'Project SHINE' Illuminates Sad State
Of SCADA/ICS Security On The Net
Kelly Jackson Higgins
Oct. 16, 2013
Project SHINE is a global
Internet-scanning project that searches for SCADA/ICS devices and
systems. Over a million devices have been found. Another 2,000 to
8,000 devices are being found on the public Internet each day. SCADA
stands for supervisory control and data acquisition. ICS stands for
industrial control systems. These devices cover a wide ranger of
consumer electronics, routers, and industrial systems. Researchers on
this project estimate that a quarter to a third of these devices are
open to malware attacks or other types of attacks such as cross-site
scripting or buffer overflows. One commonly used protocol on these
systems, Universal Plug and Play (UpnP), is known to be vulnerable.
Some of the device have administrator passwords set to default.
Others have known backdoors left by the device's manufactures. The
state of security for SCADA/ICS devices was said to be alarming. Of
greatest concern is the security of industrial and infrastructure
controllers.
No comments:
Post a Comment