[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] SCADA Security In A Post-Stuxnet World
By Kelly Jackson Higgins
Nov 06, 2012
New data points illustrate just what a turning point Stuxnet truly was
in SCADA security: Twenty times more software flaws have been discovered
in industrial-control systems (ICS)/SCADA systems since the 2010
discovery of Stuxnet, and the vendor whose PLC system was its ultimate
target has patched 92 percent of reported vulnerabilities in its
products over the past seven years.
New data from Positive Technologies Security finds that 64
vulnerabilities were discovered and reported in industrial-control
system products by the end of 2011, while only nine were reported
between 2005 and 2011. And between January and August of this year, some
98 bugs were reported.
The Russian researchers who authored the report based their data on
vulnerability database information from ICS-CERT, CVE, Bugtraq, NVD,
OSVDB, Mitre Oval Repositories, exploit-db, and Siemens Product CERT, as
well as from exploit packs from Metasploit and Immunity, for instance.
"The history of industrial system security is divided into two parts â
prior to Stuxnet and afterwards," the authors wrote. "20 times more
vulnerabilities have been detected since 2010 comparing with the
previous five years."
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!