SCADA security is a critical problem. Consider how many of these legacy systems, operating on insecure protocols and firmware, on hardware that hasn't been available for purchase for decades, and running software for which security patches no longer exist, are running the critical infrastructure of our country.
- transmission of oil and gas through pipelines
- water and sewage systems of major cities
- security and safety systems installed within sporting facilities
- our electricity grids
- more and more...
Sure, it's going to cost billions of dollars to upgrade and replace all of this legacy equipment and reengineer the design of critical control systems. But, consider the costs to the country's major social and political systems should we lose control of one of these critical pieces of our existence? I look at what a simple, yet massive, flood did to the city of Calgary in 2013 - people panicked for 4 hours on the second morning and the city ran out of bottled water and bags of ice. This is a minor inconvenience compared to the loss of our utilities that keep us safe, warm, and fed. A destructive, targeted piece of malware is capable of taking out our electrical grid for days, and don't be naive to think that attackers are not building these viruses now because they know how vulnerable our critical infrastructure is at the moment.
I am a SCADA realist - I know how important it is to upgrade and replace as many systems as possible over the next few years. However, the apologists will continue to tell us how costly and difficult it will be to do all this work. They will continue to push for compensating controls - physical security, segregated networks behind a firewall, anti-virus. What's stopping a vendor - those most at fault to keeping these horribly insecure systems running today - from introducing malware via USB or FTP, unknowingly, during routine maintenance?
It's time to face the reality - our SCADA infrastructure needs to be upgraded now. We need to re-prioritize our budgets and start focusing on planning out the major projects required to ensure we keep our Canadian control systems and our population safe from an unnecessary outage of some of our most vitally relied upon systems.
No comments:
Post a Comment