Black Hat Conference Update: Expert Says Critical System Flaws are Dangerous

A Black Hat conference presenter on Wednesday said that security issues in critical infrastructures can affect almost every person.

SCADA (supervisory control and data acquisition) systems are a lot less secure than IT (information technology) systems,” Jonathan Pollet, founder of Red Tiger Security.

Apparently, SCADA systems are used by power and utility companies to monitor and control processes with a wide area of scope. According to Pollet, they have “weak firewalls protecting the distributed control and other systems.”

In Pollet’s session, dubbed “Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters,” he said that there are bigger threats now that modernization brought the connectivity to the Internet back to the control environment and use of Windows.

Moreover, the smart meters installed at homes and are linked back to critical systems have more flaws in them.

“We’ve had customers download a Windows patch and that patch actually broke the SCADA system,” he said. “It’s only a manner of time before we see more attacks or incidents on SCADA networks due to weak security and improperly configured defenses. Someone needs to own the responsibility for managing security for those systems that fall in between the corporate IT and SCADA networks. It’s kind of a ticking time bomb.”