Global Sources
EE Times-India
EE Times-India > EDA/IP

Rising SCADA attacks require urgent control measures

Posted: 28 Sep 2015     Print Version  Bookmark and Share

Keywords:Recorded Future  SCADA  IIoT  Microsoft  ICS 

Recent security reports have revealed that industrial control systems (ICS), such as supervisory control and data acquisition (SCADA) systems, are increasingly at risk of cyberattack. Both the capabilities to attack such systems and the number of attacks recorded are going up and the expanding Industrial Internet of Things (IIoT) will only exacerbate the situation.

The recent report Up and to the Right from threat intelligence company Recorded Future, shows the number of reported security vulnerabilities for ICS systems has grown steadily since 2011 (post STUXNET) and shows no sign of slowing. At the same time, as reported by researchers and industry watchers, the number of "exploits" available for those vulnerabilities has also grown, the report said.

In its annual Threat Report for 2015, Dell Security reported that the number of reported attacks on SCADA systems worldwide had doubled last year, from 163,228 in 2013 to 675,186 in 2014. Nearly a quarter of these exploited buffer overflow vulnerabilities. The actual number may be much higher, however, as many SCADA attacks go unreported, the report added, noting that companies are only required to report data breaches that involve personal or payment information.

Despite the risks, however, industry seems to be slow in responding. "The industry has made improvements," said Recorded Future CEO Christopher Ahlberg, "but it has not been improving. Some vendors are working on it but some still have a lot of work to do. And with this whole wave of IoT things are going to get worse as the attack surface of systems expands."

Rising SCADA attacks

The number of reported exploits has risen sharply since 2011, and 2015 is continuing that trend. (Source: Recorded Future)

Ahlberg acknowledged that with a large installed base of systems the task of beefing up their security is difficult, but he doesn't see that as the main problem. "The industry really hasn't had its "Microsoft security moment," referring to the time Microsoft systems encountered the Code Red worm, prompting the company to initiate a regular programme of issuing security patches to its OS.

One thing that Ahlberg indicates may be contributing to the industry's inertia is a lack of truly damaging attacks. "It's not been like on the banking side or healthcare," Ahlberg said, "we haven't really seen serious attacks on these systems." His concern, however, is that the attacks that are happening are simply a preliminary probing of these systems to identify exploits, steal credentials, quietly insert malware, and the like. "There is a lot of preparation being done," he said, "and there will be a day."

Similar sentiments have come from James R. Clapper, US Director of National Intelligence. Speaking to the US Congress earlier this month, Clapper said "Foreign actors are reconnoitering and developing access to US critical infrastructure systems, which might be quickly exploited for disruption if an adversary's intent became hostile." He pointed out an example of Russian cyber actors developing the means to remotely access the ICS used to manage critical infrastructure, by compromising the product supply chain of several ICS vendors. The cyber actors were able to insert malware designed to facilitate exploitation directly into the vendors' downloadable files so that customers acquired the malware along with legitimate software updates directly from the vendors' websites.

1 • 2 Next Page Last Page

Comment on "Rising SCADA attacks require urgent ..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top