Thursday, April 03, 2008

When VoIP Vulnerabilities and SCADA Security Worlds Collide

Brian Krebs writes on Security Fix:

But lest anyone think VoIP vulnerabilities are nothing to be concerned about, consider the rather shocking tidbit shared last month at the Black Hat hacker conference in Washington, D.C. by Jerry Dixon, former head of the Department of Homeland Security's National Cyber Security Division. Dixon warned that VoIP vulnerabilities are opening dangerous new avenues of exposure for the companies that own and operate our nation's most critical networks, such as those that support the electric power, water and manufacturing systems.

To lower costs and increase efficiency, most utilities these days use the Internet to keep tabs on and manage their far-flung substations and networks. These control networks, known as supervisory control and data acquisition (SCADA) networks, naturally expose these very sensitive and complex systems to extreme risk of degradation or destruction if they are not properly secured. One important aspect of securing SCADA systems involves separating them the administrative networks that utility employees use for everyday work, such as e-mail and browsing the Web.

Dixon said that while a great many SCADA operators he has spoken with claim they carefully segregate their SCADA and administrative networks, far too many have gone ahead and set up their VoIP systems on the same network that manages their SCADA systems.

More here.

0 Comments:

Post a Comment

<< Home