Submission + - SCADA: 10 Years Behind Enterprise IT Security (securityweek.com)
wiredmikey writes: A recent burned out water pump at a public utility has once again put SCADA and Industrial Control Systems security in the spotlight.
Several experts have chimed in on the matter, with some saying that SCADA Security is typically a decade behind other large enterprise security systems.
Why? These Industrial Control Systems were never intended to be connected to the Internet, and lack many of the security controls and features that most modern IT systems have in place. Additionally, many critical infrastructure systems are running older operating systems such as Windows 95 – something that brings its own set of security issues.
Another expert said the security problems with SCADA software are twofold: One is the prospect of security vulnerabilities in the software itself; the other is improper configurations and bad security around the software.
The challenges are exacerbated by such systems being connected to the Internet, which can be discovered and potentially breached....
Several experts have chimed in on the matter, with some saying that SCADA Security is typically a decade behind other large enterprise security systems.
Why? These Industrial Control Systems were never intended to be connected to the Internet, and lack many of the security controls and features that most modern IT systems have in place. Additionally, many critical infrastructure systems are running older operating systems such as Windows 95 – something that brings its own set of security issues.
Another expert said the security problems with SCADA software are twofold: One is the prospect of security vulnerabilities in the software itself; the other is improper configurations and bad security around the software.
The challenges are exacerbated by such systems being connected to the Internet, which can be discovered and potentially breached....