In The Wake Of Stuxnet: The Importance Of Improving SCADA Systems

[eventpdf]

As an increasing number of organisations across the planet implement supervisory control and data acquisition (SCADA) systems in order to improve control, the threat of these being exploited continues to grow.

For many firms, a key challenge is therefore ensuring that change is effectively managed with seamless upgrades and optimising the SCADA system to ensure that threats are countered with advanced security measures.

The need to stay as up-to-date as possible was recently highlighted in China when a security researcher at NSS Labs disclosed a critical vulnerability in a popular SCADA software package used in China.

However, according to the researcher in question, Dillon Beresford, he has also discovered similar holes in other SCADA applications used in the country, and says a lack of transparency within the nation on matters related to computer security may make it difficult to get these vulnerabilities addressed.

He told Threatpost that the frailties discovered in the KingView HMI Human Machine Interface (HMI) software by Beijing-based firm Wellintech was just one of many others he has uncovered while testing Chinese SCADA software in the lab.

Furthermore, he intends to disclose these holes after working with the software makers and China's Computer Emergency Response Team (CERT) to prepare patches for them.

In his initial blog posting after discovering the hole, he said: "By disclosing the vulnerability to WellinTech, CN-CERT and US-CERT I am confident that I have done the right thing. I was only trying to help and assist with the issue affecting KingView.

"I might have prevented a catastrophic event from taking place. As an example, one need not look too far into the past to reflect on what happened with Stuxnet, which was essentially a bundle of zero-day exploits inside a worm."

Some of the key issues facing many firms is standardising security for SCADA systems and protocols, establishing secure SCADA systems in an integrated environment and implementing methods to counter security risks.

This is clearly something which needs to be addressed as soon as possible, as far as Mr Beresford is concerned.

He told Threatpost that he has been analysing Chinese SCADA software in his free time and described the KingView hole as a "heap overflow vulnerability" which exists in a software module that listens for and processes incoming log events from the HMI software, and is also used to create visual representations of data flows between different machine components.

According to the expert, the heap overflow vulnerability exists in versions of the KingSoft software running on most supported versions of Microsoft Windows and would enable a remote attacker to take full control of a vulnerable system running the software.

He was keen to stress that issues such as these can affect almost any organisation, particularly as many industry leaders are currently focusing on how they can build risk management processes into system changes and security policies and develop new security protocols and best practices to secure smart grids and SCADA systems from external attacks.

Mr Beresford said he hopes that releasing data on the vulnerability prompts some action on the part of China CERT and Wellintech.

On a broader scale, it may encourage organisations across the planet to consider how they can boost the security of their SCADA systems and have strategic planning processes in place before implementing changes to these systems.

For these organisations, avoiding the kind of holes found in the KingView HMI will be top of the agenda as they seek to avoid unnecessary expenditure and maximise control.