10K Reasons to Worry About Critical Infrastructure
01/24/12 | Wired.com
Using the SHODAN search engine, a computer science doctoral student has identified over 10,000 industrial control systems with unsecured Internet connections. This article discusses the myth of "air gapped" systems and why vendors and operators should be concerned:
|
EXCERPT “Vendors say they don’t need to do security testing because the systems are never connected to the internet; it’s a very dangerous claim,” Leverett said last week at the S4 conference, which focuses on the security of Supervisory Control and Data Acquisition systems (SCADA) that are used for everything from controlling critical functions at power plants and water treatment facilities to operating the assembly lines at food processing and automobile assembly plants. “Vendors expect systems to be on segregated networks — they comfort themselves with this. They say in their documentation to not put it on an open network. On the other side, asset owners swear that they are not connected,” Leverett said. But how do they know? |