Re:I develop scada software... Forbes is FUD (Score 1)

Well I've done security audits for these systems and well lets see here: >>> The long story short is that most of these installations are physically protected from intrusion. Dude; I've done security audits on pipe-lines and electric power grids. Just because a substation in the middle of time-buck-two has a lock on the door doesn't mean the lock actually gets used. >>> First rate firewalling, ... A huge percentage of firewalls deployed even by pros have at least 1 large error in them. ( http://csdl2.computer.org/persagen/DLAbsToc.jsp?re sourcePath=/dl/mags/co/&toc=comp/mags/co/2004/06/r 6toc.xml&DOI=10.1109/MC.2004.2 ) And you obviously haven't developed SCADA software long-enough to realize that on the average Plant-floor, the knowledge required to properly construct and deploy a firewall just isn't there. The rift between the "Scada Engineering" crowd and the "IT" crowd is larger than you think. >>> and in most cases, complete seperation of internet and operations systems are in place. Oh wow ... not directly connected to the Internet. Hmmm, that's a tough one, Not! On average, I've found in security audits on site, 50% more network access/entry points than what the companies security officer knew about. And separation between Control and Enterprise network, you're blessed if you have a Cisco Firewall as protection. (Until the 3am Engineer puts in the remote dial-in modem completely screwing over your cooperate security ) >>> Physical alarms and access controls, id badges, Amazing how you can audit the physical access controls, simply with kind-words and a smile. (Thank you Mr Mitnick) >>> and real security guards do the rest. Yeah, 15 to 20 security guards, one some facilities covering 10 square miles. >>> I am not naive enough to suggest that any such situation is 100% perfect, Good, shows you may have learned something while "Developing Scada Software" >>> but at the very least, we are not talking about script kiddies. The problem that I've found, is that we're not even putting in enough to stop the script-kiddies. When a simple port-scan of a Scada device may "brick it" (Brick It: send it back to manufacture to get replaced) think what even script-kiddies can do. >>>If someone has a real reason or agenda to break into these systems, and enough money and skillful crackers, they will get in. You don't need money, nor skillful crackers. In the last stages of the "World Wide War-drive" effort of a year or two back, they started to get Wireless Scada networks being reported. :-) >>> For example, WiFi ethernet networks are almost never used in these types of systems Dude, they don't have to be used directly on the Control-Network. With the number and types of connections between Control Network and enterprise growing, the hacker just needs to find 1. I've see and heard first hand accounts of Security professionals doing security audits on the Enterpise network and finding themselves with access to control network gear. One particular chap, did an audit of a Cookie factory's Office network, and his scanner tool found a hole in the Control network firewall that resulted in 1million in wasted cookie dough. Now wireless use on these systems; have you had your head in the sand for the last year or 2 ? Get real! It's the typical flood of technology again, easy of use before any thought of the security implications. >>> -- that doesn't have the engineering necessary for this kind of data. Instead, proprietary solutions with microwave dishes, and other forms of FCC/CRTC licensed data radios are used. >>> While proprietary != secure, it does mean that a wardriver looking for an open access point isn't equiped to mess with these systems. Please don't challenge the Pringle-can boys. I can hear them rushing down to Radio-Shack now. >>> Furthermore, scada systems have some intelligence on the terminal ends: Have you run even a basic security scanner against on of these types of devices. I Have. It's my job, and the results are scary. Nothing like hard-crashing a device simply by port-scanning it. Or more worrisome than finding buffer overflow exploits in the embedded web-servers of these devices that permits you to execute code. These devices aren't that intelligent, partly due to the fact the their expected lifespan can easily be 15 years. New devices, latest generation system, yes they got more brains, and ability. But from my expereince more brains and abilities usually equals more vulnerabilities. >>> hard wired or epromed/flashed programs running that usually have safety cutouts that prevent the hardware from doing something bad by dropping into a safe state. For a Certified Safety system, yes. For the typical Programmable Logic Controller not a chance. There are PLCs out there that can be "bricked" with a single bad packet. Bricked = replace with new one ( power-cycle and firmware load can't recover them ) . >>>> I won't go on boring everyone with the details, but what it comes down to is that the systems are sufficiently complex that it is cheaper, easier, and more effective to physically disrupt them, so there is not much point hacking or cracking them. Nice point, until you realize that the Physical disruption is opposite of what is actually going on. These systems are getting more and more integrated and enmeshed into the standard corporate networks that access is almost a given. For example, while doing a security audit of a network a colleague found himself not even in the clients network, but on a scada network that the client's scada network was VPN connected to. It's not just your companies security you need to worry about, but also the security of the companies that your connected to. >>>> In any case, in the automation world, this was news about 2 months ago, and taken into account in plant operations (mostly by noticing that the physical security and networking configurations prevent the attacks from the outside to begin with) without the kind of panic that Forbes is trying to fob out the unsuspecting C.O's (thats a regex .) Dude, have a look at this Symantec white paper ( http://ethernet.industrial-networking.com/articles /articledisplay.asp?id=1823 ) Then tell everyone again that is was taken into account.