[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] SCADA Security In A Post-Stuxnet World



http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240049917/scada-security-in-a-post-stuxnet-world.html

By Kelly Jackson Higgins
Dark Reading
Nov 06, 2012

New data points illustrate just what a turning point Stuxnet truly was in SCADA security: Twenty times more software flaws have been discovered in industrial-control systems (ICS)/SCADA systems since the 2010 discovery of Stuxnet, and the vendor whose PLC system was its ultimate target has patched 92 percent of reported vulnerabilities in its products over the past seven years.

New data from Positive Technologies Security finds that 64 vulnerabilities were discovered and reported in industrial-control system products by the end of 2011, while only nine were reported between 2005 and 2011. And between January and August of this year, some 98 bugs were reported.

The Russian researchers who authored the report based their data on vulnerability database information from ICS-CERT, CVE, Bugtraq, NVD, OSVDB, Mitre Oval Repositories, exploit-db, and Siemens Product CERT, as well as from exploit packs from Metasploit and Immunity, for instance.

"The history of industrial system security is divided into two parts â prior to Stuxnet and afterwards," the authors wrote. "20 times more vulnerabilities have been detected since 2010 comparing with the previous five years."

[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org