Wednesday, April 15, 2015

SCADA Attacks are Up - Maybe We Need an ICS-OWASP?

In its annual security analysis -- 2015 Dell Security Annual Threat Report -- Dell observed that attacks have doubled on SCADA systems since January 2012.

Dell's report noted the following:

  • SCADA attacks increased from 91,676 in January 2012, to 163,228 in January 2013, to 675,186 in January 2014.
  • The majority of the attacks targeted Finland, the UK and the US.  And, according to Dell, these countries were targeted because SCADA systems are more common in these regions and more likely to be connected to the Internet.

An interesting graphic in the Dell Report also shows key SCADA attack methods -- useful info for a defender to be aware of...

Dell continued to comment that "SCADA attacks tend to be political in nature, since they target operational capabilities within power plants, factories, and refineries, rather than credit card information."  They are right...SCADA is NOT where the $$ is but you can certainly do some harm under the right circumstances.

Now the Dell report drew my attention today; however, back on March 11 the ICS-CERT published its ICS-CERT MONITOR for the time period September 2014 to February 2015.  In the report's cover graphic (below) there was a major increase with the number incidents reported by the Critical Manufacturing Sector.  And, don't forget, Critical Manufacturing also uses SCADA for its larger plant control systems.

And, of course, the Energy Sector is a major user of SCADA controls due to the large geographic footprints they operate across.


So the take away from these two reports is that attacks on SCADA systems are on the increase and when you look at the Dell graphic on attack methods, the miscreants are taking advantage of software issues we've seen for years with Web applications, etc.  Perhaps we need an OWASP initiative but for Industrial Control Systems/Software?  It does appear that the vendors need a lot of assistance in making their ICS software more secure.