SCADA Security In A Post-Stuxnet World

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240049917/scada-security-in-a-post-stuxnet-world.html

By Kelly Jackson Higgins
Dark Reading
Nov 06, 2012

New data points illustrate just what a turning point Stuxnet truly was 
in SCADA security: Twenty times more software flaws have been discovered 
in industrial-control systems (ICS)/SCADA systems since the 2010 
discovery of Stuxnet, and the vendor whose PLC system was its ultimate 
target has patched 92 percent of reported vulnerabilities in its 
products over the past seven years.

New data from Positive Technologies Security finds that 64 
vulnerabilities were discovered and reported in industrial-control 
system products by the end of 2011, while only nine were reported 
between 2005 and 2011. And between January and August of this year, some 
98 bugs were reported.

The Russian researchers who authored the report based their data on 
vulnerability database information from ICS-CERT, CVE, Bugtraq, NVD, 
OSVDB, Mitre Oval Repositories, exploit-db, and Siemens Product CERT, as 
well as from exploit packs from Metasploit and Immunity, for instance.

"The history of industrial system security is divided into two parts — 
prior to Stuxnet and afterwards," the authors wrote. "20 times more 
vulnerabilities have been detected since 2010 comparing with the 
previous five years."

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org