Critical infrastructure encompasses a vast array of industries and their associated platforms for control and monitoring of such critical functions as the delivery of water and electricity, operation of mass transit systems, and automation of our factories. While the devices differ, many are managed by supervisory control and data acquisition (SCADA) systems that define how transformers, braking systems, and assembly line machinery operate, as well as monitor their performance in real time. Over the last few years, SCADA security issues have begun to attract attention, such as the Taum Sauk incident I noted in an earlier post.
Ganesh Devarajan, a Security Researcher with TippingPoint Technologies, builds on this theme in his session entitled “Cracking Down on SCADA Security.” He notes that “[t]he research discussed in this session will expose some of the basic architecture flaws in these networks, how they can be infiltrated and illustrate various application vulnerabilities, and how they can be abused if in the wrong hands.” While much has been written, it’s clear that we’ve only scratched the surface as disruptive technologies, like service-oriented architectures and cloud computing, begin to displace traditional SCADA applications and connectivity to the enterprise becomes more ubiquitous. This should be an interesting session.