Boosting SCADA Security In The Digital Age


Any organisation utilising supervisory control and data acquisition (SCADA) systems will be aware that maintaining the security of it is essential if the company is to avoid external threats.

Last year, Stuxnet infected Windows systems across the planet in its search for industrial control systems, then proceeded to exploit holes in many SCADA systems, putting oil and gas companies at severe risk of disruption.

However, although the Stuxnet caused major disruption to IT security in 2010, a second wave of attacks is unlikely to take place, according to Symantec.

During a recent press briefing to launch the company's Insight Reputation System, Kevin Hogan, Symantec's senior director for security response, said the Stuxnet target is very specific, so its availability on the internet does not necessarily mean malicious hackers will use the worm to launch new attacks on SCADA systems.

ZD Net reported him as saying: "Unless you have information on the installation you want to target, you can't do it. The Windows code, which the Stuxnet worm was written from, has already been developed into another threat - like the rootkit for example - but it does not mean another facility is at stake."

Nevertheless, companies will still be aware that a small threat is still a threat, and so should aim to establish a secure environment.

When quizzed on whether the threat has evolved, Mr Hogan said the Stuxnet attacks have "opened the lid" on industrial control systems and become an additional area of security that researchers like him will need to look at.

According to the specialist, experts realised that the SCADA system, which was the original target in Stuxnet attacks, has a series of problems too similar to the Windows systems people use on a daily basis.

As they are not infallible, it is likely to lead to organisations tightening security around these systems.

This may include standardising security for SCADA systems and protocols, establishing secure SCADA systems in an integrated environment and implementing methods to counter security risks.

The expert added that the worm was not as esoteric as it first seemed and that most of the operations had moved to Windows.

"It's an eye-opener for me and my team to discover that Stuxnet worm actually isn't as different as we thought it was," he added.

Mr Hogan explained that the malware exploits a vulnerability in the way Microsoft's Windows Shell handles shortcut files and, if tapped, it can allow the attacker to gain complete control of a system.

The virus was initially written to steal data from critical infrastructure companies by specifically targeting SCADA systems running Siemens' WinCC software, he noted.

Although the expert said he does not believe an instance of Stuxnet 2.0 will surface, he added that the industry should still be wary of new malware that may leverage the design of the original worm.

He acknowledged that Stuxnet attacks have the ability to cause "significant chaos", as indicated in global media reports, but Mr Hogan said a "centre-view" approach should be adopted to address the issue.

"In the next year or two, we will probably see proof of concepts of Stuxnet-like threats. The SCADA industry is also aware of this development and will approach things differently. Stuxnet is an easy scaremongering subject, but bear in mind that it was designed for a single purpose, a single installation," Mr Hogan explained.

It is clear that, although the threat of the Stuxnet virus appears to have passed, the possibility of another system-compromising piece of malware being created is still high.

In the meantime, global organisations, particularly those utilising SCADA, will need to ensure they are prepared for such an occurrence by taking the correct precautionary steps.