Traditionally, critical process management in national infrastructure, such as oil and gas facilities, chemical plants, utilities, power generation etc, was carried out manually. Now, in many cases, such processes are managed automatically by SCADA – IT-based supervisory control and data acquisition systems.
At a recent summit on the vulnerability of IT systems to cyberattack, Mary Ann Davidson, chief security officer at Oracle, warned of the dangers of linking SCADA systems for monitoring and controlling critical infrastructure with the Internet.
"We know the SCADA protocols used in control systems were not designed to be attack resistant. They were originally used in electro-mechanical systems where you had to physically access the system, turn the knob, and so on," she said. "Now we are increasingly moving to the IP-based control systems and connecting them to corporate networks that are in turn connected to the Internet.
"We know some smart grid devices are hackable," she said. "We know there are PDAs, digital assistants, that talk SCADA because it's just so expensive to send a technician to the plant. Dare I say move the control rods in and out of the reactor? There's an app for that."
For background documents on SCADA security, contact David.
For more on this story, click on:
http://news.cnet.com/8301-27080_3-10458759-245.html