A study of industrial cyber security suggests that supervisory control and data acquisition (SCADA) systems might be even less safe from high-tech intrusions than previously thought. Utility companies, manufacturers and firms in other industries use SCADA systems to monitor and control disparate equipment from a central location.
Last fall the Burnaby-based British Columbia Institute of Technology (BCIT) presented the report on SCADA security at the VDE Congress, a gathering of electrical, electronic and IT professionals in Berlin.
The BCIT’s report, dubbed “The Myths and Facts behind Cyber Security Risks for Industrial Control Systems”, describes a substantial increase in computer-based attacks on critical industrial IT infrastructure since 2000.
The move to open standards such as Ethernet, TCP/IP and Web technologies are letting hackers take advantage of the control industry’s ignorance.BCIT reportTextWhereas the BCIT recorded one to three industrial high-tech security incidents each year between 1995 and 2000, thereafter the number of reports climbed: four in 2001, six in 2002, and 10 in 2003.
The threats increased in part because companies rely more and more on standard networking protocols in SCADA environments, according to the report. SCADA systems used to employ less open, more vendor-specific technologies that were hard for digital intruders to crack. These days SCADA infrastructure includes common technology – networking protocols that hackers have learned to control.
“The move to open standards such as Ethernet, TCP/IP and Web technologies are letting hackers tack advantage of the control industry’s ignorance,” reads the BCIT’s report.
Want to forward this article? Send your friends and colleagues QuickLink 053458: recipients simply enter this number in the QuickLink box at the top of the page on the site to access the article directly. New visitors to the site will be asked to register – a simple, free, one time process.
