back to article NIST wants better SCADA security

America's National Institute of Standards and Technology (NIST) wants to take a hand in addressing the SCADA industry's chronic insecurity, by building a test bed for industrial control systems. The Reconfigurable Industrial Control Systems Cybersecurity Testbed is only in its earliest stages. According to this RFI, the …

  1. Yet Another Anonymous coward Silver badge

    Do we get stickers?

    "Stuxnet Inside!"

  2. Don Jefe

    Insecure

    Well, as standards bodies go, NIST is moving faster than most in addressing the SCADA issue(s). If it all goes well they'll have a proposal for proposing a vote on a proposed test bed standard by the time Halley's Comet comes back around. It's all quite exhilarating really.

    1. Captain DaFt

      Re: Insecure

      Yeah, it's only been a problem for what? Twenty years now?

      No rush!

      1. jake Silver badge

        Re: Insecure

        Twenty years? Try closer to 35 ...

  3. Christian Berger

    In the Meantime...

    ...have some SCADA in the cloud. No, I'm not joking. It's a real thing, you can look it up. Usually it runs on Microsoft Azure.

    1. SteveB299
      Big Brother

      Re: In the Meantime...

      Wasn't 'Azure' an 80s codename for covert wire tapping by the UK intelligence services? Weird that!

  4. jake Silver badge

    My SCADA is already secure, ta you very much.

    It's not connected to TehIntraWebTubes.

    Dial-up connections & dial-back modems work wonders.

    Dial up to system, login & password, remote system signs out & dials back the telephone number assigned to the login & password with an encrypted connection, and asks for another password.

    Most SCADA kit only requires ASCII text ... 9600 baud works nicely. I use USR 19.2 modems.

    The fucking morons using TehIntraWebTubes for this kind of thing have absolutely zero clue about system security.

    1. Christian Berger

      Re: My SCADA is already secure, ta you very much.

      Ohh you've missed a generation.

      In between there was OPC, OLE for Process Control. A grand plan to make everything interoperable... based on OLE and DCOM. Of course it didn't actually work and now there are dozends of companies adding trivial features like logging to those systems. Oh and guess what, DCOM has little security features, and the few it has are typically deactivated... meaning that you can not just control your special SCADA software, but probably also other OLE software on your system. OLE was one of the backbones of Windows back in the 1990s.

      So sure, text based SCADA kit with 9600 baud would be much more secure, in fact you could even hang them onto a small Linux system running SSH for network access.... but that won't bring you flashy graphics you can watch on your iPad.

    2. Anonymous Coward
      Anonymous Coward

      Re: My SCADA is already secure, ta you very much.

      The SCADA system controlling Iran's centrifuges wasn't on the internet either, you know...

  5. John Smith 19 Gold badge
    Unhappy

    It's a start

    But boy has it been a long time coming.

  6. DNTP

    This is just unnecessary government interference with our companies constitutional rights as people and a waste of our taxpayers money. If the FREE MARKET demands SCADA security it will happen automatically, just like how every other health, safety, and environmental improvement over the last hundred years has been due to FREE MARKET pressure. Consumers are absolutely capable of being perfectly educated about every issue affecting every company they might patronize, including the importance of SCADA safety, so if they want it to be an issue companies will make it an issue. Or else some startup will gain a competitive edge over the monopolies that normally ruthlessly suppress startups just like the FREE MARKET MODEL predicts.

    God dammit the fertilizer plant blew up again! Get some Federal Disaster Relief dollars down here right now, this is a national emergency.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon