Find an article
Connect with us

Register For Latest Posts and Risk Lounge Weekly

Sharing Information to Mitigate Risk Exposures
Sunday 12 April 2015
Author: Russell Group

SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, and water and waste control.  SCADA systems include hardware and software components. The hardware gathers and feeds data into a computer that has SCADA software installed. The computer then processes this data and presents it in a timely manner. SCADA also records and logs all events into a file stored on a hard disk or sends them to a printer. SCADA warns when conditions become hazardous by sounding alarms.

SCADA software, however, has come under increasing scrutiny by security researchers who have exposed many flaws in it. It can very difficult to update the core code in many SCADA systems to close loopholes that attackers had slipped through and it does appear that the numbers of attacks on Scada and other control systems is escalating. Malware is being written to get at particular vulnerable elements in the infrastructure run by many utilities and manufacturers. Some attackers may just be curious but others are thought to be carrying out reconnaissance in service of some future event.

It is becoming increasingly clear that to get around this problem, individuals, businesses, entire industries even (including insurance), need to get better at sharing information to mitigate their risk exposures. US power companies, for example, have begun sharing information about attacks so everyone knows about the threats to them but the basic infrastructure remains very hackable. Search engines, meanwhile, are revealing public interfaces to huge numbers of domestic, business and industrial systems.