The recent attacks against SCADA systems should be a wake-up call to the managers of in-house process controls.
According to Dominic Storey, EMEA technical director at Sourcefire, process control security should come under IT's remit. “One technology doesn't grasp how many control nodes are now in the business, you only need to look at a major organisation to see how malware gets in,” he said.
He said: “The thermal stress caused the damage [to the water pump in the first attack]; this is something we talk about when customers deploy intrusion prevention systems (IPS). It cannot determine an advanced persistent threat (APT) as, once it is in, it is largely useless, so that is where intrusion detection systems (IDS) helps through anomaly detection analysis.”
Storey predicted a "perfect storm" as there is no best practice for connecting network security layers for SCADA-based systems. “There is no way of looking for connected sensors or what came from a sensor,” he said.
“Also, think of SCADA as a hardware system, nine times out of ten it is an old Windows system, so often there are vulnerabilities. Technology needs to be proactive and able to take action.”
Asked what administrators can do to protect themselves against attacks to SCADA systems, Storey said they should allow an IDS to define a way to write rules; he also claimed that ‘Snort' is perfect for this.
He said: “Focus on protecting, know what the devices are and have a back-up plan if you cannot detect something with a rule. Put together you have a pragmatic solution. A lot of people think of SCADA as power and water, but think about a manufacturer like Heinz, Guinness or DHL; if their system breaks down or is compromised, it is a huge issue.”
Storey said the best way to think of SCADA was as the "third network" after the data centre and office automation. He said: “This is not the end of the line for this, we will see more power outage, but it will take a large brand to be hit for it to be taken seriously.”