Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    As readers of this blog may recall, I’ve written about SCADA issues in the past, but one issue that I’ve consistently tried to emphasize is that critical control systems should never, ever interact nor interconnect with Internet systems in any way, shape, or form.

    There’s a good reason for this, and it’s always been referred to as the “Air Gap” Principle.

    But as I also noted previously, companies make business decisions that favor cost savings over systems security on a regular basis.

    Recent news reports from Australia indicate that Energy Australia will be deploying “smart” metering device which use WiFi communications to collect consumer energy consumption statistics.

    Now, this is not to single out this particular company, but the opportunity presents itself for commentary. There are energy companies in the United States and elsewhere which are making similar business decisions regarding their service infrastructure, and it is somewhat troubling.

    According to an article in itWorldCanada, “…The system will transmit power usage and maintenance data from two million digital smart meters across the states of New South Wales and Queensland to a central database over a Wi-Fi and fiber-optic network.”

    Notwithstanding the business issues involved, or second-guessing Energy Australia’s assessment of the cost-benefit analysis of this decision, it nonetheless raise some serious security questions with regards to the possibility of denial-of-service attacks, or complete compromise of an associated system (it does happen, and has been documented on several occasions) .

    The “Air Gap” principle exists for a reason — real security segmentation. Without proper segmentation, you basically begin to add risk — the security posture of unauthorized access or other cyber shenanigans – enormously. I cannot stress this issue enough.

    When you cut corners in the name of cost savings, you will inevitably be victimized by the fickle finger of fate, as the saying goes.

    I’m a little unnerved to realize that the systems which deliver my electricity, gas, water, and other basic services are making some very risky decisions when it comes to their infrastructure.

    You should probably be worried too. Maybe a little bit. Maybe a lot.

    “Fergie”, a.k.a. Paul Ferguson
    Internet Security Intelligence
    Advanced Threats Research

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice