Case Study 2 Scada Worm

1348 Words6 Pages
Case Study 2: SCADA Worm Protecting the nation’s critical infrastructure is a major security challenge within the U.S. Likewise, the responsibility for protecting the nation’s critical infrastructure encompasses all sectors of government, including private sector cooperation. Mitigating the vulnerabilities between the private sector and government agencies comes with an effective IT Security Policy Framework which properly implemented can protect us from these attacks. The vulnerabilities, which vary among the products examined, include backdoors, lack of authentication and encryption, and weak password storage that would allow attackers to gain access to the systems (Zetter, 2011). The security weaknesses also make it possible to send malicious commands to the devices in order to crash or halt them, and to interfere with specific critical processes controlled by them, such as the opening and closing of valves. Thought to mainly spread by USB stick, or possibly by network shares, it cannot be defeated by simply turning off Windows autorun; simply viewing an infected file system will install the malware. A security specialist at Tofino believes that this zero-day attack, which affects all versions of Windows, may have been in the wild for a month or more. Preliminary assessments indicate that the malware does not appear designed to cripple infrastructure, but rather to steal information from SIMATIC WinCC / PCS7 implementations -- i.e., some form of industrial espionage. Of course that espionage could later be used to wreak havoc on these same or similarly configured systems (Underwood, 2010). SCADA, or Supervisory Control and Data Acquisition, systems are used in automated factories and in critical infrastructures. They came under increased scrutiny last year after the Stuxnet worm infected more than 100,000

More about Case Study 2 Scada Worm

Open Document