New Delhi, 24 January, 2012: Trend Micro, Inc. (TYO: 4704; TSE: 4704) a global cloud security leader and long-time innovator in mobile security, today announced that last week, the software used in SCADA environments came under renewed scrutiny, as attack code exploiting dozens of serious vulnerabilities in widely used programs, was published.
Programs sold by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems were apparently affected. In some cases, the flaws may be used to remotely execute code when the so-called supervisory control and data acquisition software is installed on machines connected to the internet. Two separate organizations released the code. The published information includes proof-of-concept exploit code for at least 34 vulnerabilities in widely used SCADA programs.
Programs sold by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems were apparently affected. In some cases, the flaws may be used to remotely execute code when the so-called supervisory control and data acquisition software is installed on machines connected to the internet. Two separate organizations released the code. The published information includes proof-of-concept exploit code for at least 34 vulnerabilities in widely used SCADA programs.
SCADA actually refers to any control system, so covers everything from Nuclear Power Plants, to the machine that sews a logo into a pair of trainers! If breached, it may pose a threat to national security, or perhaps just affect a manufacturing line. Protection for SCADA Networks needs to reflect the actual setting in which it is used.
SCADA networks span a set of industries which have traditionally enjoyed relative segmentation because process control software was closed & proprietary, and not connected to the global Internet.
In recent times, this situation has changed. These industries (e.g. manufacturing, oil & gas, water processing, etc.) are now using off-the-shelf software platforms (e.g. MS Windows) and management platforms designed & created by specific vendors (e.g. Siemens, Johnson Controls, etc.).
In recent times, this situation has changed. These industries (e.g. manufacturing, oil & gas, water processing, etc.) are now using off-the-shelf software platforms (e.g. MS Windows) and management platforms designed & created by specific vendors (e.g. Siemens, Johnson Controls, etc.).
Additionally, new hardware designed for these environments often now includes ports such as Ethernet and in some cases the devices are even wireless equipped. This is ideal for business optimization strategies, and large installations. However, serious consideration needs to be given before activating or enabling such accessibility in critical environments.
It’s worth remembering that attackers most often target common platforms. It’s essential to protect the platform but in SCADA environments it is often difficult or impossible to patch them - as they may be legacy programs (eg. Windows 2000) or no patch is available anymore.
Policy and Process Advice to Help Secure SCADA Environments:
Build an Air-Gap between the networks – Deep consideration should be given as to the absolute necessity of connecting Critical Infrastructure to other networks or the Internet. The safest way to ensure critical infrastructure is secure is to ensure there is a physical gap between the networks.
Ensure best practice security is followed – Such as disabling USB and other access, and ensuring proper physical security mechanisms is a must.
Treat every SCADA environment as unique – SCADA spans multiple industries – some relate to critical infrastructure, others to manufacturing. Recognition of this individual environment is essential when planning and implementing security for the network.
Solution and Technology Recommendations from Trend Micro:
More often than not, owing to the way in which SCADA networks are implemented and used, traditional security measures, such as antivirus, cannot be implemented on a device or to a system. Trend Micro’s technology offers multiple other choices, a few of which are covered below.
Deep Security supports a wide array of operating systems along with its extremely compact memory requirements allow it to protect and shield specialized SCADA systems that cannot support conventional endpoint security.
· Deep Packet Inspection - Examines all incoming and outgoing traffic for protocol deviations, policy violations, or content that signals an attack.
· Intrusion Detection and Prevention - Protects against known and zero-day attacks by shielding known vulnerabilities from unlimited exploits
Automatically shields newly discovered vulnerabilities within hours, pushing protection to thousands of servers in minutes without a system reboot
Threat Management Services provides network traffic inspection that can detect malware infiltration of any device of system. If malware activity emanating from a SCADA system is detected, Threat Management Services alerts the security staff to take appropriate action.
About Trend Micro
Trend Micro Incorporated (TYO: 4704; TSE: 4704) a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.
Additional information about Trend Micro Incorporated and the products and services are available at Trend Micro.com This Trend Micro news release and other announcements are available at http://trendmicro.mediaroom.
No comments:
Post a Comment