Why SCADA Security Matters–And What You Should Know About It

My article this month for eSecurityPlanet addresses the oft overlooked and misunderstood issue of securing SCADA systems. Many thanks to Jonathan Pollet of Red Tiger Security for providing feedback and quotes for the article.

SCADA (supervisory control and data acquisition) systems run critical infrastructure and manufacturing processes. SCADA is what the local power company uses to manage usage on the grid and ensure customers have energy during times of high use. It’s also what manufacturing plants use to manage the shop floor to make sure production can continue without interruption. If you’re like most network and application security professionals, you’ve never worked with a SCADA system. SCADA knowledge is specialized and often not covered in traditional security training and certifications like the CISSP. Only one major certification, the Critical Infrastructure Institute PCIP (professional in critical infrastructure protection), really covers SCADA training.
Jonathan Pollet, founder of Red Tiger Security, a consulting and testing company that specializes in SCADA and critical infrastructure, notes: “SCADA Engineers and System Integrators know how to design, commission, and maintain real-time control systems, but typically do not have the right skill sets and training to embed security into those systems. They typically do not understand how to properly harden the servers, operator workstations, and network infrastructure, and in most cases, these systems are commissioned with default passwords and administrator accounts with no passwords.”

To read the rest of the article, please click here.