A Supervisory Control And Data Acquisition

1491 Words6 Pages
SCADA/ Stuxnet Worm A Supervisory Control and Data Acquisition (SCADA) system consists of both hardware and software that collects critical information to keep a facility operating (Johnson & Merkow, 2011, p. 227). SCADA system vulnerabilities include the lack of monitoring, slow updates, lack of knowledge about devices, not understanding traffic, and authentication holes (Adams, 2015). When an organization doesn’t monitor the network, it makes it impossible to notice suspicious activity. System updates are a very important part of protecting against vulnerabilities, even though it may be seen as an inconvenience. The lack of knowledge about the devices is somewhat due to the fact that the SCADA systems change over time. Therefore,…show more content…
This put other organizations that used equipment from the same SCADA system supplier in jeopardy. It also raised awareness of possible collateral damage (Chung, 2013). The Stuxnet worm infected a significant amount of computers. Additionally, it changed part of the security infrastructure of the United States. Stuxnet didn’t prove that cyber-attacks are low-risk operations. “Rather, it suggests that the effects, and thus the risks, of cyber-attacks are unpredictable (Manzo, 2013)”. There are vulnerable computer networks and systems that support U.S. economic activities, military capabilities, and societal services such as critical infrastructure (Manzo, 2013). U.S. officials came to the conclusion that the effects and risks of the Stuxnet operation were proportionate to the payoffs, other countries might reach similar conclusions about cyber-attacks against the United States (Manzo, 2013). “Improving cyber defenses, attribution capabilities, and developing credible retaliatory options will play an important role in deterring and mitigating direct cyber-attacks, but cascading viruses launched at other countries could eventually penetrate and damage U.S. networks (Manzo, 2013)”. ICS-CERT released ICSA-10-201-01 - Malware Targeting Siemens Control Software (including Updates B & C) and ICSA-10-238-01 - Stuxnet
Open Document