcement has compelled operators to address compliance with regulatory requirements, industry standards, industry guidelines, industry-best practices and corporate policies and procedures.

     with Regards..

    Aayesha Gilbert

    Reply

RSS feed for comments on this page | RSS feed for all comments