Stuxnet, SCADA and Third Party Vendors

Another zero-day attack, no big deal. Its nothing we haven’t seen. Except maybe for the vendor’s response.

Seimens uses a default password on their SCADA gear. This worm attacks it. Seimens had this to say about it (from PC World):

Siemens is advising that its customers not change the password because that can disrupt the system. Siemens plans to launch a Web site addressing the issue and how to remove the malware.

So…a third party vendor wants vulnerable customers to keep using the same weak and well-known password. How are companies with control systems supposed to work with this kind of response?

It’s no secret the password is 2WSXcder. You can find it on the Internet. This site, for example.

Vendors need to step up and take security more seriously. Period. Utilities can’t just decide they don’t like vendor X and go with vendor Y. SCADA gear is too costly (ever try replacing a power plant’s generator? The plant is built *around* the generator) and rate-payers rightly won’t stand for it.

Security is EVERYONE’S responsibility. From the customers, to the companies producing a product, to the vendors supplying those companies, to the government overseeing it all.

EDIT:

Symantec provides a little useful information surrounded in a bubble of speculation here.

Siemens responds with a fair attempt at a FAQ on the problem, some luke warm security advice, a 50MB “sysclean” tool that will be useless in a week, and with little in the way of hard fixes (as of this writing, Siemens customers still can’t change the dang default password) here.

About these ads

One thought on “Stuxnet, SCADA and Third Party Vendors

  1. d says:

    I saw this – awesome response from vendor. So what do you do? Change the password, or build a completely closed network, or intercept every bit of communications in front and do a match (by IP?) before validating? Hmmm, easier to just replace that generator. :-)
    Did you see this: http://www.wired.com/threatlevel/2010/07/siemens-scada/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29/ and Krebs’ original article? Interesting – Krebs spoke at ISSA-LA Conference.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s