What ARE the vendors really building?

June 17, 2008
The major control system suppliers are claiming they provide tested secure DCS and SCADA systems. To my knowledge, at least four major control system suppliers, in this case 3 DCS and one SCADA, are providing less security than advertized. In one DCS case, the vendor told me how secure their system was and specifically identified one showcase utility. Unfortunately for them, I knew the utility and the utility engineer. The engineer was so disappointed in the vendor not listening to his needs h...
The major control system suppliers are claiming they provide tested secure DCS and SCADA systems. To my knowledge, at least four major control system suppliers, in this case 3 DCS and one SCADA, are providing less security than advertized. In one DCS case, the vendor told me how secure their system was and specifically identified one showcase utility. Unfortunately for them, I knew the utility and the utility engineer. The engineer was so disappointed in the vendor not listening to his needs he made a presentation on security deficiencies the vendor would not address. In the second case from a different DCS vendor, the vendor recently performed factory acceptance testing without security being addressed even though I was told by the supplier that security testing is standard procedure. In the third case from another DCS vendor, the DCS is currently being procured and staged. The vendor claims they automatically secure their systems. However, when the utility engineer questioned the vendor, the vendor stated they would need additional funding for security and even asked the utility to delay the implementation to address security. In the SCADA case, the vendor was using the full suite of Microsoft web services without recognizing the security implications. What is really going on with our vendors? Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.