One answer as to why control systems are still so vulnerable

May 13, 2018
One reason control systems are still so vulnerable is the lack of understanding by IT security and the lack of participation in the control system security process by control system experts.

The following question was asked May 12, 2018 on the SANS ICS Community site: “I am gonna assess hydro power plant running several turbine generators controlled by SCADA Scala 250 from Andritz. This a very specific ICS environment.  I am curious if someone here has any experience with this kind of assessment with hydro power plants and power turbines. I need to know what's the most critical functional blocks here and where to focus.”

There are several issues screaming about this post. Doesn’t the operator understand the need? In reality, why was the operational group that understands SCADA not involved? Why was the IT security organization that doesn’t understand SCADA putting out the RFP and making the vendor selection? How can the operator accept an assessment by someone having to reach out to even understand what to assess? Unfortunately, this is the norm not the exception.

For those that don’t believe this is a disaster waiting to happen, read

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.