Growing worry about a significant cyber-breach of the supervisory control systems ubiquitous in processing plants is reflected in results of a survey conducted at just-held Black Hat Europe 2012, in Amsterdam, Netherlands. A full 75% of respondents said “yes” when asked, “Will we have a significant SCADA Breach in 2012?”
"There are few reporting requirements for SCADA breaches, so we may not be informed if one actually happens,” Patrick Miller, CEO of EnergySec, says. “Frankly, given the state of many legacy industrial control system security products, I''m surprised we haven''t seen a significant disruption yet.”
The survey was conducted at the behest of nCircle.
These results vary from the sentiment of security professionals attending the RSA Conference in San Francisco last month. In response to the same question, 48% of respondents said “yes” and 52% said “no.”
“European IT security pros seem to have a darker view of critical infrastructure security,” Elizabeth Ireland, a vice president with nCircle, says. “They may feel SCADA threats are more imminent because Duqu, a computer virus thought to be related to Stuxnet, is believed to be targeting European companies. It may also be a result of the slow response from SCADA vendors to recent public exploit disclosures.”
nCircle is a provider of information risk and security performance management solutions. EnergySec is principal investigator for NESCO, a Department of Energy-funded public-private partnership that works to enhance cyber security of the electric infrastructure.