SCADA systems ICS-CERT alert issued...
November 2, 2010 - "ICS-CERT, the emergency response team for industrial control systems, has warned companies that run SCADA (Supervisory Control and Data Acquisition) software that the systems running it may be easily discovered using a free Web based search engine dubbed Shodan. The warning came in the form of an ICS-CERT Alert*, published on October 28. The group, which is part of US-CERT, warns that "multiple independent security researchers" have reported using SHODAN to discover Internet facing SCADA systems in "several critical infrastructure sectors". The systems discovered range from systems used for remote access and monitoring, but also include systems with the ability to directly manage configuration of SCADA systems... Control system operators were advised to conduct an audit their existing systems, including those not directly connected to the Internet, to make sure that no weak or default passwords are being used. In addition, operators are advised to place any control systems behind firewalls and to isolate them from business networks. Virtual Private Networks (VPN) should be used for remote access to such systems and strong passwords and access management strategies should be employed..."
Edited by AplusWebMaster, 02 November 2010 - 02:51 PM.