People First, Performance Now
Ministry of Science, Technology and Innovation
Top 5 SCADA Security Vulnerabilities Muhammad Reza Shariff
14 November 2013
People First, Performance Now
Ministry of Science, Technology and Innovation
Our Experience 2013
2
Control System Security
Assessment
Oil & Gas Water Works
Airport Shipping Port
People First, Performance Now
Ministry of Science, Technology and Innovation
SCADA Security Policy Issues
4
Applying Corporate IT Policy
Lack of Enforcement
No or Incomplete SCADA Security Policy
People First, Performance Now
Ministry of Science, Technology and Innovation
5
4 Copyright © 2013 CyberS
People First, Performance Now
Ministry of Science, Technology and Innovation
Password Issues
6
No Access Control List
Default Password
All for One
People First, Performance Now
Ministry of Science, Technology and Innovation
PLC Web Enabled - Password
7
People First, Performance Now
Ministry of Science, Technology and Innovation
Annuaire.XML for Topkapi
8
People First, Performance Now
Ministry of Science, Technology and Innovation
Hardcoded Password in the Registry
9
People First, Performance Now
Ministry of Science, Technology and Innovation
Network Architecture and Design
11
Web Enabled RTU and PLC
Active Ports Available
No Segregation of Network
People First, Performance Now
Ministry of Science, Technology and Innovation
Antivirus Issues
14
Fear of System Disruption
Missing AV or Updates
False Sense of Security – Closed Network
People First, Performance Now
Ministry of Science, Technology and Innovation
Operating System & Applications
17
No Hardening
Obsolete OS, Missing Patches & Services Packs
Vulnerable to Malware, DOS, Hacking, & etc