Friday News and Notes
- Telvent issued a press release this week including “announced today the successful completion of the first phase of a research and security assessment, guaranteeing the security of the OASyS DNA 7.5 SCADA.” So you now have a guarantee. I’m sure the marketing guys are to blame because the technical security talent at Telvent is top notch. Also, we have the longstanding complaint vulnerabilities in these assessments are only provided to the vendor and not US-CERT even though the INL’s capabilities and reputation in this area are largely based on USG funding and support. INL could have identified massive numbers of simple buffer overflow exploits that the vendor has sole discretion on whether to fix or disclose.
- Cooper Industries bids to acquire MTL Instruments. How is this a SCADA security story? MTL is Byres Security manufacturing, distribution and sales partner for the Tofino Field Security Device. Odds are Tofino is a tiny blip, if even that, in this large acquisition. Another example of how hard it is for a small company to bring a product to market.
- Be afraid, be very afraid. Paul Reszka of WAGO touts “the ability to access your control system to handle such tasks as monitoring via a website to determine the condition of a machine or check other statistics. With the latest PLC technology, almost anything that can be accomplished next to the machine can be accomplished wherever there is an Internet connection.” He goes on in the SA Instrumentation and Control site to recommend securing the access by selecting a “controller that utilises an embedded operating system not popularly used by the consumer public. This helps keep the PLC from being vulnerable to attackers using known exploits to the operating system because the knowledge base is much smaller. ‘Security through obscurity’ is the phrase coined by this type of security measure.”
Author: Dale Peterson
Posted: December 21st, 2007 under Uncategorized.
Comments: 2
Comments
Comment from CallBEFOREYouDig
Time: December 21, 2007, 11:31 pm
It is especially strange for Telvent’s marketing department to be making this claim, given that the company is in the custom SCADA solutions business. I don’t think there is any harm in SCADA vendors getting a credible outside assessment of the security of their products, even if it becomes an obligatory part of the sales pitch for the next several years. However, I think it would make a lot more sense for the DOE to assess how well the vendors’ processes accommodate security, throughout the entire solution lifecycle. Actually, to start, the most useful assessment might be of the security training that SCADA vendors are giving to their developers.
Comment from stephan beirer
Time: December 22, 2007, 6:56 am
WAGO? Ouch..
—————————————————–
Dear WAGO engineers,
we have a sweet little WAGO 75x PLC we use in awareness presentations to show our clients the typical problems
of unprotected industrial communication. It took less than 30
minutes to sniff and ‘reverse engineer’ your proprietary IO PRO
debug protocol and send commands like Start/Stop PLC, reset, force variable. Furthermore, your PLC crashes when arbitrary
data is sent to the IO PRO port…
so much for your “security by obscurity” approach and the quality of your “embedded operating system not popularly used by the consumer public”..
———————————————————————-
season greetings to Dale and all blog readers from the southern
Black Forrest, still waiting for white christmas down here..
stephan
Write a comment