Industry News

SCADA Systems Vulnerable Despite Risk Awareness, Finds SANS Survey

SCADA Systems Vulnerable Despite Risk Awareness, Finds SANS Survey

A survey of nearly 700 SCADA control systems revealed that security risk awareness is at an all-time high but protection is still lacking, according to the SANS (SysAdmin, Audit, Network, Security) Institute.

Because SCADA systems are predicted to be highly targeted during 2013 as a result of cyber war, the survey conducted revealed that proper security measures to prevent cyber-attacks are falling behind.

SCADA Systems Vulnerable Despite Risk Awareness, Finds SANS SurveyWith state-sponsored malware opening a new age of cyber warfare, SCADA systems were deemed highly vulnerable and likely targeted in future attacks on key infrastructure systems.

“Control system cyber assets are vulnerable, threats are escalating and the industry is aware of these facts,” says survey paper author Matthew Luallen, a senior SANS analyst and SCADA/process control system expert who teaches on this subject at DePaul University. “Stuxnet can be cited for finally raising risk awareness, but some of this awareness is experiential: In the survey, 33% of respondents know or suspect they’ve been breached.”

Mostly focusing on protecting computers operating SCADA devices, such proprietary control systems have little to no security features built-in. The irony is that SCADA systems run “above” protected computers and lack security features.

“This is the first time I have seen a succinct review of the problems faced by all industries using SCADA technologies,” said Barbara Filkins, a SANS analyst, advisor to the survey and healthcare privacy expert. “I’m voluntary president of our mutual water company and our board is considering installing a SCADA system. I will definitely use some of the findings in this survey to help guide our selection.”

Concluding that SCDA systems still lack proper security systems, analysts believe vendors of such solutions should work with security experts to patch vulnerabilities and improve their security.


About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.