Henry Dalziel | Concise Courses, SCADA News and Training | April 24, 2013
The world lives and breathes SCADA. Along with oil, SCADA make the world go around. However, many people outside the information security community don’t know what SCADA actually is, so lets start with a brief overview. Manufacturing, energy and transportation infrastructures are all critical systems that allow our society and economies to operate, but there’s a problem, that is that they are all in serious need of protection because they are inherently vulnerable. These vital systems are largely based on legacy SCADA and Industrial Control System (ICS) products and protocols and in some instances are decades old, a feature which is fairly typical of software platforms developed in the late 80’s or early 90’s. Despite the shortcomings and in many cases absence of security these vital industries merged with network technologies like Ethernet and TCP/IP – meaning that these systems are now Internet facing. That’s not good.
World renowned SCADA expert Justin Searle recently appeared on a Hacker Hotshot episode and explained how attitudes to SCADA security are rapidly changing, primarily due to the threat of cyber terror. Justin highlighted the fact that Stuxnet, and all the siblings that have come out of that notorious worm, and the Saudi Aramco compromise last summer, have brought SCADA security to the forefront and SCADA training has never been more important and vital to protect our critical systems (more on our Concise Courses SCADA training package at the end of the post).
We are still a long way from SCADA-free vulnerability attacks
Given the fact that industrial systems tend to have a 20 year life cycle, in some instances it will be several years before more robust ICS and SCADA devices and protocols are commonplace. In the meantime all legacy control systems are wide open to attack from hackers of all abilities. Searches using Shodan and scans using PunkSPIDER alongside PunkSCAN makes finding SCADA vulnerabilities and exploits very easy.
May 21st, we are going to be giving a live demo showing hackers can destroy an automation plant and insert malware – using a USB! (For those who can’t wait until the event and are curious as to how that is possible, the USB would contain a payload with Metasploit 4.0 that would then infect a SCADA supervision station. If you are reading this post after May 21st don’t worry – the link in this paragraph is a perma-link.
Gimme some good news please!!!
Yes there is some good news. There is an effective and relatively simple solution to protecting our infrastructure, called: “Deep Packet Inspection”. In fact, according to our research here at Concise Courses, Deep Packet Inspection (DPI) is really the best defence we currently have. It works like this: DPI filters and examines the data part of a packet as it traverses an inspection point and flags items such as odd or inconsistent protocols, viruses, spam, and other malware. There are specific penetration testing tools that can detect evil packets that are hitting SCADA systems.
The other and even better bit of news out there – is us! We are offering SCADA education, training and courses. Our training package is aimed at the following professionals: Automation Security Managers, Industrial Managers and Industrial Directors who work within the following sectors: Water Management, Utilities, Oil & Energy, Public Health, Transportation, Public Security Services, Military, Telecommunication, Food & Beverages and Chemical Plants.
For more information on the course please follow this link.
Prior to the course commencement, and as mentioned above in the third paragraph, we will be also showing a live demo with the following learning objectives:
Firstly you will learn how to implement controls that will prevent your SCADA network from attack (including disabling autorun and deploying GPOs to control access to USB ports)
Secondly, there will be an overview how hackers are using Social Engineering to attack critical infrastructure, and;
Thirdly, how to develop an effective Security Policy that counters the belief that SCADA networks are secure because they are disconnected from the Internet and use of specialized protocols and proprietary interfaces.
We hope you can make it!