back to article Finland a haven for vulnerable SCADA systems

Security researchers in Finland have turned up thousands of unsecured Internet-facing SCADA systems in that country, using the Shodan search engine. The researchers, from Aalto University, ran their test in January, and found 2,915 exposed systems running functions from building automation to transport and water supply. Those …

COMMENTS

This topic is closed for new posts.
Silver badge
IT Angle

The problem with Finns

is that they are rather honest and expect other people to be honest too. Not such a good idea always, still I would add some stupidity to this too, trying to stick to the IT angle.

3
0
Silver badge

Well that problem will soon be solved

Just google for "SCADA in the cloud" and yes, that's a real thing, and yes it will be implemented by people knowing less about security than an MSCE in the 1990s.There is also talk about using WLAN for such applications.

If we could just get SCADA security up to the level of non Win/Mac desktop security, we simply wouldn't have those problems. SCADA systems currently are hard enough to get running at all (ever gotten DCOM to run?) people rarely bother with security, as security means that there's another thing that can make it fail.

2
0
Silver badge

Re: Well that problem will soon be solved

True - unfortunately, lack of security is another thing that can make it fail, as well.

2
0
Gold badge
Unhappy

Re: Well that problem will soon be solved

"SCADA systems currently are hard enough to get running at all (ever gotten DCOM to run?)"

I'd rather it not be installed in the first place.

1
0
Anonymous Coward

Re: Well that problem will soon be solved

how about security cameras over wlan?

Anon, because $orkplace security people have just done exactly that - and not just a couple of the things.

0
0
Silver badge

Re: Well that problem will soon be solved

"I'd rather it not be installed in the first place."

Well DCOM is the backbone of many industrial automation systems. It's the base of OPC and is even used by some standards like PROFINET which combine DCOM with raw Ethernet packets... doing the signaling in DCOM and the data in raw packets, because... well... I'm glad I don't have to work in that are.

The big problem is that those people don't understand what they are doing. They have no idea why DCOM could be a bad idea. They have no idea why some complex standards like OPC-UA (using encrypted XML over SOAP with lots of complexity added in for what is essentially a pimped up key value store with messaging features) are a bad idea.

0
0
Silver badge

Re: Well that problem will soon be solved

Well it depends. There's currently a push for WLAN systems for industrial control. Done right this can be sensible and good.

Imagine you had security cameras sending their pictures via scp with public key authentication or some similar scheme WLAN is not much of a problem.

If you however have simple webserver based solutions without proper authentication, it is. You should always treat you LAN and your WLAN in particular as an insecure network which may break and be intercepted.

So if you have WLAN cameras which watch over an outside area which can be seen from the fence anyhow, this probably isn't much of a problem.

0
0
Bronze badge
Coat

"I lost thousands because your bank didn't secure their systems" "suomi"

(It's funny because 'suomi' is Finnish for Finnish, and sound a bit like 'sue me'. No? I'll obey the icon.)

0
0
Thumb Up

Something the translating is gained lost

The Google translation is a hoot.

"Automation systems are controlled by many of society's critical infrastructure in transport supply of water."

0
0
Gold badge
Coat

The danger with this should be obvious

All their data could disappear into Finn air.

0
0
Silver badge

Responded to http != insecure

My bank's website responds to http, yet it is pretty secure. You need to go deeper than that to really know if it is vulnerable.

However, it is good policy to run SCADA on a private betwork. If it has to go remote then use VPN.

1
0
This topic is closed for new posts.

Forums