Shodan, “the scariest
search engine on the Internet,” was back in the news this month with the
launch of Shodan Maps. For those unfamiliar, Shodan tracks devices that are
connected to the Internet, including SCADA and industrial control systems (ICS).
Now, instead of just identifying these systems, searchers can see where they’re
located. This is troubling, as it gives our adversaries physical directions to what
appear to be poorly defended critical infrastructure systems.
Fortunately, Shodan isn’t designed for your average Googler.
Those who are capable of carrying out a large-scale cyberattack against
critical infrastructure sites, though, will have the technological knowhow to
navigate the search engine. Researchers with Project
SHINE have identified more than 1 million IP addresses globally that are
potentially associated with SCADA and ICS devices. However, at the recent
Public Safety Canada ICS Security Workshop, it was reported that the DHS
investigated the 500,000 American IP addresses SHINE reported, and found that
only a little more than 7,000 were real control system equipment. While this is
a small percentage of the original number, it is still a disturbing amount of
equipment.
The issue remains: in a constantly connected universe, any
system that is connected directly or indirectly to the Internet is vulnerable
to attack. Large scale control systems recognize this and are buried behind
layers of firewalls, but firewalls aren’t enough to defend against modern day
cyberthreats. Firewall vulnerabilities are well known to anyone with a modest
security background, and control systems connected to the Internet is a problem
made worse by exposing them via search engine.
The best-defended control systems, such as those at every
American nuclear plant and an even larger number of conventional power plants, have
installed Unidirectional Security Gateways, a stronger-than-firewall technology
that thoroughly protects control systems from Internet attacks, however
indirect they are. That someone with average skills can locate Internet-exposed
control systems should inspire any utility manager to improve defenses.
See how unidirectional security gateways can deliver true
security.
Follow us on Twitter @WaterfallSecure.
Like us on Facebook.
Follow us on LinkedIn.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.