According to Executive Director of Digital Bond, modern SCADA-solutions are using outdated and too low quality code.
Security researchers from the United States suggested SCADA-systems developers to rethink their approach to security of critical infrastructure. According to them, bugfix release, even timely, is only part of the solution. It is reported by Dark Reading.
The conference S4x13 SCADA, which was held in Miami, showed how you can easily and quickly find vulnerabilities in SCADA systems and have illustrated the need for a new approach.
To enhance the security of industrial computer systems experts recommend manufacturers to build links with the IB community, and create a program to promote the search for vulnerabilities.
This idea was supported by the Siemens Product CERT representative Tobias Limmer (Tobias Limmer), who has publicly expressed support for the fact that his company is serious about establishing a program to encourage researchers, as for example, Google.
Dale Peterson (Dale Peterson), CEO of Digital Bond, in turn, said that the incentive program can help find vulnerabilities is not all in use today SCADA-systems.
“It might work, but you need to carefully choose what is to work. Lot of products that we have studied, are not ready for an awards program for the alleged vulnerabilities. They’re just old, low-quality code. It will not work, “- said the expert.
Peterson recommends applying a program to promote the programs of the new generation of security.